version: "3.3"

services:
  app:
    image: nginx
    ports:
      - 80
      - 443
    restart: unless-stopped
    tty: true
    tmpfs:
      - /var/log/nginx
    volumes:
      - .:/app
      - ./srv/nginx/conf.d/:/etc/nginx/conf.d/:cached
      - ./certs:/certs
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.app.rule=Host(`app.domain`)"
      - "traefik.http.routers.app.entrypoints=web"
      # here starts the tls
      - "traefik.tcp.routers.app-secured.rule=HostSNI(`app.domain`)"
      - "traefik.tcp.routers.app-secured.entrypoints=websecure"
      - "traefik.tcp.routers.app-secured.tls=true"
      - "traefik.tcp.routers.app-secured.tls.passthrough=true"
      - "traefik.tcp.services.app-secured.loadbalancer.server.port=443"
  traefik:
    image: "traefik:v2.0.0-rc3"
    container_name: "traefik"
    command:
     # - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.address=:80"
      - "--providers.docker.exposedbydefault=false"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - "./certs:/certs"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"