authelia: move outside traefik docker-compose.yml (#246)
docker-compose/authelia/docker-compose.yml.j2 docker-compose/traefik/docker-compose.yml.j2 Signed-off-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: #246 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
parent
ee0e55d828
commit
1956e70a3a
3 changed files with 92 additions and 81 deletions
91
docker-compose/authelia/docker-compose.yml.j2
Normal file
91
docker-compose/authelia/docker-compose.yml.j2
Normal file
|
@ -0,0 +1,91 @@
|
|||
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap
|
||||
|
||||
services:
|
||||
######## authelia ########
|
||||
authelia:
|
||||
image: authelia/authelia:4.38.17
|
||||
container_name: authelia
|
||||
restart: unless-stopped
|
||||
pull_policy: missing
|
||||
environment:
|
||||
TZ: Europe/Berlin
|
||||
volumes:
|
||||
- ./configuration.yml:/config/configuration.yml
|
||||
- ./users_database.yml:/config/users_database.yml
|
||||
- authelia_data:/data
|
||||
labels:
|
||||
traefik.enable: true
|
||||
traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`)
|
||||
traefik.http.services.authelia.loadbalancer.server.port: 9091
|
||||
traefik.http.routers.authelia.tls: true
|
||||
traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt
|
||||
traefik.http.routers.authelia.entrypoints: entry_https
|
||||
traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net
|
||||
traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true
|
||||
traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
|
||||
depends_on:
|
||||
- authelia-redis
|
||||
- authelia-db
|
||||
networks:
|
||||
- traefik
|
||||
- postfix
|
||||
- authelia
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
|
||||
######## Redis ########
|
||||
authelia-redis:
|
||||
image: "redis:7.4.1"
|
||||
container_name: authelia-redis
|
||||
restart: unless-stopped
|
||||
pull_policy: missing
|
||||
environment:
|
||||
TZ: Europe/Berlin
|
||||
networks:
|
||||
- authelia
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli", "--no-auth-warning", "ping"]
|
||||
interval: 5s
|
||||
timeout: 2s
|
||||
retries: 3
|
||||
|
||||
######## Datenbank ########
|
||||
authelia-db:
|
||||
image: "mariadb:11.5.2"
|
||||
container_name: authelia-db
|
||||
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
|
||||
restart: unless-stopped
|
||||
pull_policy: missing
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- db:/var/lib/mysql
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}"
|
||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"
|
||||
MYSQL_DATABASE: authelia
|
||||
MYSQL_USER: authelia
|
||||
MYSQL_INITDB_SKIP_TZINFO: 1
|
||||
networks:
|
||||
- authelia
|
||||
healthcheck:
|
||||
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
|
||||
|
||||
######## Networks ########
|
||||
networks:
|
||||
authelia:
|
||||
traefik:
|
||||
external: true
|
||||
postfix:
|
||||
external: true
|
||||
######## Volumes ########
|
||||
volumes:
|
||||
authelia_data:
|
||||
db:
|
|
@ -1,4 +1,4 @@
|
|||
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
|
||||
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap
|
||||
|
||||
services:
|
||||
######## traefik ########
|
||||
|
@ -26,84 +26,6 @@ services:
|
|||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
depends_on:
|
||||
- authelia
|
||||
|
||||
######## authelia ########
|
||||
authelia:
|
||||
image: authelia/authelia:4.38.17
|
||||
container_name: authelia
|
||||
restart: unless-stopped
|
||||
pull_policy: missing
|
||||
environment:
|
||||
TZ: Europe/Berlin
|
||||
volumes:
|
||||
- ./configuration.yml:/config/configuration.yml
|
||||
- ./users_database.yml:/config/users_database.yml
|
||||
- authelia_data:/data
|
||||
labels:
|
||||
traefik.enable: true
|
||||
traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`)
|
||||
traefik.http.services.authelia.loadbalancer.server.port: 9091
|
||||
traefik.http.routers.authelia.tls: true
|
||||
traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt
|
||||
traefik.http.routers.authelia.entrypoints: entry_https
|
||||
traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net
|
||||
traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true
|
||||
traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
|
||||
depends_on:
|
||||
- authelia-redis
|
||||
- authelia-db
|
||||
networks:
|
||||
- traefik
|
||||
- postfix
|
||||
- authelia
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
|
||||
authelia-redis:
|
||||
image: "redis:7.4.1"
|
||||
container_name: authelia-redis
|
||||
restart: unless-stopped
|
||||
pull_policy: missing
|
||||
environment:
|
||||
TZ: Europe/Berlin
|
||||
networks:
|
||||
- authelia
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli", "--no-auth-warning", "ping"]
|
||||
interval: 5s
|
||||
timeout: 2s
|
||||
retries: 3
|
||||
|
||||
######## Datenbank ########
|
||||
authelia-db:
|
||||
image: "mariadb:11.5.2"
|
||||
container_name: authelia-db
|
||||
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
|
||||
restart: unless-stopped
|
||||
pull_policy: missing
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- db:/var/lib/mysql
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}"
|
||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"
|
||||
MYSQL_DATABASE: authelia
|
||||
MYSQL_USER: authelia
|
||||
MYSQL_INITDB_SKIP_TZINFO: 1
|
||||
networks:
|
||||
- authelia
|
||||
healthcheck:
|
||||
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
|
||||
|
||||
######## Networks ########
|
||||
networks:
|
||||
|
@ -115,5 +37,3 @@ networks:
|
|||
######## Volumes ########
|
||||
volumes:
|
||||
acme_data:
|
||||
authelia_data:
|
||||
db:
|
||||
|
|
Loading…
Reference in a new issue