services:
  flask-app:
    image: python:3.11-slim
    container_name: ${CONTAINER_NAME}
    restart: always
    working_dir: /app
    volumes:
      - ./:/app
      - ./filecache:/app/filecache
      - ./templates:/app/templates
      - ./GeoLite2-City.mmdb:/app/GeoLite2-City.mmdb:ro
      - type: bind
        source: /mnt
        target: /mnt
        bind:
          propagation: rshared
    environment:
      - FLASK_APP=app.py
      - FLASK_ENV=production
      - TITLE_SHORT=${TITLE_SHORT}
      - TITLE_LONG=${TITLE_LONG}
    networks:
      - traefik
    labels:
      - "traefik.enable=true"

      # HTTP router (port 80), redirecting to HTTPS
      - "traefik.http.routers.${CONTAINER_NAME}.rule=${HOST_RULE}"
      - "traefik.http.routers.${CONTAINER_NAME}.entrypoints=web"
      - "traefik.http.routers.${CONTAINER_NAME}.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

      # HTTPS router (TLS via Let's Encrypt)
      - "traefik.http.routers.${CONTAINER_NAME}-secure.rule=${HOST_RULE}"
      - "traefik.http.routers.${CONTAINER_NAME}-secure.entrypoints=websecure"
      - "traefik.http.routers.${CONTAINER_NAME}-secure.tls=true"
      - "traefik.http.routers.${CONTAINER_NAME}-secure.tls.certresolver=myresolver"

      # Internal port
      - "traefik.http.services.${CONTAINER_NAME}.loadbalancer.server.port=5000"

    # Production-ready Gunicorn command with eventlet
    command: >
      sh -c "pip install -r requirements.txt &&
            gunicorn --worker-class eventlet -w 1 -b 0.0.0.0:5000 app:app"


networks:
  traefik:
    external: true