#!/usr/bin/env bash
RED='\033[0;31m'
GRN='\033[0;32m'
ORNG='\033[0;33m'
NC='\033[0m' # No Color
tmpSettingsFile=$(mktemp /tmp/settings.XXXXXX)
tmpDockerFile=$(mktemp /tmp/docker.XXXXXX)
function finish {
    echo -e ${NC}
    rm -rf $tmpSettingsFile
    rm -rf $tmpDockerFile
}
trap finish EXIT

# are we in an install area

if [[ "$(basename $(pwd))" != "container_deployment" ]]; then
    echo -e "${RED}I don't see you are in a container_deployment directory - I cannot set up anything, try cd'ing to the container_deployment directory - exiting ${NC}"
    exit 1
fi

if [[ ! -d "./web"  ]]; then
    echo -e "${RED}I don't see a ./web directory - I cannot set up anything, try cd'ing to the container deployment directory - exiting ${NC}"
    exit 1
fi

if [[ ! -d "./bin"  ]]; then
    echo -e "${RED}I don't see a ./bin directory - I cannot set up anything, try cd'ing to the container deployment directory - exiting ${NC}"
    exit 1
fi

bin/down metexpress

if [[ ! -d "./settings"  ]]; then
    echo -e "${RED}Creating a ./settings directory${NC}"
    mkdir settings
fi

DEPLOYDIR=$(pwd)
if [[ ! -d "${DEPLOYDIR}/mongodata"  ]]; then
    echo -e "${RED}Creating a ${DEPLOYDIR}/mongodata directory${NC}"
    mkdir ${DEPLOYDIR}/mongodata
else
    rm -rf ${DEPLOYDIR}/mongodata/*
fi

if [[ ! -d "${DEPLOYDIR}/logs"  ]]; then
    echo -e "${RED}Creating a ${DEPLOYDIR}/logs directory${NC}"
    mkdir ${DEPLOYDIR}/logs
else
    rm -rf ${DEPLOYDIR}/logs/*
fi

cat <<%END > ./README
This program will help you configure your METexpress tool suite environment.
To do this you must have access to the internet.
This program will deploy the apps specified in the file stableDeployment.json from the given repository with
the versions specified in the stableDeployment.json file. You should edit this file ahead of time if you have a custom repository.
Then it will ask a series of questions in this order...
1) It will ask if you want to set up a "test environment". If you answer yes, the following questions 2)
through 4) will not be asked and the router will be configured for a simple http only "localhost" environment.
You will still need to answer question 5 to configure your database credentials.
Your server should understand "localhost" if you use this option.
The toolsuite entry points for a simple test environment are ...
https://localhost/proxy for the reverse proxy dashboard (look at comments in traefik.toml and docker-compose.yml to enable)
https://localhost  for the top level landing page
https://localhost/appref   for an individual app (replace appref with the actual app reference.)
You can ignore the instructions for SSL as they will not be applicable.

2) The program will ask you to verify the domainName of your deployment server.
It uses this to configure its own proxy service that fronts the apps.
3) It will prompt you for the fully qualified proxy hostName, defaulting to the domainName.
If your public URL is the same as your domainName just accept the default. Your
deployment might be behind a redirection proxy with redirection to a different path
than what is actually on the host - for example, at GSL our METexpress server might
be deployed on a server with an internal URL "https://something.subnet.esrl.noaa.gov"
with the landing page location "/", while the public URL is a proxy redirect
"https://www.esrl.noaa.gov/gsd/mats". In this case the fully qualified proxy hostName
is www.esrl.noaa.gov and the proxy_prefix_path needs to be set to "/gsd/mats".
4) Next you will be prompted for a proxy redirection path.
This allows you to serve a different path than "/".
5) Finally you will be prompted for database credentials for each role required by each app.
Database roles are usually some combination of meta_data - the database that contains app metadata,
sums_data - the database that contains an apps statistical partial sum data, model_data - a database that
contains metadata about data sources, and possibly sites_data - which contains non standard domain data.
The credentials that you provide are stored in a ${DEPLOYDIR}/settings directory with the structure
${DEPLOYDIR}/settings/appreference/settings.json. This directory will NOT
be publicly accessible. If you are familiar with this directory and the settings.json
files you can make changes with an editor and the setup program
will use the existing values as defaults.
The settings files also hold the proxy_prefix_path from 4).
The program configures this deployment directory, creating a ${DEPLOYDIR}/docker-compose.yml configuration file,
and a ${DEPLOYDIR}/traefik.toml file, a suitable ${DEPLOYDIR}/web/index.html as a homepage,  and utilities such as up, down and monitoring scripts in the
${DEPLOYDIR}/bin directory.
You must have docker, docker-compose and jq installed, and you must be running this script from ${DEPLOYDIR}.
You must be running this program as a user that can run docker - do not run this script as root, in fact do not run any containers as root.
After once configuring an app you will have to confirm overwriting the old configuration if you ever re-run setup.

