version: '3.7'
services:
  app:
    image: registry.dockerprod.ultrafast.co.nz/uff/apikeyhandler:0.10
    networks:
      - traefik-net
    volumes:
      - /etc/localtime:/etc/localtime:ro # Mount Timezone config to container
      - /data/swarm-vols/apikeyhandler:/opt/apikeyhandler/config # Store Config on Persistent drive shared between nodes
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == worker # Place this service on Worker Nodes alternatively may specify manager if you want service on manager node.
      labels:
        - "traefik.http.routers.apikeyauth.rule=Host(`apiauth-internal.dockertest.ultrafast.co.nz`)" # This label creates a route Traefik will listen on
        - "traefik.http.routers.apikeyauth.tls=true" # Enable TLS,  in this example using default TLS cert
        - "traefik.http.services.apikeyauth.loadbalancer.server.port=8080" # Set Port to proxy
        - "traefik.enable=true" # This flag enables load balancing through Traefik :)
        - "traefik.docker.network=traefik-net" # Set the network to connect to container on
        - "traefik.http.middlewares.apikeyauth.forwardauth.address=https://apiauth-internal.dockertest.ultrafast.co.nz"
        - "traefik.http.middlewares.apikeyauth.forwardauth.trustForwardHeader=true"
        - "traefik.http.middlewares.apikeyauth.forwardauth.authResponseHeaders=X-Client-Id"
        - "traefik.http.middlewares.apikeyauth.forwardauth.tls.insecureSkipVerify=true"
  test_app:
    image: containous/whoami
    networks:
      - traefik-net
    volumes:
      - /etc/localtime:/etc/localtime:ro # Mount Timezone config to container
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == worker # Place this service on Worker Nodes alternatively may specify manager if you want service on manager node.
      labels:
        - "traefik.http.routers.testapp.rule=Host(`testapp.dockertest.ultrafast.co.nz`)" # This label creates a route Traefik will listen on
        - "traefik.http.routers.testapp.tls=true" # Enable TLS,  in this example using default TLS cert
        - "traefik.http.routers.testapp.middlewares=apikeyauth"
        - "traefik.http.services.testapp.loadbalancer.server.port=80" # Set Port to proxy
        - "traefik.enable=true" # This flag enables load balancing through Traefik :)
        - "traefik.docker.network=traefik-net" # Set the network to connect to container on

networks:
  traefik-net:
    external: true