version: "3.8"
services:
  bitwarden:
    image: vaultwarden/server
    container_name: bitwarden
    command:
      - /start.sh
    environment:
      - TZ=America/Montreal
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=false
      - DOMAIN=https://pass.lazyworkhorse.net
    volumes:
      - /mnt/HoardingCow_docker_data/BitWarden/data:/data:rw
    networks:
      - traefik-net
    restart: unless-stopped
    labels:
      - "traefik.enable=true"

      # Router for HTTP + redirection to HTTPS
      - "traefik.http.routers.bitwarden-http.rule=Host(`pass.lazyworkhorse.net`)"
      - "traefik.http.routers.bitwarden-http.entrypoints=web"
      - "traefik.http.routers.bitwarden-http.middlewares=redirect-to-https"

      # Router for HTTPS with TLS
      - "traefik.http.routers.bitwarden-https.rule=Host(`pass.lazyworkhorse.net`)"
      - "traefik.http.routers.bitwarden-https.entrypoints=websecure"
      - "traefik.http.routers.bitwarden-https.tls=true"
      - "traefik.http.routers.bitwarden-https.tls.certresolver=njalla"

      # Wildcard
      # - "traefik.http.routers.bitwarden-https.tls.domains[0].main=lazyworkhorse.net"
      # - "traefik.http.routers.bitwarden-https.tls.domains[0].sans=*.lazyworkhorse.net"

      # Middleware for redirect HTTP -> HTTPS
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

      # Websocket support (port 80 du container)
      - "traefik.http.services.bitwarden.loadbalancer.server.port=80"

networks:
  traefik-net:
    external: true