networks:
  traefik:
    external: true

services:
  app:
    image: python:3.11-slim
    container_name: flask_app
    environment:
      - FLASK_APP=app.py
      - FLASK_ENV=production
    restart: always
    networks:
      traefik:
    volumes:
      - ./app:/usr/src/app
    working_dir: /usr/src/app
    command: >
      sh -c "
      pip install --no-cache-dir -r requirements.txt &&
      flask run --host=0.0.0.0 --port=5000"
    labels:
      - "traefik.enable=true"
      
      # HTTP router (port 80), redirecting to HTTPS
      - "traefik.http.routers.${CONTAINER_NAME}.rule=${HOST_RULE}"
      - "traefik.http.routers.${CONTAINER_NAME}.entrypoints=web"
      - "traefik.http.routers.${CONTAINER_NAME}.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      
      # HTTPS router (TLS via Let's Encrypt)
      - "traefik.http.routers.${CONTAINER_NAME}-secure.rule=${HOST_RULE}"
      - "traefik.http.routers.${CONTAINER_NAME}-secure.entrypoints=websecure"
      - "traefik.http.routers.${CONTAINER_NAME}-secure.tls=true"
      - "traefik.http.routers.${CONTAINER_NAME}-secure.tls.certresolver=myresolver"
      
      # Internal port mapping (Gitea uses port 3000 by default)
      - "traefik.http.services.${CONTAINER_NAME}.loadbalancer.server.port=5000"