services:
  uptime-kuma:
    image: louislam/uptime-kuma:2.0.2-rootless
    container_name: uptime-kuma
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    networks:
      - traefik-net
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.uptime-kuma.rule=Host(`${DOMAIN}`)"
      - "traefik.http.routers.uptime-kuma.entrypoints=websecure"
      - "traefik.http.routers.uptime-kuma.tls.certresolver=letsencrypt"
      - "traefik.http.services.uptime-backend.loadbalancer.server.port=3001"
      - "traefik.http.middlewares.uptime-security.headers.customFrameOptionsValue=SAMEORIGIN"
      - "traefik.http.middlewares.uptime-security.headers.contentTypeNosniff=true"
      - "traefik.http.middlewares.uptime-security.headers.browserXssFilter=true"
      - "traefik.http.middlewares.uptime-security.headers.referrerPolicy=strict-origin-when-cross-origin"
      - "traefik.http.routers.uptime-kuma.middlewares=uptime-security"
    volumes:
      - ./data:/app/data
    healthcheck:
      test: ["CMD-SHELL", "curl -f http://localhost:3001 || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    deploy:
      resources:
        limits:
          cpus: "0.5"
          memory: 512M
        reservations:
          cpus: "0.25"
          memory: 256M

networks:
  traefik-net:
    external: true