added authelia and removed authentik

.env

@@ -1,13 +0,0 @@
-#GLOBAL SETTINGS
-COMPOSE_HTTP_TIMEOUT=120
-COMPOSE_IGNORE_ORPHANS=1
-DOCKER_CONFIGS=.
-DOCKERGID=999
-DOCKERHOSTNAME=ReverseProxy
-DOCKERLOGGING_MAXFILE=10
-DOCKERLOGGING_MAXSIZE=200k
-SERVERIP=192.168.1.91
-PGID=1000
-PUID=1000
-UMASK=000
-TZ=America/Chicago

authelia/compose.yml

@@ -0,0 +1,31 @@
+services:
+  authelia:
+    image: 'authelia/authelia'
+    container_name: 'authelia'
+    volumes:
+      - './config:/config'
+    networks:
+      - authelia
+      - reverse-proxy
+    restart: 'unless-stopped'
+    healthcheck:
+      disable: true
+    environment:
+      TZ: 'America/Chicago'
+
+  redis:
+    image: 'redis:alpine'
+    container_name: 'redis'
+    volumes:
+      - './redis:/data'
+    networks:
+      - authelia
+    restart: 'unless-stopped'
+    environment:
+      TZ: 'America/Chicago'
+
+networks:
+  authelia:
+    name: authelia
+  reverse-proxy:
+    external: true

authelia/config/configuration.yml

@@ -0,0 +1,124 @@
+---
+###############################################################
+#                   Authelia configuration                    #
+###############################################################
+
+theme: dark
+
+server:
+  address: 'tcp://:9091'
+  endpoints:
+    authz:
+      forward-auth:
+        implementation: 'ForwardAuth'
+
+log:
+  level: 'info'
+
+totp:
+  issuer: 'authelia.com'
+
+identity_validation:
+  reset_password:
+    jwt_secret: '2b8a78f3ac1784ef6aab3899c663e1010c60d3a9de694550879da349fe222923'
+
+authentication_backend:
+  file:
+    path: '/config/users_database.yml'
+
+# access_control:
+#   default_policy: 'deny'
+#   rules:
+#     # Rules applied to everyone
+#     - domain: 'public.example.com'
+#       policy: 'bypass'
+#     - domain: 'traefik.example.com'
+#       policy: 'one_factor'
+#     - domain: 'secure.example.com'
+#       policy: 'two_factor'
+
+access_control:
+  default_policy: deny
+  networks:
+    - name: internal
+      networks:
+      - '10.0.0.0/8'
+      - '172.16.0.0/12'
+      - '192.168.0.0/16'
+  rules:
+    ## bypass all domains and subdomains from local ips
+    - domain:
+      - aknlw.com
+      - akanealw.com
+      - "*.akanealw.com"
+      networks:
+      - 'internal'
+      policy: bypass
+    # bypass api for subdomains
+    - domain: 
+      - "*.akanealw.com"
+      resources:
+      - "^/api([/?].*)?$"
+      - "^/add([/?].*)?$"  
+      - "^/public([/?].*)?$"        
+      policy: bypass
+    # bypass specific subdomains
+    - domain:
+      - aknlw.com
+      - bitwarden.akanealw.com
+      - gitea.akanealw.com
+      - nextcloud.akanealw.com
+      policy: bypass
+    # bypass filebrowser shares
+    - domain:
+        - "filebrowser.akanealw.com"
+      resources:
+        - "^/api([/?].*)?$"
+        - "^/share([/?].*)?$"
+        - "^/static([/?].*)?$"
+      policy: bypass
+    # two_factor subdomains
+    - domain: 
+      - akanealw.com
+      - "*.akanealw.com"
+      policy: two_factor
+
+session:
+  secret: 'ffc343d98b87910edcddb1f0dac4b492b62e29b5eafa92f1c213f37c4669f243'
+
+  cookies:
+    - name: 'authelia_session'
+      domain: 'akanealw.com'
+      authelia_url: 'https://auth.akanealw.com'
+      default_redirection_url: 'https://akanealw.com'
+      expiration: '1 hour'
+      inactivity: '5 minutes'
+
+  redis:
+    host: 'redis'
+    port: 6379
+    password: 'bc4eb8df73776ba7716aeb60c0023ef6136b80680bb8ea1cf6c51a326dea2c43'
+
+regulation:
+  max_retries: 3
+  find_time: '2 minutes'
+  ban_time: '5 minutes'
+
+storage:
+  encryption_key: 'cbd7570c1795cba61f05baf419b7cee23fa144d512bda2ea57ba300afa6b33bf'
+  local:
+    path: '/config/db.sqlite3'
+
+notifier:
+  smtp:
+    username: 'akanealw@gmail.com'
+    password: 'qlvmffuzpscltdgz'
+    address: 'smtp://smtp.gmail.com:587'
+    sender: 'akanealw@gmail.com'
+
+ntp:
+  address: 'udp://time.windows.com:123'
+  version: 3
+  max_desync: '3s'
+  disable_startup_check: false
+  disable_failure: false

authelia/config/users_database.yml

@@ -0,0 +1,16 @@
+###############################################################
+#                         Users Database                      #
+###############################################################
+
+# This file can be used if you do not have an LDAP set up.
+
+# List of users
+users:
+  akanealw:
+    disabled: false
+    displayname: 'akanealw'
+    password: '$argon2id$v=19$m=65536,t=3,p=4$OdUFS5B8+7p5cuaE7TJ1Ig$fiMUt1PjTo65xltKyDfcwiu1yOPlO3G2X04CZCQFWig'
+    email: 'akanealw@gmail.com'
+    groups:
+      - 'admins'
+      - 'dev'

pangolin/compose.yml

@@ -0,0 +1,48 @@
+services:
+  pangolin:
+    image: fosrl/pangolin:1.3.1
+    container_name: pangolin
+    restart: unless-stopped
+    networks:
+      - reverse-proxy
+    volumes:
+      - ./config:/app/config
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
+      interval: "10s"
+      timeout: "10s"
+      retries: 15
+
+  traefik:
+    image: traefik:v3.3.6
+    container_name: traefik
+    restart: unless-stopped
+    environment:
+      CLOUDFLARE_DNS_API_TOKEN: "JSXyIqcHpMvDiIoZfQmlH7R2f6dKW92O8Buz_x3X"
+    networks:
+      - reverse-proxy
+    ports:
+      - 443:443
+      - 80:80
+    depends_on:
+      pangolin:
+        condition: service_healthy
+    command:
+      - --configFile=/etc/traefik/traefik_config.yml
+    volumes:
+      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
+      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
+      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
+
+  whoami:
+    image: traefik/whoami
+    container_name: whoami
+    networks:
+      - reverse-proxy
+
+networks:
+  authentik:
+    name: authentik
+  reverse-proxy:
+    external: true
+    

pangolin/docker-compose.yml

@@ -1,150 +0,0 @@
-services:
-  authentik-server:
-    image: ghcr.io/goauthentik/server:2025.2.2
-    container_name: authentik-server
-    command: server
-    environment:
-      - AUTHENTIK_REDIS__HOST=authentik-redis
-      - AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
-      - AUTHENTIK_POSTGRESQL__USER=authentik
-      - AUTHENTIK_POSTGRESQL__NAME=authentik
-      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
-      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
-      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
-      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
-      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
-      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
-      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
-      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
-      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
-    ports:
-      - 9000:9000
-      - 9443:9443
-    networks:
-      - authentik
-      - reverse-proxy
-    volumes:
-      - ./config/authentik/media:/media
-      - ./config/authentik/custom-templates:/templates
-    depends_on:
-      - authentik-postgres
-      - authentik-redis
-    restart: unless-stopped
-
-  authentik-worker:
-    image: ghcr.io/goauthentik/server:2025.2.2
-    container_name: authentik-worker
-    command: worker
-    environment:
-      - AUTHENTIK_REDIS__HOST=authentik-redis
-      - AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
-      - AUTHENTIK_POSTGRESQL__USER=authentik
-      - AUTHENTIK_POSTGRESQL__NAME=authentik
-      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
-      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
-      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
-      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
-      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
-      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
-      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
-      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
-      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
-    networks:
-      - authentik
-      - reverse-proxy
-    user: root
-    volumes:
-      - /run/docker.sock:/run/docker.sock
-      - ./config/authentik/media:/media
-      - ./config/authentik/certs:/certs
-      - ./config/authentik/custom-templates:/templates
-    depends_on:
-      - authentik-postgres
-      - authentik-redis
-    restart: unless-stopped
-
-  authentik-redis:
-    image: docker.io/library/redis:7.4.2
-    container_name: authentik-redis
-    command: --save 60 1 --loglevel warning
-    healthcheck:
-      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 3s
-    networks:
-      - authentik
-    volumes:
-      - ./config/authentik/redis:/data
-    restart: unless-stopped
-
-  authentik-postgres:
-    image: docker.io/library/postgres:17.4
-    container_name: authentik-postgres
-    environment:
-      - POSTGRES_USER=authentik
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB=authentik
-      - TZ=${TZ}
-    healthcheck:
-      test: ['CMD-SHELL', 'pg_isready -U "authentik"']
-      start_period: 30s
-      interval: 10s
-      timeout: 10s
-      retries: 5
-    networks:
-        - authentik
-    volumes:
-      - ./config/authentik/postgres:/var/lib/postgresql/data
-    restart: unless-stopped
-
-  pangolin:
-    image: fosrl/pangolin:1.3.1
-    container_name: pangolin
-    restart: unless-stopped
-    networks:
-      - reverse-proxy
-    volumes:
-      - ./config:/app/config
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
-      interval: "10s"
-      timeout: "10s"
-      retries: 15
-
-  traefik:
-    image: traefik:v3.3.6
-    container_name: traefik
-    restart: unless-stopped
-    environment:
-      CLOUDFLARE_DNS_API_TOKEN: "JSXyIqcHpMvDiIoZfQmlH7R2f6dKW92O8Buz_x3X"
-    networks:
-      - reverse-proxy
-    ports:
-      - 443:443
-      - 80:80
-    depends_on:
-      pangolin:
-        condition: service_healthy
-    command:
-      - --configFile=/etc/traefik/traefik_config.yml
-    volumes:
-      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
-      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
-      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
-
-  whoami:
-    image: traefik/whoami
-    container_name: whoami
-    networks:
-      - reverse-proxy
-
-networks:
-  authentik:
-    name: authentik
-  reverse-proxy:
-    external: true
-