docker-compose.yml

x-default-opts:
  &default-opts
  logging:
    options:
      max-size: "10m"

configs:
  traefik.yml:
    file: ops/docker/traefik/traefik.yml

services:
  traefik:
    <<: *default-opts
    depends_on:
      traefik-mkcert:
        condition: service_completed_successfully
      traefik-otel-collector:
        condition: service_started
#      traefik-tempo:
#        condition: service_started
    container_name: traefik
    image: webgrip/traefik-local-development-traefik:latest
    pull_policy: always
    build:
        context: ./ops/docker/traefik
        dockerfile: Dockerfile
    restart: always
    security_opt:
      - no-new-privileges:true
    environment:
      - "OTEL_PROPAGATORS=tracecontext,baggage,jaeger"
    command:
      - "--configFile=/etc/traefik/traefik.yml"
    ports:
      - "80:80"
      - "443:443"
      - "8998:8998"
      - "8999:8999"
    configs:
      - source: traefik.yml
        target: /etc/traefik/traefik.yml
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "certificate-data:/etc/traefik/dynamic:rw"
      - "./var/logs/traefik:/var/log/traefik:rw"
      - "./.htpasswd:/etc/traefik/.htpasswd:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`dashboard.traefik.test`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/etc/traefik/.htpasswd"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheaders.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`dashboard.traefik.test`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=dashboard.traefik.test"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.traefik.test"
      - "traefik.http.routers.traefik-secure.service=api@internal"

  traefik-mkcert:
    container_name: traefik-mkcert
    image: webgrip/traefik-local-development-mkcert:latest
    build:
      context: ./ops/docker/mkcert
      dockerfile: Dockerfile
    volumes:
      - ~/.config/mkcert:/root/.local/share/mkcert:rw
      - certificate-data:/certificate-data:rw
      - ./ops/docker/mkcert/entrypoint.sh:/app/entrypoint.sh:ro
    entrypoint: [ "/app/entrypoint.sh", "traefik.test", "dashboard.traefik.test" ]

  traefik-dnsmasq:
    image: jpillora/dnsmasq
    container_name: traefik-dnsmasq
    ports:
      - "53:53/udp"
    cap_add:
      - NET_ADMIN
    command: >
      -A /test/127.0.0.1
    restart: unless-stopped
    volumes:
      - ./var/resolver:/etc/resolver

  traefik-otel-collector:
    container_name: traefik-otel-collector
    image: webgrip/traefik-local-development-otel-collector:latest
    build:
      context: ./ops/docker/otel-collector
      dockerfile: Dockerfile
    command: ["--config", "/etc/otelcol-contrib/config.yaml"]
    volumes:
      - ./ops/docker/otel-collector/config.yml:/etc/otelcol-contrib/config.yaml
#    ports:
#      - "1888:1888"   # pprof extension
#      - "8888:8888"   # Prometheus metrics exposed by the collector
#      - "8889:8889"   # Prometheus exporter metrics
#      - "13133:13133" # health_check extension
#      - "4317:4317"   # OTLP gRPC receiver
#      - "4318:4318"   # OTLP HTTP receiver


#  traefik-tempo:
#    container_name: traefik-tempo
#    depends_on:
#      traefik-otel-collector:
#        condition: service_started
#    image: webgrip/traefik-local-development-tempo:latest
#    build:
#        context: ./ops/docker/tempo
#        dockerfile: Dockerfile
#    ports:
#      - "3200:3200" # UI
#      - "14250:14250" # gRPC
#      - "14249:14249" # HTTP

networks:
  default:
    external: true
    name: webgrip

volumes:
  certificate-data:
    external: true