services:
  flask-app:
    image: python:3.11-slim
    container_name: ${CONTAINER_NAME}
    restart: always
    working_dir: /app
    volumes:
      - ./:/app
      - ./filecache:/app/filecache
      - ./templates:/app/templates
      - ./GeoLite2-City.mmdb:/app/GeoLite2-City.mmdb:ro
      - type: bind
        source: /mnt
        target: /mnt
        bind:
          propagation: rshared
    environment:
      - FLASK_APP=app.py
      - APP_ENV=${APP_ENV:-production}
    networks:
      - traefik
    labels:
      - "traefik.enable=true"

      # HTTP router (port 80), redirecting to HTTPS
      - "traefik.http.routers.${CONTAINER_NAME}.rule=${HOST_RULE}"
      - "traefik.http.routers.${CONTAINER_NAME}.entrypoints=web"
      - "traefik.http.routers.${CONTAINER_NAME}.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

      # HTTPS router (TLS via Let's Encrypt)
      - "traefik.http.routers.${CONTAINER_NAME}-secure.rule=${HOST_RULE}"
      - "traefik.http.routers.${CONTAINER_NAME}-secure.entrypoints=websecure"
      - "traefik.http.routers.${CONTAINER_NAME}-secure.tls=true"
      - "traefik.http.routers.${CONTAINER_NAME}-secure.tls.certresolver=myresolver"

      # Internal port
      - "traefik.http.services.${CONTAINER_NAME}.loadbalancer.server.port=5000"

    command: >
      sh -c "pip install -r requirements.txt &&
            if [ \"$APP_ENV\" = \"development\" ]; then
              export FLASK_ENV=development FLASK_DEBUG=1 &&
              flask run --host=0.0.0.0 --port=5000 --reload;
            else
              export FLASK_ENV=production FLASK_DEBUG=0 &&
              gunicorn -w 1 -k eventlet -b 0.0.0.0:5000 app:app;
            fi"


networks:
  traefik:
    external: true