version: '2'

services:
  ghost:
    image: ghost:latest
    dns:
      - 1.1.1.1
      - 1.0.0.1
    environment:
      {{- if .Values.TRAEFIK_HOST}}
      node_env: production
      url: https://${TRAEFIK_HOST}
      {{- end}}
    labels:
      io.rancher.container.pull_image: always
      {{- if .Values.HOST_LABEL}}
      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
      {{- end}}
      traefik.enable: true
      ### Start Web Segment
      traefik.frontend.entryPoints: http,https
      traefik.frontend.headers.forceSTSHeader: true
      traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
      traefik.frontend.headers.SSLRedirect: true
      traefik.frontend.headers.STSPreload: true
      traefik.frontend.headers.STSSeconds: 15552000
      traefik.frontend.passHostHeader: true
      traefik.frontend.rule: Host:${TRAEFIK_HOST}
      traefik.port: "2368"
      ### End Web Segment
    restart: on-failure
    volumes:
      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
      - /Rancher/${DATA_DIR}/Content:/var/lib/ghost/content