2022-08-25 22:22:11 +02:00
|
|
|
version: '3'
|
|
|
|
|
services:
|
|
|
|
|
######## traefik ########
|
|
|
|
|
traefik:
|
2023-11-16 20:09:14 +01:00
|
|
|
container_name: traefik
|
2024-01-26 23:07:33 +01:00
|
|
|
image: "traefik:v2.11@sha256:6ebe52de2d715b757dc47b7ab1b3350c84a333472a6b1c02f816c874a5c14122"
|
2022-08-25 22:22:11 +02:00
|
|
|
restart: always
|
|
|
|
|
volumes:
|
|
|
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
|
|
|
- ./traefik.yml:/etc/traefik/traefik.yml
|
|
|
|
|
- ./file-provider.yml:/etc/traefik/file-provider.yml
|
|
|
|
|
- acme_data:/etc/traefik/acme
|
|
|
|
|
networks:
|
|
|
|
|
- traefik
|
|
|
|
|
ports:
|
|
|
|
|
- "80:80" # HTTP
|
|
|
|
|
- "8081:8080" # Web-GUI
|
|
|
|
|
- "443:443" # HTTPS
|
|
|
|
|
- "2222:2222" # SSH
|
|
|
|
|
environment:
|
2023-04-06 19:53:27 +02:00
|
|
|
TZ: Europe/Berlin
|
2023-03-21 19:00:37 +01:00
|
|
|
labels:
|
2023-04-20 14:50:33 +02:00
|
|
|
com.centurylinklabs.watchtower.enable: true
|
2023-11-16 20:09:14 +01:00
|
|
|
|
|
|
|
|
######## nforwardauth ########
|
|
|
|
|
nforwardauth:
|
2023-11-21 21:20:53 +01:00
|
|
|
restart: always
|
2024-01-26 23:05:17 +01:00
|
|
|
image: "nosduco/nforwardauth:v1.4.0@sha256:16e38db002d27758bdc53c70ba12113d84158c758efe930c97c6e9e2bf612a5d"
|
2023-11-16 20:09:14 +01:00
|
|
|
container_name: traefik-nforwardauth
|
|
|
|
|
environment:
|
2024-01-26 22:37:25 +01:00
|
|
|
TOKEN_SECRET: "{{ lookup('keepass', 'nforwardauth_token_secret', 'password') }}"
|
2023-11-16 20:09:14 +01:00
|
|
|
AUTH_HOST: auth.mgrote.net
|
|
|
|
|
labels:
|
|
|
|
|
traefik.enable: true
|
|
|
|
|
traefik.http.routers.nforwardauth.rule: Host(`auth.mgrote.net`)
|
|
|
|
|
|
|
|
|
|
traefik.http.middlewares.nforwardauth.forwardauth.address: http://nforwardauth:3000
|
|
|
|
|
|
|
|
|
|
traefik.http.services.nforwardauth.loadbalancer.server.port: 3000
|
|
|
|
|
traefik.http.routers.nforwardauth.tls: true
|
|
|
|
|
traefik.http.routers.nforwardauth.tls.certresolver: resolver_letsencrypt
|
|
|
|
|
traefik.http.routers.nforwardauth.entrypoints: entry_https
|
|
|
|
|
|
|
|
|
|
com.centurylinklabs.watchtower.depends-on: traefik
|
|
|
|
|
com.centurylinklabs.watchtower.enable: true
|
|
|
|
|
volumes:
|
|
|
|
|
- "./passwd:/passwd:ro" # Mount local passwd file at /passwd as read only
|
|
|
|
|
networks:
|
|
|
|
|
- traefik
|
2023-05-12 08:18:45 +02:00
|
|
|
|
2022-08-25 22:22:11 +02:00
|
|
|
######## Networks ########
|
|
|
|
|
networks:
|
|
|
|
|
traefik:
|
|
|
|
|
external: true
|
|
|
|
|
######## Volumes ########
|
|
|
|
|
volumes:
|
|
|
|
|
acme_data:
|
2023-11-16 20:09:14 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
# passwd
|
|
|
|
|
# echo "<user>:$(mkpasswd -m sha-512 <password>)"
|
