services: ######## traefik ######## traefik: container_name: traefik image: "traefik:v3.2.0" restart: unless-stopped pull_policy: missing volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik.yml:/etc/traefik/traefik.yml - ./file-provider.yml:/etc/traefik/file-provider.yml - acme_data:/etc/traefik/acme networks: - traefik ports: - "80:80" # HTTP - "8081:8080" # Web-GUI - "443:443" # HTTPS - "2222:2222" # SSH environment: TZ: Europe/Berlin healthcheck: test: ["CMD", "traefik", "healthcheck", "--ping"] interval: 30s timeout: 10s retries: 3 ######## authelia ######## authelia: image: authelia/authelia:4.38.17 container_name: authelia restart: unless-stopped pull_policy: missing environment: TZ: Europe/Berlin volumes: - ./configuration.yml:/config/configuration.yml - authelia_data:/data labels: traefik.enable: true' traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`) traefik.http.services.authelia.loadbalancer.server.port: 80 traefik.http.routers.authelia.tls: true traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt traefik.http.routers.authelia.entrypoints: entry_https traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net' traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true' traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email' depends_on: - authelia-redis authelia-redis: # version!!!! image: redis:7 container_name: authelia-redis restart: unless-stopped pull_policy: missing environment: TZ: Europe/Berlin ######## Networks ######## networks: traefik: external: true ######## Volumes ######## volumes: acme_data: authelia_data: # passwd # echo ":$(mkpasswd -m sha-512 )" # kann weg # TODO # ldap user: https://www.authelia.com/configuration/first-factor/ldap/ # test mit whoami # doku: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker # healtchecks # munin # keepass aufraumen # secrets