version: "3.7"

services:
  portainer:
    image: portainer/portainer-ce:2.20.3-alpine
    container_name: portainer
    restart: unless-stopped
    ports:
      - ${APP_PORT}:9443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - "${APP_DATA_DIR}/data:/data"
    networks:
      - tipi_main_network
    labels:
      # Main
      traefik.enable: true
      traefik.http.middlewares.portainer-web-redirect.redirectscheme.scheme: https
      traefik.http.services.portainer.loadbalancer.server.port: 9000
      # Web
      traefik.http.routers.portainer-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.portainer-insecure.entrypoints: web
      traefik.http.routers.portainer-insecure.service: portainer
      traefik.http.routers.portainer-insecure.middlewares: portainer-web-redirect
      # Websecure
      traefik.http.routers.portainer.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.portainer.entrypoints: websecure
      traefik.http.routers.portainer.service: portainer
      traefik.http.routers.portainer.tls.certresolver: myresolver
      # Local domain
      traefik.http.routers.portainer-local-insecure.rule: Host(`portainer.${LOCAL_DOMAIN}`)
      traefik.http.routers.portainer-local-insecure.entrypoints: web
      traefik.http.routers.portainer-local-insecure.service: portainer
      traefik.http.routers.portainer-local-insecure.middlewares: portainer-web-redirect
      # Local domain secure
      traefik.http.routers.portainer-local.rule: Host(`portainer.${LOCAL_DOMAIN}`)
      traefik.http.routers.portainer-local.entrypoints: websecure
      traefik.http.routers.portainer-local.service: portainer
      traefik.http.routers.portainer-local.tls: true