2022-08-25 22:22:11 +02:00
|
|
|
services:
|
|
|
|
######## traefik ########
|
|
|
|
traefik:
|
2023-11-16 20:09:14 +01:00
|
|
|
container_name: traefik
|
2024-10-28 21:06:30 +01:00
|
|
|
image: "traefik:v3.2.0"
|
2024-10-23 18:21:54 +02:00
|
|
|
restart: unless-stopped
|
2024-10-23 18:20:04 +02:00
|
|
|
pull_policy: missing
|
2022-08-25 22:22:11 +02:00
|
|
|
volumes:
|
|
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
|
|
- ./traefik.yml:/etc/traefik/traefik.yml
|
|
|
|
- ./file-provider.yml:/etc/traefik/file-provider.yml
|
|
|
|
- acme_data:/etc/traefik/acme
|
|
|
|
networks:
|
|
|
|
- traefik
|
|
|
|
ports:
|
|
|
|
- "80:80" # HTTP
|
|
|
|
- "8081:8080" # Web-GUI
|
|
|
|
- "443:443" # HTTPS
|
|
|
|
- "2222:2222" # SSH
|
|
|
|
environment:
|
2023-04-06 19:53:27 +02:00
|
|
|
TZ: Europe/Berlin
|
2024-02-02 13:52:33 +01:00
|
|
|
healthcheck:
|
|
|
|
test: ["CMD", "traefik", "healthcheck", "--ping"]
|
|
|
|
interval: 30s
|
|
|
|
timeout: 10s
|
|
|
|
retries: 3
|
2024-11-10 10:49:54 +01:00
|
|
|
######## authelia ########
|
|
|
|
authelia:
|
|
|
|
image: authelia/authelia:4.38.17
|
|
|
|
container_name: authelia
|
2024-10-23 18:21:54 +02:00
|
|
|
restart: unless-stopped
|
2024-10-23 18:20:04 +02:00
|
|
|
pull_policy: missing
|
2023-11-16 20:09:14 +01:00
|
|
|
environment:
|
2024-11-10 10:49:54 +01:00
|
|
|
TZ: Europe/Berlin
|
|
|
|
volumes:
|
|
|
|
- ./configuration.yml:/config/configuration.yml
|
|
|
|
- authelia_data:/data
|
2023-11-16 20:09:14 +01:00
|
|
|
labels:
|
2024-11-10 10:49:54 +01:00
|
|
|
traefik.enable: true'
|
|
|
|
traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`)
|
|
|
|
traefik.http.services.authelia.loadbalancer.server.port: 80
|
|
|
|
traefik.http.routers.authelia.tls: true
|
|
|
|
traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt
|
|
|
|
traefik.http.routers.authelia.entrypoints: entry_https
|
2024-11-10 10:56:08 +01:00
|
|
|
traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net'
|
2024-11-10 10:49:54 +01:00
|
|
|
traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true'
|
|
|
|
traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email'
|
|
|
|
depends_on:
|
|
|
|
- authelia-redis
|
2023-11-16 20:09:14 +01:00
|
|
|
|
2024-11-10 10:49:54 +01:00
|
|
|
authelia-redis: # version!!!!
|
|
|
|
image: redis:7
|
|
|
|
container_name: authelia-redis
|
|
|
|
restart: unless-stopped
|
|
|
|
pull_policy: missing
|
|
|
|
environment:
|
|
|
|
TZ: Europe/Berlin
|
2023-05-12 08:18:45 +02:00
|
|
|
|
2022-08-25 22:22:11 +02:00
|
|
|
######## Networks ########
|
|
|
|
networks:
|
|
|
|
traefik:
|
|
|
|
external: true
|
|
|
|
######## Volumes ########
|
|
|
|
volumes:
|
|
|
|
acme_data:
|
2024-11-10 10:49:54 +01:00
|
|
|
authelia_data:
|
2023-11-16 20:09:14 +01:00
|
|
|
|
|
|
|
|
|
|
|
# passwd
|
2024-11-10 10:52:11 +01:00
|
|
|
# echo "<user>:$(mkpasswd -m sha-512 <password>)" # kann weg
|
2024-11-10 10:49:54 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# TODO
|
|
|
|
# ldap user: https://www.authelia.com/configuration/first-factor/ldap/
|
|
|
|
# test mit whoami
|
|
|
|
# doku: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker
|
|
|
|
# healtchecks
|
|
|
|
# munin
|
|
|
|
# keepass aufraumen
|
2024-11-10 10:52:11 +01:00
|
|
|
# secrets
|