diff --git a/proxy/.env b/proxy/.env new file mode 100644 index 0000000..e69de29 diff --git a/proxy/compose.yml b/proxy/compose.yml new file mode 100644 index 0000000..b59822e --- /dev/null +++ b/proxy/compose.yml @@ -0,0 +1,105 @@ +--- +networks: + authelia: + reverseproxy: + external: true + +services: + authelia: + image: 'authelia/authelia' + container_name: 'authelia' + volumes: + - './authelia:/config' + networks: + - authelia + - reverseproxy + labels: + traefik.enable: 'true' + traefik.http.routers.authelia.rule: 'Host(`authelia.akanealw.com`)' + traefik.http.routers.authelia.entrypoints: 'https' + traefik.http.routers.authelia.tls: 'true' + traefik.http.routers.authelia.tls.certresolver: 'letsencrypt' + traefik.http.middlewares.authelia.forwardauth.address: 'http://authelia:9091/api/authz/forward-auth' # yamllint disable-line rule:line-length + traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: 'true' + traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: 'Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length + restart: 'unless-stopped' + healthcheck: + ## In production the healthcheck section should be commented. + disable: true + environment: + TZ: 'American/Chicago' + + redis: + image: 'redis:alpine' + container_name: 'redis' + volumes: + - './redis:/data' + networks: + - authelia + - bridge + restart: 'unless-stopped' + environment: + TZ: 'America/Chicago' + + traefik: + image: 'traefik:v3.3.4' + container_name: 'traefik' + volumes: + - './traefik:/etc/traefik' + - '/var/run/docker.sock:/var/run/docker.sock' + networks: + - reverseproxy + labels: + traefik.enable: 'true' + traefik.http.routers.api.rule: 'Host(`traefik.akanealw.com`)' + traefik.http.routers.api.entrypoints: 'https' + traefik.http.routers.api.service: 'api@internal' + traefik.http.routers.api.tls: 'true' + traefik.http.routers.api.tls.certresolver: 'letsencrypt' + traefik.http.routers.api.middlewares: 'authelia@docker' + ports: + - '80:80' + - '443:443' + command: + - '--api' + - '--providers.docker=true' + - '--providers.docker.exposedByDefault=false' + - '--entrypoints.http=true' + - '--entrypoints.http.address=:80' + - '--entrypoints.http.http.redirections.entrypoint.to=https' + - '--entrypoints.http.http.redirections.entrypoint.scheme=https' + - '--entrypoints.https=true' + - '--entrypoints.https.address=:443' + - '--certificatesResolvers.letsencrypt.acme.email=akanealw@gmail.com' + - '--certificatesResolvers.letsencrypt.acme.storage=/etc/traefik/acme.json' + - '--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http' + - '--log=true' + - '--log.level=DEBUG' + + secure: + image: 'traefik/whoami' + container_name: 'secure' + networks: + - reverseproxy + labels: + traefik.enable: 'true' + traefik.http.routers.secure.rule: 'Host(`secure.akanealw.com`)' + traefik.http.routers.secure.entrypoints: 'https' + traefik.http.routers.secure.tls: 'true' + traefik.http.routers.secure.tls.certresolver: 'letsencrypt' + traefik.http.routers.secure.middlewares: 'authelia@docker' + restart: 'unless-stopped' + + public: + image: 'traefik/whoami' + container_name: 'public' + networks: + - reverseproxy + labels: + traefik.enable: 'true' + traefik.http.routers.public.rule: 'Host(`public.akanealw.com`)' + traefik.http.routers.public.entrypoints: 'https' + traefik.http.routers.public.tls: 'true' + traefik.http.routers.public.tls.certresolver: 'letsencrypt' + traefik.http.routers.public.middlewares: 'authelia@docker' + restart: 'unless-stopped'