services:
  app:
    image: registry.infra.mintel.me/${PROJECT_NAME:-mintel/app}:${IMAGE_TAG:-latest}
    restart: always
    networks:
      - infra
    ports:
      - "3000:3000"
    env_file:
      - ${ENV_FILE:-.env}
    labels:
      - "traefik.enable=true"
      # HTTP ⇒ HTTPS redirect
      - "traefik.http.routers.${APP_NAME:-app}-web.rule=Host(${TRAEFIK_HOST}) && !PathPrefix(`/.well-known/acme-challenge/`)"
      - "traefik.http.routers.${APP_NAME:-app}-web.entrypoints=web"
      - "traefik.http.routers.${APP_NAME:-app}-web.middlewares=redirect-https"
      # HTTPS router
      - "traefik.http.routers.${APP_NAME:-app}.rule=Host(${TRAEFIK_HOST})"
      - "traefik.http.routers.${APP_NAME:-app}.entrypoints=websecure"
      - "traefik.http.routers.${APP_NAME:-app}.tls.certresolver=le"
      - "traefik.http.routers.${APP_NAME:-app}.tls=true"
      - "traefik.http.routers.${APP_NAME:-app}.service=${APP_NAME:-app}"
      - "traefik.http.services.${APP_NAME:-app}.loadbalancer.server.port=3000"
      - "traefik.http.services.${APP_NAME:-app}.loadbalancer.server.scheme=http"
      # Forwarded Headers
      - "traefik.http.middlewares.${APP_NAME:-app}-forward.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.middlewares.${APP_NAME:-app}-forward.headers.customrequestheaders.X-Forwarded-Ssl=on"
      # Middlewares
      - "traefik.http.routers.${APP_NAME:-app}.middlewares=${APP_NAME:-app}-forward,compress"

networks:
  infra:
    external: true