version: '3.2'

services:
  traefik:
    image: "traefik:latest"
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker=true
      - --providers.swarm=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=public
      - --api=true
      - --api.dashboard=true 
      - --api.insecure=true
      - --log.level=DEBUG
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.role == manager]
      labels:
      - "traefik.http.routers.dashboard.rule=Host(`traefik.test.com`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
      tls:
        certificates:
          - certFile: /certificates/jingoh.private.crt
            keyFile: /certificates/jingoh.private.key
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
    networks:
      - public
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - traefik-public-certificates:/certificates

  agent:
    image: portainer/agent:latest
    environment:
      # REQUIRED: Should be equal to the service name prefixed by "tasks." when
      # deployed inside an overlay network
      AGENT_CLUSTER_ADDR: tasks.agent
      # AGENT_PORT: 9001
      # LOG_LEVEL: debug
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - agent_network
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]

  portainer:
    image: portainer/portainer-ce:latest
    command: -H tcp://tasks.agent:9001 --tlsskipverify --http-enabled
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - data:/data
      - /etc/localtime:/etc/localtime
    networks:
      - public
      - agent_network
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.role == manager]
      labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.rule=Host(`portainer.jingoh.private.com`)"
      - "traefik.http.routers.portainer.entrypoints=websecure"
      - "traefik.http.routers.portainer.service=portainer"
      - "traefik.http.services.portainer.loadbalancer.server.port=9443"
      - "traefik.http.routers.portainer.tls=true"
      # Edge
      - "traefik.http.routers.edge.rule=Host(`edge.private.com`)"
      - "traefik.http.routers.edge.entrypoints=websecure"
      - "traefik.http.services.edge.loadbalancer.server.port=8000"
      - "traefik.http.routers.edge.service=edge"
      - "traefik.http.routers.edge.tls=true"

  whoami:
    image: "traefik/whoami"
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.rule=Host(`whoamitest.jingoh.private`)"
        - "traefik.http.routers.whoami.entrypoints=web"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"
        - "traefik.http.routers.whoami-secured.rule=Host(`whoamitest.jingoh.private`)"
        - "traefik.http.routers.whoami-secured.entrypoints=websecure"
        - traefik.docker.network=public
    networks:
      - public

networks:
  public:
    external: true
  agent_network:
    external: true
    attachable: true
volumes:
   data:
   traefik-public-certificates: