# Local Development Configuration for Traefik
# This configuration is optimized for local development without Let's Encrypt/ACME

# Global Configuration
global:
  checkNewVersion: true
  sendAnonymousUsage: false

# API and Dashboard
# For local development, we enable insecure access on port 8080
# Dashboard automatically accessible at:
#   - http://localhost:8080/dashboard/ (with trailing slash)
#   - http://localhost:8080/api/rawdata
#   - http://localhost:8080/api/http/routers
api:
  dashboard: true
  insecure: true  # HTTP-only for local development - enables direct dashboard access
  # Note: With insecure=true, dashboard is accessible at:
  # - http://localhost:8080/dashboard/
  # - http://localhost:8080/api/rawdata
  # - http://localhost:8080/api/http/routers
  # The insecure mode works directly on the entrypoint (web) without needing router labels

# Entry Points
entryPoints:
  web:
    address: ":80"
    # No redirects for local development - HTTP is acceptable

  websecure:
    address: ":443"
    # Note: Even though we don't use HTTPS locally, we need this entrypoint
    # because dynamic configurations (gitea.yml, semaphore.yml) reference it
    # We use HTTP only, but the entrypoint must exist to avoid errors

  traefik:
    address: ":8080"
    # This entrypoint is used by api.insecure=true for dashboard access
    # It must be on port 8080 (which maps to host port 8080) to match our port mapping

# Certificate Resolvers
# Note: For local development, we don't configure ACME/Let's Encrypt
# Dynamic configs (gitea.yml, semaphore.yml) that reference letsencrypt will show errors
# but won't break Traefik functionality. We can ignore these errors for local dev.
# If you need to test with real certificates locally, configure ACME manually.
# certificatesResolvers:
#   letsencrypt:
#     acme:
#       email: your-email@example.com
#       storage: /tmp/acme.json
#       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"

# Providers
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    # Use Docker bridge network for local development
    network: traefik-public
    watch: true

  file:
    directory: /dynamic
    watch: true
    # Note: Dynamic configs (gitea.yml, semaphore.yml) will show errors
    # because they reference letsencrypt resolver which we don't configure locally
    # These errors are harmless and won't affect local development

# Forwarded Headers Configuration
# Simplified for local development
forwardedHeaders:
  trustedIPs:
    - "127.0.0.1/32"     # Localhost
    - "172.17.0.0/16"    # Docker bridge network
    - "172.18.0.0/16"    # Docker user-defined networks
  insecure: true  # Allow insecure forwarded headers for local dev

# Logging - Console output for local development (easier to debug)
log:
  level: INFO
  format: common  # Human-readable format for local development

# Access Logs - Console output for local development
accessLog:
  format: common  # Human-readable format for local development

# Metrics (optional for local development)
# Can be enabled if needed for monitoring
# metrics:
#   prometheus:
#     addEntryPointsLabels: true
#     addRoutersLabels: true
#     addServicesLabels: true

# Ping endpoint for health checks
ping:
  entryPoint: web