135 lines
4.4 KiB
YAML
135 lines
4.4 KiB
YAML
networks:
|
|
authelia:
|
|
name: authelia
|
|
reverse-proxy:
|
|
name: reverse-proxy
|
|
external: true
|
|
|
|
services:
|
|
authelia:
|
|
container_name: authelia
|
|
image: authelia/authelia:latest
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- postgres
|
|
- redis
|
|
volumes:
|
|
- ./config:/config
|
|
networks:
|
|
- reverse-proxy
|
|
- authelia
|
|
expose:
|
|
- 9091
|
|
environment:
|
|
AUTHELIA_JWT_SECRET_FILE: /config/secrets/JWT_SECRET
|
|
AUTHELIA_SESSION_SECRET_FILE: /config/secrets/SESSION_SECRET
|
|
AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /config/secrets/SMTP_PASSWORD
|
|
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /config/secrets/STORAGE_ENCRYPTION_KEY
|
|
AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /config/secrets/STORAGE_PASSWORD
|
|
AUTHELIA_SESSION_REDIS_PASSWORD_FILE: /config/secrets/REDIS_PASSWORD
|
|
labels:
|
|
caddy: auth.akanealw.com # Public facing subdomain of Authelia
|
|
caddy.reverse_proxy: "{{upstreams 9091}}" # Authelia container port
|
|
|
|
postgres:
|
|
container_name: postgres
|
|
image: postgres:15
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ./postgres:/var/lib/postgresql/data
|
|
networks:
|
|
- authelia
|
|
environment:
|
|
POSTGRES_USER: "authelia"
|
|
POSTGRES_PASSWORD: "8RXS4KPhejCw7OaqrtOhdgaUN4k9rPOcK4sUDBvIQ6q8BDNFWo4l47RXtY7Itkic"
|
|
|
|
redis:
|
|
container_name: redis
|
|
image: redis:7
|
|
networks:
|
|
- authelia
|
|
restart: unless-stopped
|
|
command: "redis-server --save 60 1 --loglevel warning --requirepass t7SxQuf48cUu1XLBNKLbWGBJzEUSMnaWMd9a1QRqoXyhajcPQObfX0so9M2Mklxn"
|
|
volumes:
|
|
- ./redis:/data
|
|
|
|
caddy:
|
|
container_name: caddy
|
|
build: .
|
|
restart: always
|
|
environment:
|
|
CADDY_INGRESS_NETWORKS: reverse-proxy
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ./caddy/data:/data/caddy
|
|
- ./caddy/config:/config/caddy
|
|
networks:
|
|
- reverse-proxy
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
extra_hosts:
|
|
- host.docker.internal:host-gateway
|
|
|
|
caddy-config:
|
|
container_name: caddy-config
|
|
image: traefik/whoami:latest
|
|
networks:
|
|
- reverse-proxy
|
|
restart: always
|
|
labels:
|
|
#############################################
|
|
# Settings and snippets to get things working
|
|
# You shouldn't need to modify this normally
|
|
# Custom settings and definitions are below
|
|
#############################################
|
|
|
|
#### Global Settings ####
|
|
caddy_0.email: akanealw@gmail.com
|
|
caddy_0.auto_https: prefer_wildcard
|
|
|
|
#### Snippets ####
|
|
# Get wildcard certificate
|
|
caddy_1: (wildcard)
|
|
caddy_1.tls.dns: "cloudflare vGUPDgbV_61VAAnDV352Y4qTadmHf2m5ltJWFf-U"
|
|
caddy_1.tls.resolvers: 1.1.1.1 1.0.0.1
|
|
caddy_1.handle.abort: ""
|
|
|
|
# Secure a site with Authelia
|
|
caddy_2: (auth)
|
|
caddy_2.forward_auth: "authelia:9091"
|
|
caddy_2.forward_auth.uri: /api/verify?rd=https://auth.akanealw.com
|
|
caddy_2.forward_auth.copy_headers : Remote-User Remote-Groups Remote-Name Remote-Email
|
|
|
|
# Skip TLS verify for backend with self-signed HTTPS
|
|
caddy_3: (https)
|
|
caddy_3.transport: http
|
|
caddy_3.transport.tls: ""
|
|
caddy_3.transport.tls_insecure_skip_verify: ""
|
|
|
|
###########################################
|
|
# Custom settings. Modify things below :
|
|
# Make sure they have unique label numbers
|
|
###########################################
|
|
|
|
# Custom global settings, add/edit as needed
|
|
# caddy_0.log: default
|
|
# caddy_0.log.format: console
|
|
|
|
# Uncomment this during testing to avoid hitting rate limit.
|
|
# It will try to obtain SSL from Let's Encrypt's staging endpoint.
|
|
# acme_ca: "https://acme-staging-v02.api.letsencrypt.org/directory" # Staging
|
|
|
|
## Setup wildcard sites
|
|
caddy_10: "*.akanealw.com" # Change to your domain
|
|
caddy_10.import: wildcard
|
|
|
|
# Add our first site, which this container itself
|
|
caddy_20: whoami.akanealw.com # Subdomain using wildcard cert
|
|
caddy_20.reverse_proxy: "{{upstreams 80}}" # Container port
|
|
caddy_20.import: auth # Enable protection by Authelia
|
|
|
|
caddy_3005: akanealw.com # Subdomain using wildcard cert
|
|
caddy_3005.reverse_proxy: 192.168.1.30:3005 # LAN IP and port
|
|
caddy_3005.import: auth # Enable protection by Authelia
|