services:
  %SERVICE%:
    image: %IMAGE%
    container_name: %NAME%
    restart: unless-stopped
    env_file:
      - .env
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.$SUBDOMAIN.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)"
      - "traefik.http.routers.$SUBDOMAIN.tls=true"
      - "traefik.http.routers.$SUBDOMAIN.entrypoints=web,websecure"
      - "traefik.http.routers.$SUBDOMAIN.tls.certresolver=cloudflare"
      - "traefik.http.middlewares.$SUBDOMAIN.headers.SSLRedirect=true"
      - "traefik.http.middlewares.$SUBDOMAIN.headers.STSSeconds=315360000"
      - "traefik.http.middlewares.$SUBDOMAIN.headers.browserXSSFilter=true"
      - "traefik.http.middlewares.$SUBDOMAIN.headers.contentTypeNosniff=true"
      - "traefik.http.middlewares.$SUBDOMAIN.headers.forceSTSHeader=true"
      - "traefik.http.middlewares.$SUBDOMAIN.headers.SSLHost=${DOMAIN_NAME}"
      - "traefik.http.middlewares.$SUBDOMAIN.headers.STSIncludeSubdomains=true"
      - "traefik.http.middlewares.$SUBDOMAIN.headers.STSPreload=true"
      - "traefik.http.routers.$SUBDOMAIN.middlewares=$SUBDOMAIN@docker"
      - "traefik.http.services.$SUBDOMAIN.loadbalancer.server.port=%PORT%"
    networks:
      - %NETWORK%
networks:
  %NETWORK%:
    external:
      true