version: '3.8'

services:
  traefik:
    image: traefik:v2.5
    container_name: traefik
    command:
      - "--api.insecure=true"
      - "--log.level=DEBUG"
      - "--accesslog"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"  # Still listen on 443, but traffic will be HTTP after passing through AEZA
      - "--entrypoints.websecure.http.middlewares=ssl-redirect"  # Redirect HTTP to HTTPS if required
    ports:
      - "80:80"   # Expose port 80 for HTTP
      - "443:443" # Expose port 443 for HTTPS (AEZA will handle SSL termination)
      - "8080:8080" # Traefik dashboard, ensure it's secure if exposed
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "/path/to/acme.json:/acme.json"  # Path to store Let's Encrypt certs (if using)
    networks:
      - web
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`dash.embermarket.app`)"
      - "traefik.http.services.dashboard.loadbalancer.server.port=3000"

  nextjs-app:
    build:
      context: .  # Path to your project
      dockerfile: Dockerfile
    container_name: nextjs-app-container
    expose:
      - "3000"  # Expose port 3000 internally (Traefik will route traffic to this port)
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`dash.embermarket.app`)"  # Match your domain
      - "traefik.http.services.dashboard.loadbalancer.server.port=3000"
    environment:
      - NODE_ENV=production
      - NEXT_PUBLIC_API_URL=https://internal-api.inboxi.ng/api
    restart: unless-stopped

networks:
  web:
    external: true