version: '3.4'

services:
  oc-datacenter:
    env_file:
    - path: ./env.env
      required: false
    environment:
      - MONGO_DATABASE=DC_myDC
      # Chemin du fichier JSON persistant contenant la table opaque_key → real_path.
      # Doit pointer vers le volume monté ci-dessous pour survivre aux redémarrages.
      - SOURCE_KEY_STORE_PATH=/data/source-keys.json
    image: 'oc-datacenter:latest'
    ports:
      - 8092:8080
    volumes:
      # Table privée opaque_key → real_path (ne jamais effacer ce volume).
      # Même exigence de conservation que la base de données.
      - oc-source-keys:/data
    labels:
        - "traefik.enable=true"
        - "traefik.http.routers.datacenter.entrypoints=web"
        - "traefik.http.routers.datacenter.rule=PathPrefix(`/datacenter`)"
        - "traefik.http.services.datacenter.loadbalancer.server.port=8080"
        - "traefik.http.middlewares.datacenter-rewrite.replacepathregex.regex=^/datacenter(.*)"
        - "traefik.http.middlewares.datacenter-rewrite.replacepathregex.replacement=/oc$$1"
        - "traefik.http.routers.datacenter.middlewares=datacenter-rewrite,auth-datacenter"

        - "traefik.http.middlewares.auth-datacenter.forwardauth.address=http://oc-auth:8080/oc/forward"
        - "traefik.http.middlewares.auth-datacenter.forwardauth.trustForwardHeader=true"
        - "traefik.http.middlewares.auth-datacenter.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
    container_name: oc-datacenter
    networks:
      - oc


volumes:
  # Volume créé et écrit par oc-catalog, monté ici en lecture.
  # Démarrer oc-catalog avant oc-datacenter pour que le volume existe.
  oc-source-keys:
    external: true

networks:
  oc:
    external: true