version: '3.7'
services:
  db:
    image: mariadb:10.4
    restart: unless-stopped
    environment:
      - TZ=${TZ}
      - MYSQL_ROOT_PASSWORD=${DB_ROOT_PASS}
      - MYSQL_DATABASE=${DB_DATABASE}
      - MYSQL_USER=${DB_USERNAME}
      - MYSQL_PASSWORD=${DB_PASSWORD}
    volumes:
      - db-data:/var/lib/mysql
    networks:
      - backend

  cache:
    image: redis:5-alpine
    restart: unless-stopped
    environment:
      - TZ=${TZ}
    volumes:
      - cache:/data/
    networks:
      - backend

  app:
    image: jjtc/bookstack-ppm:0.28.3-r0
    build: ./app/
    restart: unless-stopped
    depends_on:
      - db
      - cache
    volumes:
      - .env:/app/.env:rw
      - ./app/ppm.json:/app/ppm.json:ro
      - ./app/php.ini:/etc/php7/php.ini:ro
      - ./app/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./app/default.conf:/etc/nginx/sites-enabled/default:ro
      - uploads:/app/public/uploads:rw
      - storage:/app/public/storage:rw
    expose:
      - "8888/tcp"
    networks:
      - web
      - backend
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.bookstack.entrypoints=http"
      - "traefik.http.routers.bookstack.rule=Host(`${APP_URL_BASE}`)"
      - "traefik.http.routers.bookstack.middlewares=redirect-https@file"
      - "traefik.http.routers.bookstack-secure.entrypoints=https"
      - "traefik.http.routers.bookstack-secure.rule=Host(`${APP_URL_BASE}`)"
      - "traefik.http.routers.bookstack-secure.tls=true"
      - "traefik.http.routers.bookstack-secure.tls.certresolver=default"
      - "traefik.http.routers.bookstack-secure.service=bookstack"
      - "traefik.http.services.bookstack.loadbalancer.server.scheme=http"
      - "traefik.http.services.bookstack.loadbalancer.server.port=8888"

  # av:
  #   image: jjtc/av:0.100.0-r0
  #   build: ./av/
  #   restart: unless-stopped
  #   tty: true
  #   environment:
  #     - TZ=${TZ}
  #   volumes:
  #     - ./av/conf/:/etc/clamav/
  #   networks:
  #     - backend
  #   labels:
  #     - "traefik.enable=false"

  #traefik:
  #  image: traefik:2.1
  #  restart: unless-stopped
  #  security_opt:
  #   - no-new-privileges:true
  #  command: 
  #    - --entrypoints.web.address=:80
  #    - --entrypoints.websecure.address=:443
  #    - --providers.docker=true
- #    - --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
  #    - --certificatesresolvers.leresolver.acme.email=your@email.com
  #    - --certificatesresolvers.leresolver.acme.storage=/acme.json
  #    - --certificatesresolvers.leresolver.acme.tlschallenge=true
  #  ports:
  #    - "80:80/tcp"
  #    - "443:443/tcp
  #  volumes:
  #    - "/var/run/docker.sock:/var/run/docker.sock:ro"
  #    - "./acme.json:/acme.json:rw"

networks:
  backend:
  web:
    external: true

volumes:
  db-data:
  cache:
  uploads:
  storage: