---
version: '3'
services:
  traefik:
    image: traefik:v2.9.6
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
      - 'traefik.http.routers.api.entrypoints=https'
      - 'traefik.http.routers.api.service=api@internal'
      - 'traefik.http.routers.api.tls=true'
      # Traefik 2.x
      - 'traefik.http.middlewares.authelia.forwardauth.address=https://authelia-backend:9091${PathPrefix}/api/authz/forward-auth'  # yamllint disable-line rule:line-length
      - 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true'
      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'  # yamllint disable-line rule:line-length
    command:
      - '--accesslog=true'
      - '--api'
      - '--providers.docker=true'
      - '--entrypoints.https=true'
      - '--entrypoints.https.address=:8080'
      - '--log=true'
      - '--log.level=DEBUG'
      - '--providers.docker.exposedByDefault=false'
      - '--serversTransport.insecureSkipVerify=true'
    networks:
      authelianet:
        aliases:
          - public.example.com
          - secure.example.com
          - login.example.com
        # Set the IP to be able to query on port 8080
        ipv4_address: 192.168.240.100
...