services:
  traefik:
    image: traefik:latest
    container_name: traefik
    network_mode: host
#    ports:
#       - 10.0.0.225:80:80
#       - 10.0.0.225:443:443
#       - 192.168.50.4:8080:8080
#       - 192.168.50.4:80:80
#       - 192.168.50.4:443:443 # Added port mapping for the dashboard
    restart: unless-stopped
    environment:
      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
      - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./certs:/letsencrypt
      #- ./dashboard_authfile:/dashboard_authfile:ro
      - ./dynamic.yml:/dynamic.yml
      - ./traefik.yml:/traefik.yml
      - ./traefik.log:/var/log/traefik/traefik.log
      - ./access.log:/var/log/traefik/access.log
#    networks:
#      - traefik_default
#      - internal_traefik_default
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.gbanyan.net`)"
      - "traefik.http.routers.traefik.entrypoints=internal_websecure"
      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
      - "traefik.http.routers.traefik.service=api@internal"
      - "com.centurylinklabs.watchtower.enable=true" # Added label for Watchtower
      # "traefik.http.middlewares.auth.basicauth.usersfile=/dashboard_authfile"
      - "traefik.http.services.traefik.loadbalancer.server.port=9090"

#networks:
#   traefik_default:
#     external: true
#   internal_traefik_default:
#     external: true