api:
  dashboard: true
  debug: true
  insecure: true

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entrypoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    # Network auto-discovery - Traefik will use the networks it's connected to
  file:
    filename: /etc/traefik/middleware.yml
    watch: true

certificatesResolvers:
  letsencrypt:
    acme:
      email: admin@motovaultpro.com
      storage: /data/acme.json
      httpChallenge:
        entryPoint: web
      # Use staging for development
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory

# TLS configuration for local development
tls:
  certificates:
    - certFile: /certs/motovaultpro.com.crt
      keyFile: /certs/motovaultpro.com.key
      stores:
        - default

# Global configuration
global:
  sendAnonymousUsage: false

# Logging
log:
  level: INFO
  format: json

# Access logs
accessLog:
  format: json
  fields:
    defaultMode: keep
    names:
      ClientUsername: drop
    headers:
      defaultMode: keep
      names:
        User-Agent: redact
        Authorization: drop
        Cookie: drop

# Metrics for monitoring
metrics:
  prometheus:
    addEntryPointsLabels: true
    addServicesLabels: true
    addRoutersLabels: true
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5.0

# Monitoring and observability
ping:
  entryPoint: "traefik"

# Enhanced monitoring
serversTransport:
  insecureSkipVerify: true