networks:
  frontend:
    external: true
  backend:
    external: true
services:
  traefik:
    container_name: traefik
    image: traefik:2.10.4
    security_opt:
      - apparmor:unconfined
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /docker/appdata/traefik/config/traefik.yml:/etc/traefik/traefik.yml:ro
      - /docker/appdata/traefik/config/conf/:/etc/traefik/conf/
      - /docker/appdata/traefik/config/certs/:/etc/traefik/certs/
    # labels:
      # - traefik.enable=true
      # - traefik.http.routers.traefik.entrypoints=websecure
      # - traefik.http.routers.traefik.rule=Host(`example.domain.com`)
      # - traefik.http.routers.traefik.tls=true
      # - traefik.http.routers.traefik.tls.certresolver=production
      # - traefik.http.routers.traefik.middlewares=authentik@file
      # - traefik.http.routers.traefik.service=traefik
      # - traefik.http.services.traefik.loadBalancer.server.port=8080
    environment:
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
    networks:
      - frontend
      - backend
    restart: unless-stopped