services:
  traefik:
    image: traefik:latest
    container_name: traefik
    env_file:
      - path: .env
    command:
      - "--api.insecure=true"
      - "--api.dashboard=true"
      - "--api.debug=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      # Add SSH entrypoint
      - "--entrypoints.ssh.address=:748"
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_WEBMASTER}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--accesslog.filepath=/data/access.log"
      - "--accesslog.format=json"
      - --providers.file.filename=/dynamic.yml
      - --providers.file.watch=true
    ports:
      - "80:80"
      - "443:443"
      - "748:748"  # Add SSH port mapping
      - "8080:8080"
    networks:
      - external
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./letsencrypt:/letsencrypt
      - ./data/traefik:/data
      - ./dynamic.yml:/dynamic.yml:ro
      - ./data/calibre/htpasswd.list:/htpasswd.list
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik-dashboard.entrypoints=websecure"
      - "traefik.http.routers.traefik-dashboard.service=api@internal"
      - "traefik.http.routers.traefik-dashboard.tls=true"
    restart: unless-stopped