testing authelia and traefik

proxy/compose.yml

@@ -0,0 +1,105 @@
+---
+networks:
+  authelia:
+  reverseproxy:
+      external: true
+
+services:
+  authelia:
+    image: 'authelia/authelia'
+    container_name: 'authelia'
+    volumes:
+      - './authelia:/config'
+    networks:
+      - authelia
+      - reverseproxy
+    labels:
+      traefik.enable: 'true'
+      traefik.http.routers.authelia.rule: 'Host(`authelia.akanealw.com`)'
+      traefik.http.routers.authelia.entrypoints: 'https'
+      traefik.http.routers.authelia.tls: 'true'
+      traefik.http.routers.authelia.tls.certresolver: 'letsencrypt'
+      traefik.http.middlewares.authelia.forwardauth.address: 'http://authelia:9091/api/authz/forward-auth'  # yamllint disable-line rule:line-length
+      traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: 'true'
+      traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: 'Remote-User,Remote-Groups,Remote-Name,Remote-Email'  # yamllint disable-line rule:line-length
+    restart: 'unless-stopped'
+    healthcheck:
+      ## In production the healthcheck section should be commented.
+      disable: true
+    environment:
+      TZ: 'American/Chicago'
+
+  redis:
+    image: 'redis:alpine'
+    container_name: 'redis'
+    volumes:
+      - './redis:/data'
+    networks:
+      - authelia
+      - bridge
+    restart: 'unless-stopped'
+    environment:
+      TZ: 'America/Chicago'
+
+  traefik:
+    image: 'traefik:v3.3.4'
+    container_name: 'traefik'
+    volumes:
+      - './traefik:/etc/traefik'
+      - '/var/run/docker.sock:/var/run/docker.sock'
+    networks:
+      - reverseproxy
+    labels:
+      traefik.enable: 'true'
+      traefik.http.routers.api.rule: 'Host(`traefik.akanealw.com`)'
+      traefik.http.routers.api.entrypoints: 'https'
+      traefik.http.routers.api.service: 'api@internal'
+      traefik.http.routers.api.tls: 'true'
+      traefik.http.routers.api.tls.certresolver: 'letsencrypt'
+      traefik.http.routers.api.middlewares: 'authelia@docker'
+    ports:
+      - '80:80'
+      - '443:443'
+    command:
+      - '--api'
+      - '--providers.docker=true'
+      - '--providers.docker.exposedByDefault=false'
+      - '--entrypoints.http=true'
+      - '--entrypoints.http.address=:80'
+      - '--entrypoints.http.http.redirections.entrypoint.to=https'
+      - '--entrypoints.http.http.redirections.entrypoint.scheme=https'
+      - '--entrypoints.https=true'
+      - '--entrypoints.https.address=:443'
+      - '--certificatesResolvers.letsencrypt.acme.email=akanealw@gmail.com'
+      - '--certificatesResolvers.letsencrypt.acme.storage=/etc/traefik/acme.json'
+      - '--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http'
+      - '--log=true'
+      - '--log.level=DEBUG'
+
+  secure:
+    image: 'traefik/whoami'
+    container_name: 'secure'
+    networks:
+      - reverseproxy
+    labels:
+      traefik.enable: 'true'
+      traefik.http.routers.secure.rule: 'Host(`secure.akanealw.com`)'
+      traefik.http.routers.secure.entrypoints: 'https'
+      traefik.http.routers.secure.tls: 'true'
+      traefik.http.routers.secure.tls.certresolver: 'letsencrypt'
+      traefik.http.routers.secure.middlewares: 'authelia@docker'
+    restart: 'unless-stopped'
+
+  public:
+    image: 'traefik/whoami'
+    container_name: 'public'
+    networks:
+      - reverseproxy
+    labels:
+      traefik.enable: 'true'
+      traefik.http.routers.public.rule: 'Host(`public.akanealw.com`)'
+      traefik.http.routers.public.entrypoints: 'https'
+      traefik.http.routers.public.tls: 'true'
+      traefik.http.routers.public.tls.certresolver: 'letsencrypt'
+      traefik.http.routers.public.middlewares: 'authelia@docker'
+    restart: 'unless-stopped'