services:
  portainer:
    container_name: portainer
    image: portainer/portainer-ce:lts
    restart: always
    # 1. Add this command to disable Portainer's TLS and use HTTP on port 9000
    command: --no-tls
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data
    ports:
      # 2. We remove the 9443 port. Caddy will access Portainer internally.
      # - 9443:9443
      - 8000:8000  # Keep if you use Edge Agents
    
    # 3. Connect this container to the shared caddynet network
    networks:
      - caddynet

volumes:
  portainer_data:
    name: portainer_data

# 4. Define caddynet as an existing, external network
networks:
  caddynet:
    external: true