authelia: move outside traefik docker-compose.yml #246
2 changed files with 86 additions and 86 deletions
|
@ -1,33 +1,82 @@
|
||||||
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap
|
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap
|
||||||
|
|
||||||
services:
|
services:
|
||||||
######## traefik ########
|
######## authelia ########
|
||||||
traefik:
|
authelia:
|
||||||
container_name: traefik
|
image: authelia/authelia:4.38.17
|
||||||
image: "traefik:v3.2.1"
|
container_name: authelia
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
pull_policy: missing
|
pull_policy: missing
|
||||||
volumes:
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
- ./traefik.yml:/etc/traefik/traefik.yml
|
|
||||||
- ./file-provider.yml:/etc/traefik/file-provider.yml
|
|
||||||
- acme_data:/etc/traefik/acme
|
|
||||||
networks:
|
|
||||||
- traefik
|
|
||||||
ports:
|
|
||||||
- "80:80" # HTTP
|
|
||||||
- "8081:8080" # Web-GUI
|
|
||||||
- "443:443" # HTTPS
|
|
||||||
- "2222:2222" # SSH
|
|
||||||
environment:
|
environment:
|
||||||
TZ: Europe/Berlin
|
TZ: Europe/Berlin
|
||||||
|
volumes:
|
||||||
|
- ./configuration.yml:/config/configuration.yml
|
||||||
|
- ./users_database.yml:/config/users_database.yml
|
||||||
|
- authelia_data:/data
|
||||||
|
labels:
|
||||||
|
traefik.enable: true
|
||||||
|
traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`)
|
||||||
|
traefik.http.services.authelia.loadbalancer.server.port: 9091
|
||||||
|
traefik.http.routers.authelia.tls: true
|
||||||
|
traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt
|
||||||
|
traefik.http.routers.authelia.entrypoints: entry_https
|
||||||
|
traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net
|
||||||
|
traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true
|
||||||
|
traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
|
||||||
|
depends_on:
|
||||||
|
- authelia-redis
|
||||||
|
- authelia-db
|
||||||
|
networks:
|
||||||
|
- traefik
|
||||||
|
- postfix
|
||||||
|
- authelia
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "traefik", "healthcheck", "--ping"]
|
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"]
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 3
|
retries: 3
|
||||||
depends_on:
|
|
||||||
|
######## Redis ########
|
||||||
|
authelia-redis:
|
||||||
|
image: "redis:7.4.1"
|
||||||
|
container_name: authelia-redis
|
||||||
|
restart: unless-stopped
|
||||||
|
pull_policy: missing
|
||||||
|
environment:
|
||||||
|
TZ: Europe/Berlin
|
||||||
|
networks:
|
||||||
- authelia
|
- authelia
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "redis-cli", "--no-auth-warning", "ping"]
|
||||||
|
interval: 5s
|
||||||
|
timeout: 2s
|
||||||
|
retries: 3
|
||||||
|
|
||||||
|
######## Datenbank ########
|
||||||
|
authelia-db:
|
||||||
|
image: "mariadb:11.5.2"
|
||||||
|
container_name: authelia-db
|
||||||
|
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
|
||||||
|
restart: unless-stopped
|
||||||
|
pull_policy: missing
|
||||||
|
volumes:
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
- /etc/timezone:/etc/timezone:ro
|
||||||
|
- db:/var/lib/mysql
|
||||||
|
environment:
|
||||||
|
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}"
|
||||||
|
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"
|
||||||
|
MYSQL_DATABASE: authelia
|
||||||
|
MYSQL_USER: authelia
|
||||||
|
MYSQL_INITDB_SKIP_TZINFO: 1
|
||||||
|
networks:
|
||||||
|
- authelia
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
|
||||||
|
|
||||||
######## Networks ########
|
######## Networks ########
|
||||||
networks:
|
networks:
|
||||||
|
@ -38,4 +87,5 @@ networks:
|
||||||
external: true
|
external: true
|
||||||
######## Volumes ########
|
######## Volumes ########
|
||||||
volumes:
|
volumes:
|
||||||
acme_data:
|