The reverse proxy interface has a user/password pre-set to user "admin" and password "adminpassword", you should change this by following the instructions in the traefik.toml file.
This program will create a settings directory and a mongodata directory here in this directory if they do not already exist.

There are two ways to handle ssl. You can let traefik use lets-encrypt automatically to generate and store certs.
These are requirements for traefik/lets-encrypt certs
1) You cannot have a firewall blocking outbound traffic  from your server and https://acme-v02.api.letsencrypt.org/directory
2) You have to follow the comments in the traefik.toml file and properly comment out the externally acquired cert sections
and uncomment the traefik/lets-encrypt sections.
Specifically - comment out these lines...
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/ssl/certs/${unqualifiedHostName}.crt"
keyFile = "/etc/ssl/certs/${unqualifiedHostName}.key"

and uncomment this line in the entry points.https section..
#[entryPoints.https.tls]

and uncomment these lines...
#[acme]
#  caServer = "https://acme-v02.api.letsencrypt.org/directory"
#  email = ""
#  storage = "acme.json"
#  entryPoint = "https"
#  [acme.tlsChallenge]
#  [[acme.domains]]
#  main = "${domain}"

If you want to use externally acquired certs then you need to acquire an SSL cert for your domain and put the certificate in /etc/ssl/certs directory of this host. If you have authority over the DNS entry for
your server you can use LetsEncrypt for no cost certs. The instructions for doing this are at https://docs.traefik.io/configuration/acme/.
If you cannot acquire a certificate you can enable the apps temporarily by commenting out
#        [[entryPoints.https.tls.certificates]]
#        certFile = "/etc/ssl/certs/mats-meteor.crt"
#        keyFile = "/etc/ssl/certs/mats-meteor.key"
in the traefik.toml file.
Follow the comments in the traefik.toml file to make sure you have commented or uncommented the appropriate sections.

The toolsuite entry points are
https://yourfullyqualifieddomaini/proxy for the reverse proxy dashboard (look at comments in traefik.toml and docker-compose.yml to enable)
https://yourfullyqualifieddomain  for the top level landing page
https://yourfullyqualifieddomain/appref   for an individual app (replace appref with the actual app reference.)

After configuration you can start your toolsuite with.... 
${PWD}/bin/up
and you can stop your toolsuite with..
${PWD}/bin/down

you can rerun this setup with...
cd ${DEPLOYDIR}
bash bin/setup

You may want to occasionally rerun the setup to pick up bug fixes and newly released apps for your deployment. This URL
https://www.esrl.noaa.gov/gsd/mats/appProductionStatus/versions shows the latest versions of the apps available for all the deployments.
By comparing those versions to the versions in your running apps you can determine if an update is necessary. You
can tell the version of a running app by looking at the comments in the docker-compose.yml file. This file is recreated when
you run the setup, with the current version for each app.

