# OPTIONAL reverse proxy — use ONLY if the server has no existing proxy.
#
# !! DANGER: this binds host ports 80 and 443. If another reverse proxy
# !! (nginx / Caddy / another Traefik) is already serving the other live apps
# !! on this box, starting this WILL conflict and can take those apps offline.
# !! Check first:  sudo ss -ltnp '( sport = :80 or sport = :443 )'
# !! If something already listens there, DO NOT run this. Instead add a vhost
# !! to the existing proxy pointing at 127.0.0.1:3001 (web) and 127.0.0.1:4000
# !! (api). See DEPLOY.md.
#
# Run with:
#   docker compose --env-file .env -f docker-compose.traefik.yml up -d

name: buildmymcp-traefik

services:
  traefik:
    image: traefik:v3.2
    restart: unless-stopped
    network_mode: host
    command:
      - --providers.file.filename=/etc/traefik/dynamic.yml
      - --providers.file.watch=true
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --certificatesresolvers.le.acme.httpchallenge=true
      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
      - --certificatesresolvers.le.acme.email=${ACME_EMAIL:?set ACME_EMAIL in infra/traefik/.env}
      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
    volumes:
      - ./dynamic.yml:/etc/traefik/dynamic.yml:ro
      - bmm_letsencrypt:/letsencrypt

volumes:
  bmm_letsencrypt: