# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/ services: ######## traefik ######## traefik: container_name: traefik image: "traefik:v3.2.0" restart: unless-stopped pull_policy: missing volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik.yml:/etc/traefik/traefik.yml - ./file-provider.yml:/etc/traefik/file-provider.yml - acme_data:/etc/traefik/acme networks: - traefik ports: - "80:80" # HTTP - "8081:8080" # Web-GUI - "443:443" # HTTPS - "2222:2222" # SSH environment: TZ: Europe/Berlin healthcheck: test: ["CMD", "traefik", "healthcheck", "--ping"] interval: 30s timeout: 10s retries: 3 ######## authelia ######## authelia: image: authelia/authelia:4.38.17 container_name: authelia restart: unless-stopped pull_policy: missing environment: TZ: Europe/Berlin volumes: - ./configuration.yml:/config/configuration.yml - ./users_database.yml:/config/users_database.yml - authelia_data:/data labels: traefik.enable: true traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`) traefik.http.services.authelia.loadbalancer.server.port: 9091 traefik.http.routers.authelia.tls: true traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt traefik.http.routers.authelia.entrypoints: entry_https traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email depends_on: - authelia-redis networks: - traefik - postfix - authelia healthcheck: test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"] interval: 30s timeout: 10s retries: 3 authelia-redis: image: "redis:7.4.1" container_name: authelia-redis restart: unless-stopped pull_policy: missing environment: TZ: Europe/Berlin networks: - authelia healthcheck: test: ["CMD", "redis-cli", "--no-auth-warning", "ping"] interval: 5s timeout: 2s retries: 3 ######## Datenbank ######## authelia-db: image: "mariadb:11.5.2" container_name: authelia-db command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF restart: unless-stopped pull_policy: missing volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - db:/var/lib/mysql environment: MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}" MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}" MYSQL_DATABASE: authelia MYSQL_USER: authelia MYSQL_INITDB_SKIP_TZINFO: 1 networks: - authelia healthcheck: test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"] interval: 30s timeout: 10s retries: 3 ######## Networks ######## networks: authelia: traefik: external: true postfix: external: true ######## Volumes ######## volumes: acme_data: authelia_data: db: