81 lines
2.2 KiB
Django/Jinja
81 lines
2.2 KiB
Django/Jinja
---
|
|
version: "3.8"
|
|
services:
|
|
######## App ########
|
|
authelia:
|
|
container_name: authelia-app
|
|
image: docker.io/authelia/authelia:4
|
|
restart: always
|
|
networks:
|
|
- nw_aaa
|
|
- intern
|
|
- traefik
|
|
expose:
|
|
- 9091
|
|
ports:
|
|
- "9091:9091"
|
|
environment:
|
|
TZ: Europe/Berlin
|
|
AUTHELIA_STORAGE_ENCRYPTION_KEY: {{ lookup('keepass', 'AUTHELIA_STORAGE_ENCRYPTION_KEY', 'password') }}
|
|
volumes:
|
|
- ./config:/config
|
|
labels:
|
|
- com.centurylinklabs.watchtower.enable=true
|
|
- com.centurylinklabs.watchtower.depends-on=authelia-postgres,authelia-redis
|
|
|
|
- traefik.http.middlewares.authelia.forwardauth.address=http://authelia-app:9091/api/authz/forward-auth?authelia-url=http://auth.mgrote.net
|
|
- traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
|
|
- traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email
|
|
|
|
- traefik.enable=true
|
|
- traefik.http.routers.authelia.rule=Host(`auth.mgrote.net`)
|
|
- traefik.http.routers.authelia.tls=true
|
|
- traefik.http.routers.authelia.tls.certresolver=resolver_letsencrypt
|
|
- traefik.http.routers.authelia.entrypoints=entry_https
|
|
- traefik.http.services.authelia.loadbalancer.server.port=9091
|
|
|
|
|
|
######## PostGreSQL ########
|
|
db:
|
|
container_name: "authelia-postgres"
|
|
image: postgres:13
|
|
restart: always
|
|
environment:
|
|
- POSTGRES_USER=authelia
|
|
- POSTGRES_PASSWORD={{ lookup('keepass', 'AUTHELIA_STORAGE_POSTGRES_PASSWORD', 'password') }}
|
|
- TZ=Europe/Berlin
|
|
volumes:
|
|
- postgres:/var/lib/postgresql/data
|
|
networks:
|
|
- intern
|
|
labels:
|
|
- com.centurylinklabs.watchtower.enable=false
|
|
- com.centurylinklabs.watchtower.monitor-only=true
|
|
######## Redis ########
|
|
redis:
|
|
image: redis:alpine
|
|
container_name: authelia-redis
|
|
volumes:
|
|
- redis:/data
|
|
networks:
|
|
- intern
|
|
expose:
|
|
- 6379
|
|
restart: always
|
|
environment:
|
|
- TZ=Europe/Berlin
|
|
labels:
|
|
- com.centurylinklabs.watchtower.enable=true
|
|
|
|
|
|
networks:
|
|
nw_aaa:
|
|
external: true
|
|
intern:
|
|
traefik:
|
|
external: true
|
|
|
|
volumes:
|
|
postgres:
|
|
redis:
|