api:
  dashboard: true
  debug: true
  insecure: true

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entrypoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    # Network auto-discovery - Traefik will use the networks it's connected to
  file:
    # Watch directory for dynamic configuration (blue-green routing, middleware)
    directory: /etc/traefik/dynamic
    watch: true

certificatesResolvers:
  letsencrypt:
    acme:
      email: admin@motovaultpro.com
      storage: /data/acme.json
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 10
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
      # Production Let's Encrypt (no caServer = production by default)

# TLS configuration for local development
tls:
  certificates:
    - certFile: /certs/motovaultpro.com.crt
      keyFile: /certs/motovaultpro.com.key
      stores:
        - default

# Global configuration
global:
  sendAnonymousUsage: false

# Logging
log:
  level: DEBUG
  format: json

# Access logs
accessLog:
  format: json
  fields:
    defaultMode: keep
    names:
      ClientUsername: drop
    headers:
      defaultMode: keep
      names:
        User-Agent: redact
        Authorization: drop
        Cookie: drop
        X-Request-Id: keep

# Metrics for monitoring
metrics:
  prometheus:
    addEntryPointsLabels: true
    addServicesLabels: true
    addRoutersLabels: true
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5.0

# Monitoring and observability
ping:
  entryPoint: "traefik"

# Enhanced monitoring
serversTransport:
  insecureSkipVerify: true