# ==============================================================================
# DOCKER COMPOSE - TRAEFIK REVERSE PROXY
# ==============================================================================
# Proposito: Servicio Traefik para el workspace
# Mantenido por: DevOps-Agent
# Actualizado: 2025-12-18
#
# USO:
#   docker-compose -f docker-compose.traefik.yml up -d
#
# PRE-REQUISITOS:
#   - Red infra_shared creada: docker network create infra_shared
#   - Variables de entorno configuradas (ver .env.example)
# ==============================================================================

version: "3.8"

services:
  # ==========================================================================
  # TRAEFIK - REVERSE PROXY
  # ==========================================================================
  traefik:
    image: traefik:v3.0
    container_name: traefik
    restart: unless-stopped

    # IMPORTANTE: Solo estos puertos son publicos
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"   # Dashboard (solo desarrollo)

    environment:
      - ACME_EMAIL=${ACME_EMAIL:-admin@localhost}

    volumes:
      # Socket de Docker (lectura)
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # Configuracion estatica
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      # Configuracion dinamica
      - ./dynamic:/etc/traefik/dynamic:ro
      # Certificados Let's Encrypt
      - traefik-certificates:/letsencrypt
      # Logs
      - traefik-logs:/var/log/traefik

    networks:
      - infra_shared

    labels:
      # Dashboard de Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.dashboard.entrypoints=web"
      - "traefik.http.routers.dashboard.service=api@internal"
      # Proteger dashboard en produccion
      # - "traefik.http.routers.dashboard.middlewares=auth-admin@file"

    healthcheck:
      test: ["CMD", "traefik", "healthcheck", "--ping"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s

    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

# ==============================================================================
# VOLUMES
# ==============================================================================
volumes:
  traefik-certificates:
    name: traefik-certificates
  traefik-logs:
    name: traefik-logs

# ==============================================================================
# NETWORKS
# ==============================================================================
networks:
  infra_shared:
    external: true