version: "3.7"
services:
  ctfd:
    image: ctfd/ctfd:3.7.0
    container_name: ctfd
    restart: unless-stopped
    ports:
      - ${APP_PORT}:8000
    environment:
      - UPLOAD_FOLDER=/var/uploads
      - DATABASE_URL=mysql+pymysql://tipi:${CTFD_MYSQL_DB_PASSWORD}@ctfd-db/ctfd
      - REDIS_URL=redis://ctfd-redis:6379
      - WORKERS=1
      - LOG_FOLDER=/var/log/CTFd
      - ACCESS_LOG=-
      - ERROR_LOG=-
      - REVERSE_PROXY=true
      - SECRET_KEY=${CTFD_SECRET_KEY}
    volumes:
      - ${APP_DATA_DIR}/data/uploads:/var/log/CTFd
      - ${APP_DATA_DIR}/data/uploads:/var/uploads
    depends_on:
      - ctfd-db
    networks:
      - tipi_main_network
    labels:
      # Main
      traefik.enable: true
      traefik.http.middlewares.ctfd-web-redirect.redirectscheme.scheme: https
      traefik.http.services.ctfd.loadbalancer.server.port: 8000
      # Web
      traefik.http.routers.ctfd-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.ctfd-insecure.entrypoints: web
      traefik.http.routers.ctfd-insecure.service: ctfd
      traefik.http.routers.ctfd-insecure.middlewares: ctfd-web-redirect
      # Websecure
      traefik.http.routers.ctfd.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.ctfd.entrypoints: websecure
      traefik.http.routers.ctfd.service: ctfd
      traefik.http.routers.ctfd.tls.certresolver: myresolver
      # Local domain
      traefik.http.routers.ctfd-local-insecure.rule: Host(`ctfd.${LOCAL_DOMAIN}`)
      traefik.http.routers.ctfd-local-insecure.entrypoints: web
      traefik.http.routers.ctfd-local-insecure.service: ctfd
      traefik.http.routers.ctfd-local-insecure.middlewares: ctfd-web-redirect
      # Local domain secure
      traefik.http.routers.ctfd-local.rule: Host(`ctfd.${LOCAL_DOMAIN}`)
      traefik.http.routers.ctfd-local.entrypoints: websecure
      traefik.http.routers.ctfd-local.service: ctfd
      traefik.http.routers.ctfd-local.tls: true

  ctfd-db:
    image: mariadb:10.4.12
    restart: unless-stopped
    container_name: ctfd-db
    environment:
      - MYSQL_ROOT_PASSWORD=${CTFD_MYSQL_ROOT_PASSWORD}
      - MYSQL_USER=tipi
      - MYSQL_PASSWORD=${CTFD_MYSQL_DB_PASSWORD}
      - MYSQL_DATABASE=ctfd
    volumes:
      - ${APP_DATA_DIR}/data/db:/var/lib/mysql
    networks:
      - tipi_main_network
    # This command is required to set important mariadb defaults
    command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --wait_timeout=28800, --log-warnings=0]

  ctfd-redis:
    image: redis:4
    container_name: ctfd-redis
    restart: unless-stopped
    volumes:
      - ${APP_DATA_DIR}/data/redis:/data
    networks:
      - tipi_main_network