log:
  level: INFO

entryPoints:
  web:
    # http
    address: ':80'
    http:
      # https://doc.traefik.io/traefik/routing/entrypoints/#entrypoint
      redirections:
        entryPoint:
          to: web-secure

  web-secure:
    # https
    address: ':443'

  flower:
    address: ':5555'

certificatesResolvers:
  letsencrypt:
    # https://doc.traefik.io/traefik/https/acme/#lets-encrypt
    acme:
      email: 'y@yulqen.org'
      storage: /etc/traefik/acme/acme.json
      # https://doc.traefik.io/traefik/https/acme/#httpchallenge
      httpChallenge:
        entryPoint: web

http:
  routers:
    web-secure-router:
      rule: 'Host(`resources.joannalemon.com`)'
      entryPoints:
        - web-secure
      middlewares:
        - csrf
      service: django
      tls:
        # https://doc.traefik.io/traefik/routing/routers/#certresolver
        certResolver: letsencrypt

    flower-secure-router:
      rule: 'Host(`resources.joannalemon.com`)'
      entryPoints:
        - flower
      service: flower
      tls:
        # https://doc.traefik.io/traefik/master/routing/routers/#certresolver
        certResolver: letsencrypt

  middlewares:
    csrf:
      # https://doc.traefik.io/traefik/master/middlewares/http/headers/#hostsproxyheaders
      # https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
      headers:
        hostsProxyHeaders: ['X-CSRFToken']

  services:
    django:
      loadBalancer:
        servers:
          - url: http://django:5000

    flower:
      loadBalancer:
        servers:
          - url: http://flower:5555

providers:
  # https://doc.traefik.io/traefik/master/providers/file/
  file:
    filename: /etc/traefik/traefik.yml
    watch: true