add authelia to registry-ui (#234)

Reviewed-on: #234 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
2024-11-10 17:29:04 +01:00 · 2024-11-10 17:29:04 +01:00 · 31031608b8
commit 31031608b8
parent bc6f8fdc9e
4 changed files with 13 additions and 4 deletions
--- a/docker-compose/registry/docker-compose.yml.j2
+++ b/docker-compose/registry/docker-compose.yml.j2
@ -91,9 +91,8 @@ services:
      timeout: 10s
      retries: 3
    labels:
-      traefik.http.routers.registry-ui.rule: Host(`registry.mgrote.net`)&&PathPrefix(`/ui`) # mache unter /ui erreichbar, damit wird demPfad dieser Prefix hinzugefügt, die Anwendung "hört" dort abrer nicht
-      traefik.http.routers.registry-ui.middlewares: registry-ui-strip-prefix,registry-ui-ipallowlist # also entferne den Prefix danach wieder
-      traefik.http.middlewares.registry-ui-strip-prefix.stripprefix.prefixes: /ui # hier ist die Middleware definiert
+      traefik.http.routers.registry-ui.rule: Host(`rui.mgrote.net`)
+      traefik.http.routers.registry-ui.middlewares: authelia,registry-ui-ipallowlist # also entferne den Prefix danach wieder
      traefik.enable: true
      traefik.http.routers.registry-ui.tls: true
      traefik.http.routers.registry-ui.tls.certresolver: resolver_letsencrypt
@ -109,7 +108,6 @@ networks:
    external: true
  intern:

-
 ######## Volumes ########
 volumes:
  oci:
--- a/docker-compose/traefik/configuration.yml.j2
+++ b/docker-compose/traefik/configuration.yml.j2
@ -3,6 +3,8 @@

 server.address: "0.0.0.0:9091"

+theme: auto
+
 log:
  level: debug

@ -19,6 +21,10 @@ access_control:
      policy: one_factor
      subject:
        - 'group:authelia_wiki'
+    - domain: rui.mgrote.net
+      policy: one_factor
+      subject:
+        - 'group:authelia_registry-ui'

 session:
  name: authelia_session
--- a/docker-compose/traefik/docker-compose.yml.j2
+++ b/docker-compose/traefik/docker-compose.yml.j2
@ -26,6 +26,8 @@ services:
      interval: 30s
      timeout: 10s
      retries: 3
+    depends_on:
+      - authelia

 ######## authelia ########
  authelia:
@ -51,6 +53,7 @@ services:
      traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
    depends_on:
      - authelia-redis
+      - authelia-db
    networks:
      - traefik
      - postfix
--- a/group_vars/blocky.yml
+++ b/group_vars/blocky.yml
@ -90,6 +90,8 @@ blocky_custom_lookups: # optional
    ip: 192.168.2.40
  - name: s3.mgrote.net
    ip: 192.168.2.43
+  - name: rui.mgrote.net
+    ip: 192.168.2.43

 ### mgrote_munin_node
 # kann git.mgrote.net nicht auflösen, deshalb hiermit IP