version: "3.7"
services:
  2fauth:
    image: 2fauth/2fauth:4.2.3
    container_name: 2fauth
    volumes:
      - ${APP_DATA_DIR}/data:/2fauth
    ports:
      - ${APP_PORT}:8000
    networks:
      - tipi_main_network
    labels:
      # Main
      traefik.enable: true
      traefik.http.middlewares.2fauth-web-redirect.redirectscheme.scheme: https
      traefik.http.services.2fauth.loadbalancer.server.port: 8000
      # Web
      traefik.http.routers.2fauth-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.2fauth-insecure.entrypoints: web
      traefik.http.routers.2fauth-insecure.service: 2fauth
      traefik.http.routers.2fauth-insecure.middlewares: 2fauth-web-redirect
      # Websecure
      traefik.http.routers.2fauth.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.2fauth.entrypoints: websecure
      traefik.http.routers.2fauth.service: 2fauth
      traefik.http.routers.2fauth.tls.certresolver: myresolver
      # Local domain
      traefik.http.routers.2fauth-local-insecure.rule: Host(`2fauth.${LOCAL_DOMAIN}`)
      traefik.http.routers.2fauth-local-insecure.entrypoints: web
      traefik.http.routers.2fauth-local-insecure.service: 2fauth
      traefik.http.routers.2fauth-local-insecure.middlewares: 2fauth-web-redirect
      # Local domain secure
      traefik.http.routers.2fauth-local.rule: Host(`2fauth.${LOCAL_DOMAIN}`)
      traefik.http.routers.2fauth-local.entrypoints: websecure
      traefik.http.routers.2fauth-local.service: 2fauth
      traefik.http.routers.2fauth-local.tls: true