networks: authelia: name: authelia reverse-proxy: name: reverse-proxy external: true services: authelia: container_name: authelia image: authelia/authelia:latest restart: unless-stopped depends_on: - postgres - redis volumes: - ./config:/config networks: - reverse-proxy - authelia expose: - 9091 environment: AUTHELIA_JWT_SECRET_FILE: /config/secrets/JWT_SECRET AUTHELIA_SESSION_SECRET_FILE: /config/secrets/SESSION_SECRET AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /config/secrets/SMTP_PASSWORD AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /config/secrets/STORAGE_ENCRYPTION_KEY AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /config/secrets/STORAGE_PASSWORD AUTHELIA_SESSION_REDIS_PASSWORD_FILE: /config/secrets/REDIS_PASSWORD labels: caddy_9091: auth.akanealw.com caddy_9091.reverse_proxy: "{{upstreams 9091}}" postgres: container_name: postgres image: postgres:15 restart: unless-stopped volumes: - ./postgres:/var/lib/postgresql/data networks: - authelia environment: POSTGRES_USER: "authelia" POSTGRES_PASSWORD: "8RXS4KPhejCw7OaqrtOhdgaUN4k9rPOcK4sUDBvIQ6q8BDNFWo4l47RXtY7Itkic" redis: container_name: redis image: redis:7 networks: - authelia restart: unless-stopped command: "redis-server --save 60 1 --loglevel warning --requirepass t7SxQuf48cUu1XLBNKLbWGBJzEUSMnaWMd9a1QRqoXyhajcPQObfX0so9M2Mklxn" volumes: - ./redis:/data caddy: container_name: caddy build: . restart: always environment: CADDY_INGRESS_NETWORKS: reverse-proxy volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./caddy/data:/data/caddy - ./caddy/config:/config/caddy networks: - reverse-proxy ports: - 80:80 - 443:443 extra_hosts: - host.docker.internal:host-gateway caddy-config: container_name: caddy-config image: traefik/whoami:latest networks: - reverse-proxy restart: always labels: ############################################# # Settings and snippets to get things working # You shouldn't need to modify this normally # Custom settings and definitions are below ############################################# #### Global Settings #### caddy_0.email: akanealw@gmail.com caddy_0.auto_https: prefer_wildcard #### Snippets #### # Get wildcard certificate caddy_1: (wildcard) caddy_1.tls.dns: "cloudflare cAPH9-QQPzljKAEMurHpRbJ2sS5DqPO1iWIuW8fq" caddy_1.tls.resolvers: 1.1.1.1 1.0.0.1 caddy_1.handle.abort: "" # Secure a site with Authelia caddy_2: (auth) caddy_2.forward_auth: "authelia:9091" caddy_2.forward_auth.uri: /api/verify?rd=https://auth.akanealw.com caddy_2.forward_auth.copy_headers : Remote-User Remote-Groups Remote-Name Remote-Email # Skip TLS verify for backend with self-signed HTTPS caddy_3: (https) caddy_3.transport: http caddy_3.transport.tls: "" caddy_3.transport.tls_insecure_skip_verify: "" ########################################### # Custom settings. Modify things below : # Make sure they have unique label numbers ########################################### # Custom global settings, add/edit as needed # caddy_0.log: default # caddy_0.log.format: console # Uncomment this during testing to avoid hitting rate limit. # It will try to obtain SSL from Let's Encrypt's staging endpoint. # acme_ca: "https://acme-staging-v02.api.letsencrypt.org/directory" # Staging caddy_3005: akanealw.com caddy_3005.reverse_proxy: 192.168.1.30:3005 caddy_3005.import: auth ## Setup wildcard sites caddy_10: "*.akanealw.com" caddy_10.import: wildcard ## Wildcard domains caddy_20: whoami.akanealw.com caddy_20.reverse_proxy: "{{upstreams 80}}" caddy_20.import: auth caddy_8089: bitwarden.akanealw.com caddy_8089.reverse_proxy: "{{upstreams 8089}}" caddy_3000: gitea.akanealw.com caddy_3000.reverse_proxy: 192.168.1.50:3000 caddy_3001: gitea-docker.akanealw.com caddy_3001.reverse_proxy: "{{upstreams 3001}}" caddy_3232: linkwarden.akanealw.com caddy_3232.reverse_proxy: "{{upstreams 3232}}" caddy_30012: codeserver.akanealw.com caddy_30012.reverse_proxy: 192.168.1.50:3001 caddy_30012.import: auth