services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    ports:
      - 9000:9000
      - 9443:9443  # HTTPS
      - 8000:8000  # WS/WSS pour Edge Agents      
    networks:
      - portainerNet
    volumes:
      - portainer_data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      
      # Frontend      
      - "traefik.http.routers.frontend.middlewares=test-adminipallowlist@file"
      - "traefik.http.routers.frontend.rule=Host(`portainer.${domain}`)"
      - "traefik.http.routers.frontend.entrypoints=websecure"
      - "traefik.http.services.frontend.loadbalancer.server.port=9000"
      - "traefik.http.routers.frontend.service=frontend"

      # Edge
      - "traefik.http.routers.edge.rule=Host(`edge.${domain}`)"
      - "traefik.http.routers.edge.entrypoints=websecure"
      - "traefik.http.services.edge.loadbalancer.server.port=8000"
      - "traefik.http.routers.edge.service=edge"
    
volumes:
  portainer_data:

networks:
  portainerNet:
    external: true
    name: portainerNet