%END

cat ./README

# test for jq
jq --version
if [[ ! $? -eq 0  ]]; then
    echo -e ${RED} You do not have jq installed. Exiting ${NC}
    exit 1
fi 
#test for docker
docker --version
if [[ ! $? -eq 0  ]]; then
    echo -e ${RED} You do not have docker installed. Exiting ${NC}
    exit 1
fi 
#test for docker-compose
docker-compose --version
if [[ ! $? -eq 0  ]]; then
    echo -e ${RED} You do not have docker-compose installed. Exiting ${NC}
    exit 1
fi 
echo -e ${NC}
domain=$(hostname)
simple="false"
depenv=metexpress
runenv="production"
repository="dtcenter/metexpress-production"
custom="false"
read -p "Are you using a custom docker repository for this deployment? y|n" -n 1 -r
echo -e ${NC}
if [[ $REPLY =~ ^[Yy]$ ]]; then
    echo -e ${RED}
    custom="true"
    read -p "Enter the custom repository name:" repository
    echo -e ${NC}
fi
echo -e "${GRN}setting up for ${repository}${NC}"
tmpAppList=applist.json
checkapps=($(cat ${tmpAppList} | jq -r '.[].app'))
if [[ ${#checkapps[@]} -lt 1 ]]; then
    echo -e "${RED}There are no apps to configure. exiting.${NC}"
        exit 1
else
    if [ -s stableDeployment.json ]; then
      echo saving a copy of stableDeployment.json
      cp stableDeployment.json stableDeployment.json.save
      else
        echo stableDeployment is  empty - that is not correct - exiting.
        exit 1
      fi
    tmpfile=stableDeployment.json
    # load the apps from the stable deployment -
    # order is preserved in the array from the tempfile
    apps=($(cat $tmpfile | jq -r '.apps[] | .app'))
    versions=($(cat $tmpfile | jq -r '.apps[] | .version'))
    #set the correct index.html
    homepage=$(jq -r '.homePage' < ${tmpfile})
    echo -e ${ORNG} setting the homepage for $depenv ${NC}
    cp web/${homepage} web/index.html

    echo -e ${ORNG}
    read -p "Are you setting up a simple test environment? i.e. localhost and no SSL certificate y|n" -n 1 -r
    echo -e ${NC}
    if [[ $REPLY =~ ^[Yy]$ ]]; then
        domain="localhost"
        proxyHost="localhost"
        proxyPath=""
        simple="true"
        echo -e "${GRN}setting proxyHost to ${domain}${NC}"
    else
        read -p "Is '${domain}' the fully qualified hostname for this deployment? y|n" -n 1 -r
        echo -e ${NC}
        if [[ $REPLY =~ ^[Yy]$ ]]; then
            echo -e "${GRN}setting up for ${domain}${NC}"
        else
            echo -e ${RED}
            read -p "Enter the fully qualified hostname:" domain
            echo -e ${NC}
            echo -e "${GRN}setting up for ${domain}${NC}"
        fi

        proxyHost=${domain}

        read -p "Is '${proxyHost}' the fully qualified proxy hostname for this deployment (if you have no proxy then it should match ${domain})? y|n" -n 1 -r
        echo -e ${NC}
        if [[ $REPLY =~ ^[Yy]$ ]]; then
            echo -e "${GRN}setting proxyHost to ${domain}${NC}"
        else
            echo -e ${RED}
            read -p "Enter the fully qualified proxy hostname:" proxyHost
            echo -e ${NC}
            echo -e "${GRN}setting proxyHost to ${proxyHost}${NC}"
        fi

        proxyPath=""
        read -p "Is there a proxy path for this deployment? e.e '/gsd/mats' y|n" -n 1 -r
        echo -e ${NC}
        if [[ $REPLY =~ ^[Nn]$ ]]; then
            echo -e "${GRN}Leaving proxy path empty ${NC}"
        else
            echo -e ${RED}
            read -p "Enter the proxy path:" proxyPath
          proxyPath=${proxyPath%/}  # remove any trailing slash
            echo -e ${NC}
            echo -e "${GRN}setting proxyPath to ${proxyPath}${NC}"
          echo -e "${GRN} The route to the main page will be https://${proxyHost}${proxyPath}"
        fi
    fi

    #record the environment
    echo "{\"environment\":\"${depenv}\",\"proxy_prefix\":\"${proxyPath}\"}" > web/environment.json

    htpasswd=$(which htpasswd)
    if [[ $? == 0 ]]; then
        adminPhrase=$($htpasswd -nbB admin adminpassword)
    fi
    unqualifiedHostName=$(echo ${domain} | cut -f1 -d'.')
    #create the traefik.toml file....
if [ ${simple} == "true" ]; then
cat <<- %ENDSIMPLETRAEFIK > ./traefik.toml
#To set the passwd for the proxy dashboard use
#sudo apt-get install apache2-utils
#htpasswd -nbB admin your_special_password
#replace "admin:$apr1$GZ23gG9v$8slcUumLt29SsZ9MiL.z30" in the "users =" line of the [entryPoints.dashboard.auth.basic]
#entry point below. The traefik user challenge will then work for the user admin and your_special_password
#logLevel = "DEBUG"
logLevel = "INFO"
defaultEntryPoints = ["http"]
[entryPoints]
  [entryPoints.dashboard]
    address = ":8090"
    [entryPoints.dashboard.auth]
      [entryPoints.dashboard.auth.basic]
        users = ["${adminPhrase}"]
  [entryPoints.http]
    address = ":80"
[api]
  entrypoint="dashboard"

[docker]
  domain = "${domain}"
  watch = true
  network = "web"
  exposedbydefualt = false
[traefikLog]
  filePath = "/logs/traefik.log"
[accessLog]
  filePath = "/logs/access.log"
%ENDSIMPLETRAEFIK
else
cat <<- %ENDTRAEFIK > ./traefik.toml
#To set the passwd for the proxy dashboard use
#sudo apt-get install apache2-utils
#htpasswd -nbB admin your_special_password
#replace "admin:$apr1$GZ23gG9v$8slcUumLt29SsZ9MiL.z30" in the "users =" line of the [entryPoints.dashboard.auth.basic]
#entry point below. The traefik user challenge will then work for the user admin and your_special_password
#logLevel = "DEBUG"
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
[entryPoints]
  [entryPoints.dashboard]
    address = ":8090"
    [entryPoints.dashboard.auth]
      [entryPoints.dashboard.auth.basic]
        users = ["${adminPhrase}"]
  [entryPoints.http]
    address = ":80"
      [entryPoints.http.redirect]
        entryPoint = "https"
  [entryPoints.https]
    address = ":443"
    # uncomment the following to use lets-encrypt automatic certs with tlsChallenge
    #[entryPoints.https.tls]
# uncomment the following four lines IF YOUR DOMAIN and PROXY ARE DIFFERENT
# and you want to use both paths i.e. https://mydomain/myproxypath/anapp
# AND https://myproxyhost/myproxypath/anapp
# Or if the domain and the proxy are the same - it takes care of missing trailing slashes.
    [entryPoints.https.redirect]
        regex = "^(https://${domain}${proxyPath})/?$"
        replacement = "\$1/"
        permanent = true
    # comment out the following four lines to use traefik/lets-encrypt automatic certs with tlsChallenge
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      certFile = "/etc/ssl/certs/${unqualifiedHostName}.crt"
      keyFile = "/etc/ssl/certs/${unqualifiedHostName}.key"
[api]
  entrypoint="dashboard"
# uncomment the following [acme] section to use traefik/lets-encrypt automatic certs with tlsChallenge
#[acme]
#  caServer = "https://acme-v02.api.letsencrypt.org/directory"
#  email = "mats.gsd@noaa.gov"
#  storage = "acme.json"
#  entryPoint = "https"
#  [acme.tlsChallenge]
#[[acme.domains]]
#  main = "${domain}"

[docker]
  domain = "${domain}"
  watch = true
  network = "web"
  exposedbydefualt = false
[traefikLog]
  filePath = "/logs/traefik.log"
[accessLog]
  filePath = "/logs/access.log"
%ENDTRAEFIK
fi
    mapbox_key=""
    read -p "Is there a mapbox key required for this deployment? (answer no for METexpress) y|n [n]" -n 1 -r
    echo -e ${NC}
    mapbox_key="undefined"
    if [[ $REPLY =~ ^[Yy]$ ]]; then
        echo -e ${RED}
        read -p "Enter the mapbox key:" mapbox_key
	      mapbox_key=${mapbox_key%/}  # remove any trailing slash
        echo -e ${NC}
        echo -e "${GRN}setting mapbox_key to ${mapbox_key}${NC}"
    else
        echo -e "${GRN}Leaving mapbox_key undefined ${NC}"
    fi

    echo -e ${GRN}configuring applist...  ${apps[@]}${NC}
    # save the stable applist into the web/applist.json
    cp $tmpAppList web/applist.json

