version: '3'

networks:
  int-service-proxy:
    external: true

services:
  watchtower:
    container_name: watchtower
    restart: unless-stopped
    image: v2tec/watchtower
    logging:
      driver: gelf
      options:
        gelf-address: "udp://xxx:12201"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  # db for unifi
  mongo:
    image: mongo
    container_name: unifidb
    restart: unless-stopped
    #   By default docker-compose will create a new bridge network for the services in the compose file.
    #   Enable this to have the services/containers use the existing docker0/default bridge network.
    # network_mode: bridge
    logging:
      driver: gelf
      options:
        gelf-address: "udp://xxx:12201"
    networks:
      - int-service-proxy
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
    volumes:
      - /var/apps/unifi/data/db:/data/db
    environment:
      - TZ=America/New_York
      - PUID=1001
      - PGID=1001

  # network controller
  unifi:
    container_name: unifi
    image: goofball222/unifi
    restart: unless-stopped
    networks:
      - int-service-proxy
    volumes:
      # - /var/apps/unifi:/config
      - /etc/localtime:/etc/localtime:ro
      - /var/apps/unifi/cert:/var/apps/unifi/cert
      - /var/apps/unifi/data:/var/apps/unifi/data
      - /var/apps/unifi/logs:/var/apps/unifi/logs
    links:
      - mongo
    ports:
      - '3478:3478/udp'
      - '10001:10001/udp'
      - '6790:6790/tcp'
      - '8080:8080/tcp'
      - '8880:8880/tcp'
      - '8443:8443/tcp'
      - '8843:8843/tcp'
    logging:
      driver: gelf
      options:
        gelf-address: "udp://xxx:12201"
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
    environment:
      - DB_MONGO_LOCAL=false
      - DB_MONGO_URI=mongodb://mongo:27017/unifi
      - STATDB_MONGO_URI=mongodb://mongo:27017/unifi_stat
      - UNIFI_DB_NAME=unifi
      - TZ=America/New_York
      - PUID=1001
      - PGID=1001
      - DEBUG=true
      - RUN_CHOWN=false
    labels:
      - "traefik.enable=true"
      - "traefik.tags=frontend"
      - "traefik.frontend.passHostHeader=true"
      - "traefik.admin.backend=unifi"
      - "traefik.admin.frontend.rule=Host:unifi.xxx" #.${DOMAINNAME}"
      - "traefik.admin.port=8443"
      - "traefik.admin.protocol=https"
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.frontend.headers.STSSeconds=315360000"
      - "traefik.frontend.headers.browserXSSFilter=true"
      - "traefik.frontend.headers.contentTypeNosniff=true"
      - "traefik.frontend.headers.forceSTSHeader=true"
      - "traefik.frontend.headers.SSLHost=unifi.xxx"
      - "traefik.frontend.headers.STSIncludeSubdomains=true"
      - "traefik.frontend.headers.STSPreload=true"
      - "traefik.frontend.headers.frameDeny=true"