From 1956e70a3a3fbf121e4f47e1b7e3123d974646f0 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Thu, 21 Nov 2024 13:00:22 +0100 Subject: [PATCH] authelia: move outside traefik docker-compose.yml (#246) docker-compose/authelia/docker-compose.yml.j2 docker-compose/traefik/docker-compose.yml.j2 Signed-off-by: Michael Grote Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/246 Co-authored-by: Michael Grote Co-committed-by: Michael Grote --- .../configuration.yml.j2 | 0 docker-compose/authelia/docker-compose.yml.j2 | 91 +++++++++++++++++++ docker-compose/traefik/docker-compose.yml.j2 | 82 +---------------- 3 files changed, 92 insertions(+), 81 deletions(-) rename docker-compose/{traefik => authelia}/configuration.yml.j2 (100%) create mode 100644 docker-compose/authelia/docker-compose.yml.j2 diff --git a/docker-compose/traefik/configuration.yml.j2 b/docker-compose/authelia/configuration.yml.j2 similarity index 100% rename from docker-compose/traefik/configuration.yml.j2 rename to docker-compose/authelia/configuration.yml.j2 diff --git a/docker-compose/authelia/docker-compose.yml.j2 b/docker-compose/authelia/docker-compose.yml.j2 new file mode 100644 index 00000000..0d7b8ad7 --- /dev/null +++ b/docker-compose/authelia/docker-compose.yml.j2 @@ -0,0 +1,91 @@ +# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap + +services: +######## authelia ######## + authelia: + image: authelia/authelia:4.38.17 + container_name: authelia + restart: unless-stopped + pull_policy: missing + environment: + TZ: Europe/Berlin + volumes: + - ./configuration.yml:/config/configuration.yml + - ./users_database.yml:/config/users_database.yml + - authelia_data:/data + labels: + traefik.enable: true + traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`) + traefik.http.services.authelia.loadbalancer.server.port: 9091 + traefik.http.routers.authelia.tls: true + traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt + traefik.http.routers.authelia.entrypoints: entry_https + traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net + traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true + traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email + depends_on: + - authelia-redis + - authelia-db + networks: + - traefik + - postfix + - authelia + healthcheck: + test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"] + interval: 30s + timeout: 10s + retries: 3 + +######## Redis ######## + authelia-redis: + image: "redis:7.4.1" + container_name: authelia-redis + restart: unless-stopped + pull_policy: missing + environment: + TZ: Europe/Berlin + networks: + - authelia + healthcheck: + test: ["CMD", "redis-cli", "--no-auth-warning", "ping"] + interval: 5s + timeout: 2s + retries: 3 + +######## Datenbank ######## + authelia-db: + image: "mariadb:11.5.2" + container_name: authelia-db + command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF + restart: unless-stopped + pull_policy: missing + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - db:/var/lib/mysql + environment: + MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}" + MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}" + MYSQL_DATABASE: authelia + MYSQL_USER: authelia + MYSQL_INITDB_SKIP_TZINFO: 1 + networks: + - authelia + healthcheck: + test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"] + interval: 30s + timeout: 10s + retries: 3 + + +######## Networks ######## +networks: + authelia: + traefik: + external: true + postfix: + external: true +######## Volumes ######## +volumes: + authelia_data: + db: diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2 index 433c76ee..62b06bb3 100644 --- a/docker-compose/traefik/docker-compose.yml.j2 +++ b/docker-compose/traefik/docker-compose.yml.j2 @@ -1,4 +1,4 @@ -# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/ +# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap services: ######## traefik ######## @@ -26,84 +26,6 @@ services: interval: 30s timeout: 10s retries: 3 - depends_on: - - authelia - -######## authelia ######## - authelia: - image: authelia/authelia:4.38.17 - container_name: authelia - restart: unless-stopped - pull_policy: missing - environment: - TZ: Europe/Berlin - volumes: - - ./configuration.yml:/config/configuration.yml - - ./users_database.yml:/config/users_database.yml - - authelia_data:/data - labels: - traefik.enable: true - traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`) - traefik.http.services.authelia.loadbalancer.server.port: 9091 - traefik.http.routers.authelia.tls: true - traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt - traefik.http.routers.authelia.entrypoints: entry_https - traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net - traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email - depends_on: - - authelia-redis - - authelia-db - networks: - - traefik - - postfix - - authelia - healthcheck: - test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"] - interval: 30s - timeout: 10s - retries: 3 - - authelia-redis: - image: "redis:7.4.1" - container_name: authelia-redis - restart: unless-stopped - pull_policy: missing - environment: - TZ: Europe/Berlin - networks: - - authelia - healthcheck: - test: ["CMD", "redis-cli", "--no-auth-warning", "ping"] - interval: 5s - timeout: 2s - retries: 3 - -######## Datenbank ######## - authelia-db: - image: "mariadb:11.5.2" - container_name: authelia-db - command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF - restart: unless-stopped - pull_policy: missing - volumes: - - /etc/localtime:/etc/localtime:ro - - /etc/timezone:/etc/timezone:ro - - db:/var/lib/mysql - environment: - MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}" - MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}" - MYSQL_DATABASE: authelia - MYSQL_USER: authelia - MYSQL_INITDB_SKIP_TZINFO: 1 - networks: - - authelia - healthcheck: - test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"] - interval: 30s - timeout: 10s - retries: 3 - ######## Networks ######## networks: @@ -115,5 +37,3 @@ networks: ######## Volumes ######## volumes: acme_data: - authelia_data: - db: