version: '3.8'

networks:
  traefik-network:
    external: true

services:
  portainer-service:
    image: docker.io/portainer/portainer-ce:latest
    hostname: portainer-service-host
    #stdin_open: true
    #tty: true
    command: -H unix:///var/run/docker.sock
    volumes:
      - type: bind
        source: /etc/localtime
        target: /etc/localtime
        read_only: true
      - type: bind
        source: /home/gfs-data/portainer-1
        target: /data
        read_only: false
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
        read_only: true
    deploy:
      replicas: 1
      placement:
        max_replicas_per_node: 1
        ##constraints: [node.role == manager]
      resources:
        limits:
          memory: 1GB
      restart_policy:
        condition: on-failure
      labels:
        - traefik.enable=true
        - traefik.http.routers.portainer-secure.entrypoints=websec
        - traefik.http.routers.portainer-secure.rule=Host(`pt.miflux.com`)
        - traefik.http.routers.portainer-secure.tls=true
        - traefik.http.routers.portainer-plain.entrypoints=web
        - traefik.http.routers.portainer-plain.rule=Host(`pt.miflux.com`)
        - traefik.http.services.portainer.loadbalancer.sticky.cookie=true
        - traefik.http.services.portainer.loadbalancer.sticky.cookie.name=portainer-sticker
        - traefik.http.services.portainer.loadbalancer.server.port=9000
    networks:
      - traefik-network