version: "3.1"

# echo $(htpasswd -nb "[username]" "[password]") | sed -e s/\\$/\\$\\$/g
#
# [username]
# [password]
#
# username:hashed_password

services:

  traefik-varnish:
    container_name: traefik-varnish
    hostname: traefik-varnish
    restart: always
    security_opt:
      - no-new-privileges:true
    image: varnish:latest
    stdin_open: true
    tty: true
    networks:
      - proxy
    ports:
      - "1080:80"
    environment:
      TZ: "Europe/Paris"
      PUID: 1000
      PGID: 1000
    command: ["-a :1080,PROXY", "-s file,/cache,1G"]
    volumes:
      - /mnt/varnish:/cache
      - /opt/docker/traefik/work/varnish.vcl:/etc/varnish/default.vcl
    tmpfs:
      - /tmp:exec

  traefik:
    container_name: traefik
    hostname: traefik
    restart: always
    security_opt:
      - no-new-privileges:true
    image: traefik:latest
    stdin_open: true
    tty: true
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443/tcp"
      - "443:443/udp"
      - "6082:6082"
    depends_on:
      - traefik-varnish
    links:
      - traefik-varnish
    environment:
      TZ: "Europe/Paris"
      PUID: 1000
      PGID: 1000
      #CF_API_EMAIL: [cloudflare API email account]
      #CF_DNS_API_TOKEN: "[cloudflare dns token]"
      #CF_API_KEY: "[cloudflare api key]"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /opt/docker/traefik/work/acme.json:/acme.json
      - /opt/docker/traefik/work/traefik.yml:/traefik.yml
      - /opt/docker/traefik/work/config.yml:/config.yml
    labels:
      - "traefik.enable=true"

networks:
  proxy:
    external: true