authelia_data:
|
||||||
|
db:
|
||||||
|
|
|
@ -1,82 +1,33 @@
|
||||||
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap
|
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap
|
||||||
|
|
||||||
services:
|
services:
|
||||||
######## authelia ########
|
######## traefik ########
|
||||||
authelia:
|
traefik:
|
||||||
image: authelia/authelia:4.38.17
|
container_name: traefik
|
||||||
container_name: authelia
|
image: "traefik:v3.2.1"
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
pull_policy: missing
|
pull_policy: missing
|
||||||
environment:
|
|
||||||
TZ: Europe/Berlin
|
|
||||||
volumes:
|
volumes:
|
||||||
- ./configuration.yml:/config/configuration.yml
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
- ./users_database.yml:/config/users_database.yml
|
- ./traefik.yml:/etc/traefik/traefik.yml
|
||||||
- authelia_data:/data
|
- ./file-provider.yml:/etc/traefik/file-provider.yml
|
||||||
labels:
|
- acme_data:/etc/traefik/acme
|
||||||
traefik.enable: true
|
|
||||||
traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`)
|
|
||||||
traefik.http.services.authelia.loadbalancer.server.port: 9091
|
|
||||||
traefik.http.routers.authelia.tls: true
|
|
||||||
traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt
|
|
||||||
traefik.http.routers.authelia.entrypoints: entry_https
|
|
||||||
traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net
|
|
||||||
traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true
|
|
||||||
traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
|
|
||||||
depends_on:
|
|
||||||
- authelia-redis
|
|
||||||
- authelia-db
|
|
||||||
networks:
|
networks:
|
||||||
- traefik
|
- traefik
|
||||||
- postfix
|
ports:
|
||||||
- authelia
|
- "80:80" # HTTP
|
||||||
healthcheck:
|
- "8081:8080" # Web-GUI
|
||||||
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"]
|
- "443:443" # HTTPS
|
||||||
interval: 30s
|
- "2222:2222" # SSH
|
||||||
timeout: 10s
|
|
||||||
retries: 3
|
|
||||||
|
|
||||||
######## Redis ########
|
|
||||||
authelia-redis:
|
|
||||||
image: "redis:7.4.1"
|
|
||||||
container_name: authelia-redis
|
|
||||||
restart: unless-stopped
|
|
||||||
pull_policy: missing
|
|
||||||
environment:
|
environment:
|
||||||
TZ: Europe/Berlin
|
TZ: Europe/Berlin
|
||||||
networks:
|
|
||||||
- authelia
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "redis-cli", "--no-auth-warning", "ping"]
|
test: ["CMD", "traefik", "healthcheck", "--ping"]
|
||||||
interval: 5s
|
|
||||||
timeout: 2s
|
|
||||||
retries: 3
|
|
||||||
|
|
||||||
######## Datenbank ########
|
|
||||||
authelia-db:
|
|
||||||
image: "mariadb:11.5.2"
|
|
||||||
container_name: authelia-db
|
|
||||||
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
|
|
||||||
restart: unless-stopped
|
|
||||||
pull_policy: missing
|
|
||||||
volumes:
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
- /etc/timezone:/etc/timezone:ro
|
|
||||||
- db:/var/lib/mysql
|
|
||||||
environment:
|
|
||||||
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}"
|
|
||||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"
|
|
||||||
MYSQL_DATABASE: authelia
|
|
||||||
MYSQL_USER: authelia
|
|
||||||
MYSQL_INITDB_SKIP_TZINFO: 1
|
|
||||||
networks:
|
|
||||||
- authelia
|
|
||||||
healthcheck:
|
|
||||||
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"]
|
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 3
|
retries: 3
|
||||||
|
depends_on:
|
||||||
|
- authelia
|
||||||
|
|
||||||
######## Networks ########
|
######## Networks ########
|
||||||
networks:
|
networks:
|
||||||
|
@ -87,5 +38,4 @@ networks:
|
||||||
external: true
|
external: true
|
||||||
######## Volumes ########
|
######## Volumes ########
|
||||||
volumes:
|
volumes:
|
||||||
authelia_data:
|
acme_data:
|
||||||
db:
|
|
||||||
|
|
Loading…
Reference in a new issue