version: "3.3"
services:
  reverse-proxy:
    image: traefik:v2.3
    command:
      - --log.level=WARN
      #- --api.insecure=true
      - --providers.docker
      - --entryPoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entryPoints.websecure.address=:443
      - --certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}
      - --certificatesresolvers.myresolver.acme.storage=/acme.json
      # used during the challenge
      - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
    ports:
      - "80:80"
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      #- "8080:8080"
    depends_on:
      - pusher
      - front
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./acme.json:/acme.json
    restart: unless-stopped


  front:
    build:
      context: ../..
      dockerfile: front/Dockerfile
    #image: thecodingmachine/workadventure-front:master
    environment:
      DEBUG_MODE: "$DEBUG_MODE"
      JITSI_URL: $JITSI_URL
      JITSI_PRIVATE_MODE: "$JITSI_PRIVATE_MODE"
      PUSHER_URL: //pusher.${DOMAIN}
      TURN_SERVER: "${TURN_SERVER}"
      TURN_USER: "${TURN_USER}"
      TURN_PASSWORD: "${TURN_PASSWORD}"
      START_ROOM_URL: "${START_ROOM_URL}"
    labels:
      - "traefik.http.routers.front.rule=Host(`play.${DOMAIN}`)"
      - "traefik.http.routers.front.entryPoints=web,traefik"
      - "traefik.http.services.front.loadbalancer.server.port=80"
      - "traefik.http.routers.front-ssl.rule=Host(`play.${DOMAIN}`)"
      - "traefik.http.routers.front-ssl.entryPoints=websecure"
      - "traefik.http.routers.front-ssl.tls=true"
      - "traefik.http.routers.front-ssl.service=front"
      - "traefik.http.routers.front-ssl.tls.certresolver=myresolver"
    restart: unless-stopped

  pusher:
    build:
      context: ../..
      dockerfile: pusher/Dockerfile
    #image: thecodingmachine/workadventure-pusher:master
    command: yarn run runprod
    environment:
      SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
      SECRET_KEY: yourSecretKey
      API_URL: back:50051
      JITSI_URL: $JITSI_URL
      JITSI_ISS: $JITSI_ISS
    labels:
      - "traefik.http.routers.pusher.rule=Host(`pusher.${DOMAIN}`)"
      - "traefik.http.routers.pusher.entryPoints=web,traefik"
      - "traefik.http.services.pusher.loadbalancer.server.port=8080"
      - "traefik.http.routers.pusher-ssl.rule=Host(`pusher.${DOMAIN}`)"
      - "traefik.http.routers.pusher-ssl.entryPoints=websecure"
      - "traefik.http.routers.pusher-ssl.tls=true"
      - "traefik.http.routers.pusher-ssl.service=pusher"
      - "traefik.http.routers.pusher-ssl.tls.certresolver=myresolver"
    restart: unless-stopped

  back:
    build:
      context: ../..
      dockerfile: back/Dockerfile
    #image: thecodingmachine/workadventure-back:master
    command: yarn run runprod
    environment:
      SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
      ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
      ADMIN_API_URL: "$ADMIN_API_URL"
      JITSI_URL: $JITSI_URL
      JITSI_ISS: $JITSI_ISS
    labels:
      - "traefik.http.routers.back.rule=Host(`api.${DOMAIN}`)"
      - "traefik.http.routers.back.entryPoints=web"
      - "traefik.http.services.back.loadbalancer.server.port=8080"
      - "traefik.http.routers.back-ssl.rule=Host(`api.${DOMAIN}`)"
      - "traefik.http.routers.back-ssl.entryPoints=websecure"
      - "traefik.http.routers.back-ssl.tls=true"
      - "traefik.http.routers.back-ssl.service=back"
      - "traefik.http.routers.back-ssl.tls.certresolver=myresolver"
    restart: unless-stopped