version: "3.7"
########################### NETWORKS
# There is no need to create any networks outside this docker-compose file.
# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please.
# Docker Compose version 3.5 or higher required to define networks this way.
networks:
  gl_proxy:
    name: gl_proxy
    driver: bridge
    ipam:
      config:
        - subnet: $GL_PROXY_SUBNET
        - gateway: $GL_PROXY_GATEWAY 
  default:
    driver: bridge
  gl_socket_proxy:
    name: gl_socket_proxy
    driver: bridge
    ipam:
      config:
        - subnet: $GL_SOCKET_PROXY_SUBNET
        - gateway: $GL_SOCKET_PROXY_GATEWAY

########################### SERVICES
services:
  # Portainer - WebUI for Containers
  portainer:
    container_name: gl-portainer
    image: portainer/portainer-ce:latest
    restart: unless-stopped
    command: -H $DOCKER_ENDPOINT # Use Docker Socket Proxy instead for improved security
    networks:
      gl_proxy:
        ipv4_address: $PORTAINER_IP0
      gl_socket_proxy:
        ipv4_address: $PORTAINER_IP1
    security_opt:
      - no-new-privileges:true
    volumes:
      - $DOCKERDIR/appdata/portainer/data:/data # Change to local directory if you want to save/transfer config locally
    environment:
      - TZ=$TZ
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.portainer-rtr.entrypoints=https"
      - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME0`)"
      ## Middlewares
      - "traefik.http.routers.portainer-rtr.middlewares=chain-authelia@file"
      ## HTTP Services
      - "traefik.http.routers.portainer-rtr.service=portainer-svc"
      - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"