    for (( i=0; i<${#apps[@]}; i++ )); do 
        appref=${apps[$i]}
        if [[ ! -d "./settings/${appref}"  ]]; then
            echo -e "${RED}Creating a ./settings/${appref} directory${NC}"
            mkdir settings/${appref}
        fi
        if [[ -f  "./settings/${appref}/settings.json" ]]; then
            read -p "Do you want to keep the existing settings for ${appref}? y|n" -n 1 -r
            echo -e ${NC}
            if [[ $REPLY =~ ^[Yy]$ ]]; then
                echo -e "${GRN}skipping setting up for ${appref}${NC}"
                continue
            fi
        fi
        dbroles=($(cat $tmpfile | jq -r --arg appref "$appref" '.apps[] | select(.app==$appref) | .dbroles[],""' 2> /dev/null))
        # set the settings files

        lim=$(( ${#dbroles[@]} - 1 ))
        echo -e ${GRN} creating settings file ./settings/${appref}/settings.json with database role ${dbroles[@]}
        echo '{"private":{"databases": [ ' > $tmpSettingsFile
        # need a database entry for each database role
        for (( ri=0; ri<${#dbroles[@]}; ri++ )); do
            role=${dbroles[$ri]}
            if [[ -f "settings/${appref}/settings.json"  ]]; then
                echo -e ${ORNG}loading existing settings${NC}
                xdhost=$(jq -r --arg r "${role}" '.private.databases[] | select(.role==$r).host' < settings/${appref}/settings.json)
                if [[ "X${xdhost}"  != "X" ]]; then
                    dhost=${xdhost}
                fi
                xdport=$(jq -r --arg r "${role}" '.private.databases[] | select(.role==$r).port' < settings/${appref}/settings.json)
                if [[ "X${xdport}"  != "X" ]]; then
                    dport=${xdport}
                fi
                xduserName=$(jq -r --arg r "${role}" '.private.databases[] | select(.role==$r).user' < settings/${appref}/settings.json)
                if [[ "X${xduserName}"  != "X" ]]; then
                    duserName=${xduserName}
                fi
                xdpassword=$(jq -r --arg r "${role}" '.private.databases[] | select(.role==$r).password' < settings/${appref}/settings.json)
                if [[ "X${xdpassword}"  != "X" ]]; then
                    dpassword=${xdpassword}
                fi
                xddatabase=$(jq -r --arg r "${role}" '.private.databases[] | select(.role==$r).database' < settings/${appref}/settings.json)
                if [[ "X${xddatabase}"  != "X" ]]; then
                    ddatabase=${xddatabase}
                fi
            fi
            good=n
            reset="set"
            while [[ "$good" = "n" ]]; do
                echo -e ${ORNG} Have to ${reset} database server url and database user credentials for ${appref} role ${dbroles[$ri]}
                read -p "What is the host of the database server for ${appref} with role ${role} [$dhost]" host
                host=${host:-$dhost}
                dhost=$host
                read -p "What is the port of the database  server for ${appref} with role ${role} [$dport]" port
                port=${port:-$dport}
                dport=$port
                read -p "What is the database for ${appref} with role ${role} [$ddatabase]" database
                database=${database:-$ddatabase}
                ddatabase=$database
                read -p "What is the username for database ${database} for ${appref} with role ${role} [$duserName]" userName
                userName=${userName:-$duserName}
                duserName=$userName
                cgood="n"
                resetpassword=""
                if [[ "X${dpassword}" != "X" ]]; then
                    read -sp "Keep the existing password for ${database} and ${userName} for ${appref} with role ${role} y|n?" -n 1 -r
                    echo
                 else
                    REPLY="n" # there isn't any password - have to ask for it
                fi
                if [[ $REPLY =~ ^[Yy]$ ]]; then
                    password=${dpassword}
                else
                    while [[ "$cgood" = "n" ]]; do
                        echo -e ${ORNG} ${resetpassword}
                        read -sp "What is the password for ${database} and ${userName} for ${appref} and role ${role}" password
                        echo
                        read -sp "Confirm the password for ${database}" cpassword
                        echo -e ${NC}
                        if [[ "$password" = "$cpassword" ]]; then
                            cgood="y"
                        else
                            echo -e "${RED}passwords do not match!!!"${NC}
                            resetpassword="RE-ENTER"
                        fi
                    done
                fi
                echo -e "${GRN}Setting ${appref} database credentials for ${host}:${port} ${database} with user: ${userName}${NC}"
                echo -e ${ORNG}
                read -p "Good with that? y|n?" -n 1 -r
                echo -e ${NC}
                if [[ $REPLY =~ ^[Yy]$ ]]; then
                    good="y"
                else
                    echo -e ${RED} redoing ${appref} then... ${NC}
                    reset=RESET
                fi
            done

