version: '3'

services:
  # AEZA (WAF) Service
  aeza:
    image: aeza/waf:latest
    container_name: aeza-waf
    ports:
      - "80:80"         # Expose AEZA on port 80
      - "443:443"       # Expose AEZA on port 443
    labels:
      - "traefik.enable=false"  # Disable Traefik routing directly to AEZA
    environment:
      - WAF_ENABLE=true
      - WAF_API_URL=https://internal-api.inboxi.ng/api  # Update with your WAF config
    restart: unless-stopped

  # Traefik reverse proxy
  traefik:
    image: traefik:v2.9
    container_name: traefik
    command:
      - "--api.insecure=true"  # Enable Traefik dashboard
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--providers.docker=true"  # Enable Docker provider
    ports:
      - "80:80"         # Expose HTTP port
      - "443:443"       # Expose HTTPS port
      - "8080:8080"     # Traefik Dashboard port (optional)
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"  # Allow Traefik to monitor Docker
    restart: unless-stopped

  # Next.js application
  nextjs-app:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: nextjs-app-container
    expose:
      - "3000"  # Expose Next.js app inside the Docker network
    environment:
      - NODE_ENV=production
      - NEXT_PUBLIC_API_URL=https://internal-api.inboxi.ng/api
    labels:
      - "traefik.enable=true"  
      - "traefik.http.routers.dashboard.rule=Host(`dash.embermarket.app`)"  # Use AEZA as reverse proxy
      - "traefik.http.services.dashboard.loadbalancer.server.port=3000"
    restart: unless-stopped