From e6eafdd8b8cfbfb80cd136df3342de8d688724d4 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Thu, 21 Nov 2024 12:40:48 +0100 Subject: [PATCH 1/3] changed Files: docker-compose/authelia/configuration.yml.j2 docker-compose/authelia/docker-compose.yml.j2 docker-compose/traefik/docker-compose.yml.j2 Signed-off-by: Michael Grote --- .../configuration.yml.j2 | 0 docker-compose/authelia/docker-compose.yml.j2 | 41 +++++++++++++++++++ docker-compose/traefik/docker-compose.yml.j2 | 32 +-------------- 3 files changed, 43 insertions(+), 30 deletions(-) rename docker-compose/{traefik => authelia}/configuration.yml.j2 (100%) create mode 100644 docker-compose/authelia/docker-compose.yml.j2 diff --git a/docker-compose/traefik/configuration.yml.j2 b/docker-compose/authelia/configuration.yml.j2 similarity index 100% rename from docker-compose/traefik/configuration.yml.j2 rename to docker-compose/authelia/configuration.yml.j2 diff --git a/docker-compose/authelia/docker-compose.yml.j2 b/docker-compose/authelia/docker-compose.yml.j2 new file mode 100644 index 00000000..48b226f9 --- /dev/null +++ b/docker-compose/authelia/docker-compose.yml.j2 @@ -0,0 +1,41 @@ +# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap + +services: +######## traefik ######## + traefik: + container_name: traefik + image: "traefik:v3.2.1" + restart: unless-stopped + pull_policy: missing + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./traefik.yml:/etc/traefik/traefik.yml + - ./file-provider.yml:/etc/traefik/file-provider.yml + - acme_data:/etc/traefik/acme + networks: + - traefik + ports: + - "80:80" # HTTP + - "8081:8080" # Web-GUI + - "443:443" # HTTPS + - "2222:2222" # SSH + environment: + TZ: Europe/Berlin + healthcheck: + test: ["CMD", "traefik", "healthcheck", "--ping"] + interval: 30s + timeout: 10s + retries: 3 + depends_on: + - authelia + +######## Networks ######## +networks: + authelia: + traefik: + external: true + postfix: + external: true +######## Volumes ######## +volumes: + acme_data: diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2 index 433c76ee..0d7b8ad7 100644 --- a/docker-compose/traefik/docker-compose.yml.j2 +++ b/docker-compose/traefik/docker-compose.yml.j2 @@ -1,34 +1,6 @@ -# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/ +# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap services: -######## traefik ######## - traefik: - container_name: traefik - image: "traefik:v3.2.1" - restart: unless-stopped - pull_policy: missing - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - ./traefik.yml:/etc/traefik/traefik.yml - - ./file-provider.yml:/etc/traefik/file-provider.yml - - acme_data:/etc/traefik/acme - networks: - - traefik - ports: - - "80:80" # HTTP - - "8081:8080" # Web-GUI - - "443:443" # HTTPS - - "2222:2222" # SSH - environment: - TZ: Europe/Berlin - healthcheck: - test: ["CMD", "traefik", "healthcheck", "--ping"] - interval: 30s - timeout: 10s - retries: 3 - depends_on: - - authelia - ######## authelia ######## authelia: image: authelia/authelia:4.38.17 @@ -64,6 +36,7 @@ services: timeout: 10s retries: 3 +######## Redis ######## authelia-redis: image: "redis:7.4.1" container_name: authelia-redis @@ -114,6 +87,5 @@ networks: external: true ######## Volumes ######## volumes: - acme_data: authelia_data: db: -- 2.43.0 From bc796390ce1415e6e9b9a17080773962360bb95d Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Thu, 21 Nov 2024 11:51:50 +0000 Subject: [PATCH 2/3] changed Files: docker-compose/authelia/docker-compose.yml.j2 docker-compose/traefik/docker-compose.yml.j2 Signed-off-by: Michael Grote --- docker-compose/authelia/docker-compose.yml.j2 | 88 +++++++++++++++---- docker-compose/traefik/docker-compose.yml.j2 | 84 ++++-------------- 2 files changed, 86 insertions(+), 86 deletions(-) diff --git a/docker-compose/authelia/docker-compose.yml.j2 b/docker-compose/authelia/docker-compose.yml.j2 index 48b226f9..0d7b8ad7 100644 --- a/docker-compose/authelia/docker-compose.yml.j2 +++ b/docker-compose/authelia/docker-compose.yml.j2 @@ -1,33 +1,82 @@ # Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap services: -######## traefik ######## - traefik: - container_name: traefik - image: "traefik:v3.2.1" +######## authelia ######## + authelia: + image: authelia/authelia:4.38.17 + container_name: authelia restart: unless-stopped pull_policy: missing - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - ./traefik.yml:/etc/traefik/traefik.yml - - ./file-provider.yml:/etc/traefik/file-provider.yml - - acme_data:/etc/traefik/acme - networks: - - traefik - ports: - - "80:80" # HTTP - - "8081:8080" # Web-GUI - - "443:443" # HTTPS - - "2222:2222" # SSH environment: TZ: Europe/Berlin + volumes: + - ./configuration.yml:/config/configuration.yml + - ./users_database.yml:/config/users_database.yml + - authelia_data:/data + labels: + traefik.enable: true + traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`) + traefik.http.services.authelia.loadbalancer.server.port: 9091 + traefik.http.routers.authelia.tls: true + traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt + traefik.http.routers.authelia.entrypoints: entry_https + traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net + traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true + traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email + depends_on: + - authelia-redis + - authelia-db + networks: + - traefik + - postfix + - authelia healthcheck: - test: ["CMD", "traefik", "healthcheck", "--ping"] + test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"] interval: 30s timeout: 10s retries: 3 - depends_on: + +######## Redis ######## + authelia-redis: + image: "redis:7.4.1" + container_name: authelia-redis + restart: unless-stopped + pull_policy: missing + environment: + TZ: Europe/Berlin + networks: - authelia + healthcheck: + test: ["CMD", "redis-cli", "--no-auth-warning", "ping"] + interval: 5s + timeout: 2s + retries: 3 + +######## Datenbank ######## + authelia-db: + image: "mariadb:11.5.2" + container_name: authelia-db + command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF + restart: unless-stopped + pull_policy: missing + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - db:/var/lib/mysql + environment: + MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}" + MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}" + MYSQL_DATABASE: authelia + MYSQL_USER: authelia + MYSQL_INITDB_SKIP_TZINFO: 1 + networks: + - authelia + healthcheck: + test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"] + interval: 30s + timeout: 10s + retries: 3 + ######## Networks ######## networks: @@ -38,4 +87,5 @@ networks: external: true ######## Volumes ######## volumes: - acme_data: + authelia_data: + db: diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2 index 0d7b8ad7..48b226f9 100644 --- a/docker-compose/traefik/docker-compose.yml.j2 +++ b/docker-compose/traefik/docker-compose.yml.j2 @@ -1,82 +1,33 @@ # Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap services: -######## authelia ######## - authelia: - image: authelia/authelia:4.38.17 - container_name: authelia +######## traefik ######## + traefik: + container_name: traefik + image: "traefik:v3.2.1" restart: unless-stopped pull_policy: missing - environment: - TZ: Europe/Berlin volumes: - - ./configuration.yml:/config/configuration.yml - - ./users_database.yml:/config/users_database.yml - - authelia_data:/data - labels: - traefik.enable: true - traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`) - traefik.http.services.authelia.loadbalancer.server.port: 9091 - traefik.http.routers.authelia.tls: true - traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt - traefik.http.routers.authelia.entrypoints: entry_https - traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net - traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email - depends_on: - - authelia-redis - - authelia-db + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./traefik.yml:/etc/traefik/traefik.yml + - ./file-provider.yml:/etc/traefik/file-provider.yml + - acme_data:/etc/traefik/acme networks: - traefik - - postfix - - authelia - healthcheck: - test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"] - interval: 30s - timeout: 10s - retries: 3 - -######## Redis ######## - authelia-redis: - image: "redis:7.4.1" - container_name: authelia-redis - restart: unless-stopped - pull_policy: missing + ports: + - "80:80" # HTTP + - "8081:8080" # Web-GUI + - "443:443" # HTTPS + - "2222:2222" # SSH environment: TZ: Europe/Berlin - networks: - - authelia healthcheck: - test: ["CMD", "redis-cli", "--no-auth-warning", "ping"] - interval: 5s - timeout: 2s - retries: 3 - -######## Datenbank ######## - authelia-db: - image: "mariadb:11.5.2" - container_name: authelia-db - command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF - restart: unless-stopped - pull_policy: missing - volumes: - - /etc/localtime:/etc/localtime:ro - - /etc/timezone:/etc/timezone:ro - - db:/var/lib/mysql - environment: - MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}" - MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}" - MYSQL_DATABASE: authelia - MYSQL_USER: authelia - MYSQL_INITDB_SKIP_TZINFO: 1 - networks: - - authelia - healthcheck: - test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"] + test: ["CMD", "traefik", "healthcheck", "--ping"] interval: 30s timeout: 10s retries: 3 - + depends_on: + - authelia ######## Networks ######## networks: @@ -87,5 +38,4 @@ networks: external: true ######## Volumes ######## volumes: - authelia_data: - db: + acme_data: -- 2.43.0 From 5f6ae9bf04a1f9e8dff3560c062d7b28a9396840 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Thu, 21 Nov 2024 11:52:23 +0000 Subject: [PATCH 3/3] changed Files: docker-compose/traefik/docker-compose.yml.j2 Signed-off-by: Michael Grote --- docker-compose/traefik/docker-compose.yml.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2 index 48b226f9..62b06bb3 100644 --- a/docker-compose/traefik/docker-compose.yml.j2 +++ b/docker-compose/traefik/docker-compose.yml.j2 @@ -26,8 +26,6 @@ services: interval: 30s timeout: 10s retries: 3 - depends_on: - - authelia ######## Networks ######## networks: -- 2.43.0