Renovate Bot
ed10c86ca1
This PR contains the following updates: | Package | Update | Change | |---|---|---| | nextcloud | pinDigest | -> `0d231d5` | | registry.mgrote.net/httpd | pinDigest | -> `4e99b75` | | [traefik](https://github.com/containous/traefik) | pinDigest | -> `81a73de` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNjguMiIsInVwZGF0ZWRJblZlciI6IjM3LjE2OC4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=--> Reviewed-on: #738 Co-authored-by: Renovate Bot <renovate@mgrote.net> Co-committed-by: Renovate Bot <renovate@mgrote.net>
66 lines
2 KiB
Django/Jinja
66 lines
2 KiB
Django/Jinja
version: '3'
|
|
services:
|
|
######## traefik ########
|
|
traefik:
|
|
container_name: traefik
|
|
image: "traefik:v3.0@sha256:81a73de0d19b6d61eb1f1e413d48835fe3c412f5ed3d9750dc3dab5c93519445"
|
|
restart: always
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ./traefik.yml:/etc/traefik/traefik.yml
|
|
- ./file-provider.yml:/etc/traefik/file-provider.yml
|
|
- acme_data:/etc/traefik/acme
|
|
networks:
|
|
- traefik
|
|
ports:
|
|
- "80:80" # HTTP
|
|
- "8081:8080" # Web-GUI
|
|
- "443:443" # HTTPS
|
|
- "2222:2222" # SSH
|
|
environment:
|
|
TZ: Europe/Berlin
|
|
labels:
|
|
com.centurylinklabs.watchtower.enable: true
|
|
healthcheck:
|
|
test: ["CMD", "traefik", "healthcheck", "--ping"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
######## nforwardauth ########
|
|
nforwardauth:
|
|
restart: always
|
|
image: "nosduco/nforwardauth:v1.4.0@sha256:16e38db002d27758bdc53c70ba12113d84158c758efe930c97c6e9e2bf612a5d"
|
|
container_name: traefik-nforwardauth
|
|
environment:
|
|
TOKEN_SECRET: "{{ lookup('keepass', 'nforwardauth_token_secret', 'password') }}"
|
|
AUTH_HOST: auth.mgrote.net
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.http.routers.nforwardauth.rule: Host(`auth.mgrote.net`)
|
|
|
|
traefik.http.middlewares.nforwardauth.forwardauth.address: http://nforwardauth:3000
|
|
|
|
traefik.http.services.nforwardauth.loadbalancer.server.port: 3000
|
|
traefik.http.routers.nforwardauth.tls: true
|
|
traefik.http.routers.nforwardauth.tls.certresolver: resolver_letsencrypt
|
|
traefik.http.routers.nforwardauth.entrypoints: entry_https
|
|
|
|
com.centurylinklabs.watchtower.depends-on: traefik
|
|
com.centurylinklabs.watchtower.enable: true
|
|
volumes:
|
|
- "./passwd:/passwd:ro" # Mount local passwd file at /passwd as read only
|
|
networks:
|
|
- traefik
|
|
|
|
######## Networks ########
|
|
networks:
|
|
traefik:
|
|
external: true
|
|
######## Volumes ########
|
|
volumes:
|
|
acme_data:
|
|
|
|
|
|
# passwd
|
|
# echo "<user>:$(mkpasswd -m sha-512 <password>)"
|