            # build the list of database entries

            database=${database:-$ddatabase}
            ddatabase=$database
            cat <<- %ENDPOOLS >> $tmpSettingsFile
               {
              "role": "${role}",
              "status": "active",
              "host": "${host}",
              "port": "${port}",
              "user": "${userName}",
              "password": "${password}",
              "database": "${database}",
              "connectionLimit": 4
              }
%ENDPOOLS
            # add a comma if more than one and not on the last one
            if [[ $ri -lt ${lim} ]] && [[ ${#dbroles[@]} -gt 1 ]]; then
                echo "," >> $tmpSettingsFile
            fi
        done
        #finish up the document
        group="Ungrouped"
        app_order="0"
        title="Unknown App"
        color="#3366bb"
        if [[ "${appref}"  == "met-airquality" ]]; then
            group="METexpress Surface"
            app_order="1"
            title="MET Air Quality"
            color="darkorchid"
        fi
        if [[ "${appref}"  == "met-anomalycor" ]]; then
            group="METexpress Upper Air"
            app_order="1"
            title="MET Anomaly Correlation"
            color="darkorchid"
        fi
        if [[ "${appref}"  == "met-cyclone" ]]; then
            group="METexpress Specialized"
            app_order="1"
            title="MET Cyclone"
            color="darkorchid"
        fi
        if [[ "${appref}"  == "met-ensemble" ]]; then
            group="METexpress Specialized"
            app_order="0"
            title="MET Ensemble"
            color="darkorchid"
        fi
        if [[ "${appref}"  == "met-object" ]]; then
            group="METexpress Specialized"
            app_order="2"
            title="MET Object"
            color="darkorchid"
        fi
        if [[ "${appref}"  == "met-precip" ]]; then
            group="METexpress Precipitation"
            app_order="0"
            title="MET Precipitation"
            color="darkorchid"
        fi
        if [[ "${appref}"  == "met-surface" ]]; then
            group="METexpress Surface"
            app_order="0"
            title="MET Surface"
            color="darkorchid"
        fi
        if [[ "${appref}"  == "met-upperair" ]]; then
            group="METexpress Upper Air"
            app_order="0"
            title="MET Upper Air"
            color="darkorchid"
        fi
        echo "], \"PYTHON_PATH\":\"/usr/bin/python3\", \"MAPBOX_KEY\":\"${mapbox_key}\" }, \"public\":{\"run_environment\":\"${depenv}\",\"proxy_prefix_path\":\"${proxyPath}\",\"home\":\"https://${proxyHost}${proxyPath}/\",\"mysql_wait_timeout\":\"900\",\"group\":\"${group}\",\"app_order\":\"${app_order}\",\"app\":\"${appref}\",\"title\":\"${title}\",\"color\":\"${color}\"}}" >> $tmpSettingsFile
        jq '.' < $tmpSettingsFile > ./settings/${appref}/settings.json

    done
        #set up the dockerfile
        echo -e ${ORNG} Setting up a dockercompose file for your apps ${NC}

        #NOTE: Spacing is important for compose files!!!! They are yaml!!!!
        cat << %COMPOSEEND > $tmpDockerFile
version: "3.2"

networks:
 web:
  external: true
 backend:
  external: false

services:

 traefik:
  image: traefik:1.7.16-alpine
  deploy:
    restart_policy:
      condition: on-failure
      delay: 5s
      max_attempts: 3
      window: 120s
  networks:
   - web
  ports:
   - "443:443"
   - "80:80"
  volumes:
   - /var/run/docker.sock:/var/run/docker.sock
   - ${DEPLOYDIR}/traefik.toml:/traefik.toml
   - ${DEPLOYDIR}/logs:/logs
# comment out the - /etc/ssl/certs:/etc/ssl/certs line if using lets-encrypt tls challenge instead of an externally acquired cert
# if using an externally acquired cert, put it in the following directory
   - /etc/ssl/certs:/etc/ssl/certs
  labels:
   - traefik.frontend.rule=Host:${domain};PathPrefixStrip:${proxyPath}/proxy
   - traefik.port=8090

 mats-http:
  image: matsapps/production:mats-http
  deploy:
    restart_policy:
      condition: on-failure
      delay: 5s
      max_attempts: 3
      window: 20s
  volumes:
   - ${DEPLOYDIR}/web:/web
  labels:
   - traefik.backend=mats-http/index.html
   - traefik.frontend.rule=Host:${domain};PathPrefixStrip:${proxyPath}/
   - traefik.docker.network=web
   - traefik.port=8080
  networks:
   - web

 mongo:
  image: mongo:4.2.0
  deploy:
    restart_policy:
      condition: on-failure
      delay: 5s
      max_attempts: 3
      window: 30s
  command: -nojournal
  ports:
   - "27017:27017"
  volumes:
   - ${DEPLOYDIR}/mongodata:/data/db
  networks:
   - backend
   - web

%COMPOSEEND

    for (( i=0; i<${#apps[@]}; i++ )); do
        appref=${apps[$i]}
        appversion=${versions[$i]}
        if [ "$custom" == "true" ]; then
          read -p "Is '${appversion}' the correct version for ${appref}? (you may have to look at your docker repository)? y|n" -n 1 -r
          echo -e ${NC}
          if [[ $REPLY =~ ^[Yy]$ ]]; then
              echo -e "${GRN}leaving version as ${appversion}${NC}"
          else
              echo -e ${RED}
              read -p "Enter the version for ${appref}:" appversion
              echo -e ${NC}
              echo -e "${GRN}setting appversion to ${appversion}${NC}"
              # modify the version in the stableDeployment.json file
              cat stableDeployment.json | jq "(.apps[] | select(.app == \"${appref}\") | .version) |= \"${appversion}\"" > stableDeployment.json-tmp
              mv stableDeployment.json-tmp stableDeployment.json
          fi
        fi
        apptag="${appref}-${appversion}"

        #NOTE: the {id:[0-9]?} at the end of each app frontend.rule below is a workaround
        # for short paths. For some as yet not understood reason short reference names like vil
        # do not match the PathPrefix unless I append the unused regex qualifier. We need to fix this - or at least understand it.
        if [ ${simple} == "true" ]; then
          cat <<- %COMPOSESIMPLEAPPEND >> $tmpDockerFile
 ${appref}:
  # app ${appref} version is ${appversion}
  image: ${repository}:${apptag}
  deploy:
    restart_policy:
      condition: on-failure
      delay: 5s
      max_attempts: 3
      window: 60s
  environment:
   - DELAY=6
   - ROOT_URL=http://${proxyHost}${proxyPath}/${appref}
  volumes:
   - ${DEPLOYDIR}/settings:/usr/app/settings
  depends_on:
   - mongo
  labels:
   - traefik.backend=${appref}
   - traefik.frontend.rule=Host:${domain};PathPrefix:${proxyPath}/${appref}{id:[0-9]?}
   - traefik.docker.network=web
   - traefik.port=80
  networks:
   - web
   - backend

%COMPOSESIMPLEAPPEND
        else
          cat <<- %COMPOSEAPPEND >> $tmpDockerFile
 ${appref}:
  # app ${appref} version is ${appversion}
  image: ${repository}:${apptag}
  deploy:
    restart_policy:
      condition: on-failure
      delay: 5s
      max_attempts: 3
      window: 60s
  environment:
   - DELAY=6
   - ROOT_URL=https://${proxyHost}${proxyPath}/${appref}
  volumes:
   - ${DEPLOYDIR}/settings:/usr/app/settings
  depends_on:
   - mongo
  labels:
   - traefik.backend=${appref}
   - traefik.frontend.rule=Host:${domain};PathPrefix:${proxyPath}/${appref}{id:[0-9]?}
   - traefik.docker.network=web
   - traefik.port=80
  networks:
   - web
   - backend
%COMPOSEAPPEND
      fi
    done
    mv $tmpDockerFile docker-compose.yml
fi

exit 0
