authelia: move outside traefik docker-compose.yml #246

Merged
mg merged 3 commits from authelia_solo into master 2024-11-21 13:00:34 +01:00
2 changed files with 86 additions and 86 deletions
Showing only changes of commit bc796390ce - Show all commits

View file

@ -1,33 +1,82 @@
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap # Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap
services: services:
######## traefik ######## ######## authelia ########
traefik: authelia:
container_name: traefik image: authelia/authelia:4.38.17
image: "traefik:v3.2.1" container_name: authelia
restart: unless-stopped restart: unless-stopped
pull_policy: missing pull_policy: missing
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml
- ./file-provider.yml:/etc/traefik/file-provider.yml
- acme_data:/etc/traefik/acme
networks:
- traefik
ports:
- "80:80" # HTTP
- "8081:8080" # Web-GUI
- "443:443" # HTTPS
- "2222:2222" # SSH
environment: environment:
TZ: Europe/Berlin TZ: Europe/Berlin
volumes:
- ./configuration.yml:/config/configuration.yml
- ./users_database.yml:/config/users_database.yml
- authelia_data:/data
labels:
traefik.enable: true
traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`)
traefik.http.services.authelia.loadbalancer.server.port: 9091
traefik.http.routers.authelia.tls: true
traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt
traefik.http.routers.authelia.entrypoints: entry_https
traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net
traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true
traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
depends_on:
- authelia-redis
- authelia-db
networks:
- traefik
- postfix
- authelia
healthcheck: healthcheck:
test: ["CMD", "traefik", "healthcheck", "--ping"] test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"]
interval: 30s interval: 30s
timeout: 10s timeout: 10s
retries: 3 retries: 3
depends_on:
######## Redis ########
authelia-redis:
image: "redis:7.4.1"
container_name: authelia-redis
restart: unless-stopped
pull_policy: missing
environment:
TZ: Europe/Berlin
networks:
- authelia - authelia
healthcheck:
test: ["CMD", "redis-cli", "--no-auth-warning", "ping"]
interval: 5s
timeout: 2s
retries: 3
######## Datenbank ########
authelia-db:
image: "mariadb:11.5.2"
container_name: authelia-db
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
restart: unless-stopped
pull_policy: missing
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- db:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}"
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"
MYSQL_DATABASE: authelia
MYSQL_USER: authelia
MYSQL_INITDB_SKIP_TZINFO: 1
networks:
- authelia
healthcheck:
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"]
interval: 30s
timeout: 10s
retries: 3
######## Networks ######## ######## Networks ########
networks: networks:
@ -38,4 +87,5 @@ networks:
external: true external: true
######## Volumes ######## ######## Volumes ########
volumes: volumes:
acme_data: authelia_data:
db:

View file

@ -1,82 +1,33 @@
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap # Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap
services: services:
######## authelia ######## ######## traefik ########
authelia: traefik:
image: authelia/authelia:4.38.17 container_name: traefik
container_name: authelia image: "traefik:v3.2.1"
restart: unless-stopped restart: unless-stopped
pull_policy: missing pull_policy: missing
environment:
TZ: Europe/Berlin
volumes: volumes:
- ./configuration.yml:/config/configuration.yml - /var/run/docker.sock:/var/run/docker.sock:ro
- ./users_database.yml:/config/users_database.yml - ./traefik.yml:/etc/traefik/traefik.yml
- authelia_data:/data - ./file-provider.yml:/etc/traefik/file-provider.yml
labels: - acme_data:/etc/traefik/acme
traefik.enable: true
traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`)
traefik.http.services.authelia.loadbalancer.server.port: 9091
traefik.http.routers.authelia.tls: true
traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt
traefik.http.routers.authelia.entrypoints: entry_https
traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net
traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true
traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
depends_on:
- authelia-redis
- authelia-db
networks: networks:
- traefik - traefik
- postfix ports:
- authelia - "80:80" # HTTP
healthcheck: - "8081:8080" # Web-GUI
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"] - "443:443" # HTTPS
interval: 30s - "2222:2222" # SSH
timeout: 10s
retries: 3
######## Redis ########
authelia-redis:
image: "redis:7.4.1"
container_name: authelia-redis
restart: unless-stopped
pull_policy: missing
environment: environment:
TZ: Europe/Berlin TZ: Europe/Berlin
networks:
- authelia
healthcheck: healthcheck:
test: ["CMD", "redis-cli", "--no-auth-warning", "ping"] test: ["CMD", "traefik", "healthcheck", "--ping"]
interval: 5s
timeout: 2s
retries: 3
######## Datenbank ########
authelia-db:
image: "mariadb:11.5.2"
container_name: authelia-db
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
restart: unless-stopped
pull_policy: missing
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- db:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}"
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"
MYSQL_DATABASE: authelia
MYSQL_USER: authelia
MYSQL_INITDB_SKIP_TZINFO: 1
networks:
- authelia
healthcheck:
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"]
interval: 30s interval: 30s
timeout: 10s timeout: 10s
retries: 3 retries: 3
depends_on:
- authelia
######## Networks ######## ######## Networks ########
networks: networks:
@ -87,5 +38,4 @@ networks:
external: true external: true
######## Volumes ######## ######## Volumes ########
volumes: volumes:
authelia_data: acme_data:
db: