homeserver/docker-compose/traefik/docker-compose.yml.j2
2024-11-10 11:58:41 +01:00

98 lines
2.6 KiB
Django/Jinja

# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
services:
######## traefik ########
traefik:
container_name: traefik
image: "traefik:v3.2.0"
restart: unless-stopped
pull_policy: missing
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml
- ./file-provider.yml:/etc/traefik/file-provider.yml
- acme_data:/etc/traefik/acme
networks:
- traefik
ports:
- "80:80" # HTTP
- "8081:8080" # Web-GUI
- "443:443" # HTTPS
- "2222:2222" # SSH
environment:
TZ: Europe/Berlin
healthcheck:
test: ["CMD", "traefik", "healthcheck", "--ping"]
interval: 30s
timeout: 10s
retries: 3
######## authelia ########
authelia:
image: authelia/authelia:4.38.17
container_name: authelia
restart: unless-stopped
pull_policy: missing
environment:
TZ: Europe/Berlin
volumes:
- ./configuration.yml:/config/configuration.yml
- ./users_database.yml:/config/users_database.yml
- authelia_data:/data
labels:
traefik.enable: true
traefik.http.routers.authelia.rule: Host(`auth.mgrote.net`)
traefik.http.services.authelia.loadbalancer.server.port: 9091
traefik.http.routers.authelia.tls: true
traefik.http.routers.authelia.tls.certresolver: resolver_letsencrypt
traefik.http.routers.authelia.entrypoints: entry_https
traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.mgrote.net
traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: true
traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
depends_on:
- authelia-redis
networks:
- traefik
- postfix
- authelia
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://authelia:9091"]
interval: 30s
timeout: 10s
retries: 3
authelia-redis: # version!!!!
image: redis:7
container_name: authelia-redis
restart: unless-stopped
pull_policy: missing
environment:
TZ: Europe/Berlin
networks:
- authelia
healthcheck:
test: ["CMD", "redis-cli", "--no-auth-warning", "ping"]
interval: 5s
timeout: 2s
retries: 3
######## Networks ########
networks:
authelia:
traefik:
external: true
postfix:
external: true
######## Volumes ########
volumes:
acme_data:
authelia_data:
# TODO
# keepass aufraumen
# docs lesen
# ldap gruppe per app
# weitere seiten?
# registry-ui
# munin
# traefik