version: "3.9"

services:
  ghost:
    image: ghost:5.85.2
    container_name: ghost
    depends_on:
      - ghostdb
    restart: unless-stopped
    ports:
      - ${APP_PORT}:2368
    environment:
      # see https://ghost.org/docs/config/#configuration-options
      database__client: mysql
      database__connection__host: ghostdb
      database__connection__user: tipi
      database__connection__password: ${GHOST_DATABASE_PASSWORD}
      database__connection__database: ghosttipi
      url: ${APP_PROTOCOL:-http}://${APP_DOMAIN}
      mail__transport: SMTP
      mail__options__service: ${GHOST_MAIL_SERVICE}
      mail__options__host: ${GHOST_MAIL_HOST}
      mail__options__port: ${GHOST_MAIL_PORT}
      mail__options__auth__user: ${GHOST_MAIL_USER}
      mail__options__auth__pass: ${GHOST_MAIL_PASSWORD}
    volumes:
      - ${APP_DATA_DIR}/content:/var/lib/ghost/content
    networks:
      - tipi_main_network
    labels:
      # Main
      traefik.enable: true
      traefik.http.middlewares.ghost-web-redirect.redirectscheme.scheme: https
      traefik.http.services.ghost.loadbalancer.server.port: 2368
      # Web
      traefik.http.routers.ghost-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.ghost-insecure.entrypoints: web
      traefik.http.routers.ghost-insecure.service: ghost
      traefik.http.routers.ghost-insecure.middlewares: ghost-web-redirect
      # Websecure
      traefik.http.routers.ghost.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.ghost.entrypoints: websecure
      traefik.http.routers.ghost.service: ghost
      traefik.http.routers.ghost.tls.certresolver: myresolver
      # Local domain
      traefik.http.routers.ghost-local-insecure.rule: Host(`ghost.${LOCAL_DOMAIN}`)
      traefik.http.routers.ghost-local-insecure.entrypoints: web
      traefik.http.routers.ghost-local-insecure.service: ghost
      traefik.http.routers.ghost-local-insecure.middlewares: ghost-web-redirect
      # Local domain secure
      traefik.http.routers.ghost-local.rule: Host(`ghost.${LOCAL_DOMAIN}`)
      traefik.http.routers.ghost-local.entrypoints: websecure
      traefik.http.routers.ghost-local.service: ghost
      traefik.http.routers.ghost-local.tls: true

  ghostdb:
    container_name: ghostdb
    image: mariadb:latest
    environment:
      MYSQL_ROOT_PASSWORD: ${GHOST_DATABASE_PASSWORD}
      MYSQL_USER: tipi
      MYSQL_PASSWORD: ${GHOST_DATABASE_PASSWORD}
      MYSQL_DATABASE: ghosttipi
    volumes:
      - ${APP_DATA_DIR}/data/db:/var/lib/mysql
    networks:
      - tipi_main_network