version: '3'
services:
  traefik:
    restart: unless-stopped
    #image: traefik:v2.0.2
    image: traefik:v2.2
    depends_on:
      - "wait"
    ports:
      - "80:80"
      - "443:443"
    labels:
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
    volumes:
      - ./traefik.yml:/etc/traefik/traefik.yml
      - ./tls.yml:/etc/traefik/tls.yml
      - /var/run/docker.sock:/var/run/docker.sock
      - certs:/etc/ssl/traefik
  app1:
    image: containous/whoami
    labels:
      - "traefik.http.routers.app1.rule=HostRegexp(`app1.{ip:.*}.traefik.me`)" #for accsess form extern
      - "traefik.http.routers.app1.rule=Host(`app1.traefik.me`)"
      - "traefik.http.routers.app1-tls.tls.domains[0].main=app1.traefik.me"
      - "traefik.http.routers.app1-tls.tls.domains[0].sans=app1-*.traefik.me"
  app2:
    image: containous/whoami
    labels:
      - "traefik.http.routers.app2.rule=HostRegexp(`app2.{ip:.*}.traefik.me`)" #for accsess form extern
      #- "traefik.http.routers.app2.rule=Host(`app2.traefik.me`)"
      - "traefik.http.routers.app2-tls.tls.domains[0].main=app2.traefik.me"
      - "traefik.http.routers.app2-tls.tls.domains[0].sans=app2-*.traefik.me"

  wait:
    #build: wait-for-file
    image: woa7/wait-for-file
    volumes:
      - certs:/etc/ssl/traefik  
    entrypoint: /wait-for-file.sh /etc/ssl/traefik/traefik.me-cert-ca-bundle.pem /bin/sh
    depends_on:
      - "reverse-proxy-https-helper"

  reverse-proxy-https-helper:
    image: alpine
    command: sh -c "apk update && apk add wget && mkdir -p /etc/ssl/traefik/tmpb && cd /etc/ssl/traefik/tmpb
      && rm -fr /etc/ssl/traefik/traefik.me-cert-ca-bundle.pem 
      && wget --server-response --timestamping https://traefik.me/privkey.pem https://traefik.me/chain.pem https://traefik.me/fullchain.pem https://traefik.me/cert.pem
      && cat cert.pem > traefik.me-cert-ca-bundle.pem
      && wget --server-response --timestamping https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt
      && cat lets-encrypt-x3-cross-signed.pem.txt >> traefik.me-cert-ca-bundle.pem
      && wget --server-response --timestamping https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt
      && cat letsencryptauthorityx3.pem.txt >> traefik.me-cert-ca-bundle.pem
      && cp -p /etc/ssl/traefik/tmpb/* /etc/ssl/traefik/"
    volumes:
      - certs:/etc/ssl/traefik

volumes:
  certs: