Add Homer dashboard
This commit is contained in:
parent
5d1b7c06c6
commit
e8cd50c857
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,7 +1,10 @@
|
|||||||
traefik/acme.json
|
traefik/acme.json
|
||||||
traefik/certs/
|
traefik/certs/
|
||||||
traefik/traefik.log
|
traefik/traefik.log
|
||||||
|
traefik/config/old.yaml
|
||||||
|
|
||||||
authelia/db.sqlite3
|
authelia/db.sqlite3
|
||||||
authelia/notification.txt
|
authelia/notification.txt
|
||||||
authelia/users_database.yml
|
authelia/users_database.yml
|
||||||
|
|
||||||
|
homer/
|
||||||
|
|||||||
@ -6,13 +6,12 @@ authentication_backend:
|
|||||||
file:
|
file:
|
||||||
path: /opt/authelia/users_database.yml
|
path: /opt/authelia/users_database.yml
|
||||||
|
|
||||||
# {{ env.Getenv "ROOT_DOMAIN" }}
|
|
||||||
session:
|
session:
|
||||||
name: authelia_session
|
name: authelia_session
|
||||||
secret: {{ env.Getenv "PRIVATE_DOMAIN" }}-token-secret
|
secret: {{ env.Getenv "PRIVATE_DOMAIN" }}-token-secret
|
||||||
domain: {{ env.Getenv "PRIVATE_DOMAIN" }}
|
domain: {{ env.Getenv "PRIVATE_DOMAIN" }}
|
||||||
expiration: 604800
|
expiration: 604800
|
||||||
inactivity: 300
|
inactivity: 172800
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
local:
|
local:
|
||||||
@ -22,9 +21,10 @@ totp:
|
|||||||
issuer: {{ env.Getenv "PRIVATE_DOMAIN" }}
|
issuer: {{ env.Getenv "PRIVATE_DOMAIN" }}
|
||||||
|
|
||||||
access_control:
|
access_control:
|
||||||
default_policy: two_factor
|
default_policy: one_factor
|
||||||
|
|
||||||
rules:
|
rules:
|
||||||
|
# Allow free access from local network
|
||||||
- domain: "*"
|
- domain: "*"
|
||||||
networks:
|
networks:
|
||||||
- 192.168.1.0/23
|
- 192.168.1.0/23
|
||||||
|
|||||||
@ -1,43 +1,52 @@
|
|||||||
version: "3.5"
|
version: "2.4"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
web:
|
web:
|
||||||
# All containers that are router through traefik needs to be on this network
|
# All containers that are router through traefik needs to be on this network
|
||||||
external: false
|
external: true
|
||||||
name: web
|
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
authelia-config:
|
authelia-config:
|
||||||
# Used for pre-processing of authelia configuration
|
# Used for pre-processing of authelia configuration
|
||||||
|
|
||||||
services:
|
services:
|
||||||
proxy:
|
autoheal:
|
||||||
|
container_name: autoheal
|
||||||
|
restart: always
|
||||||
|
image: willfarrell/autoheal
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
|
||||||
|
traefik:
|
||||||
container_name: traefik
|
container_name: traefik
|
||||||
image: traefik:v2.1
|
image: traefik
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
- EMAIL
|
- EMAIL
|
||||||
- PRIVATE_DOMAIN
|
- PRIVATE_DOMAIN
|
||||||
- PUBLIC_DOMAIN
|
- PUBLIC_DOMAIN
|
||||||
networks:
|
networks:
|
||||||
- web
|
web:
|
||||||
command:
|
command:
|
||||||
- "--configFile=/data/traefik.yaml"
|
- "--configFile=/data/traefik.yaml"
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
- 443:443
|
- 443:443
|
||||||
# Open port 8080 for debugging emergencies
|
# Open port 8080 for debugging emergencies
|
||||||
# - 8080:8080
|
- 8080:8080
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- ./traefik:/data
|
- ./traefik:/data
|
||||||
|
healthcheck:
|
||||||
|
# Sometimes, traefik loses connection to authelia. The only thing that works then is a restart, handled by autoheal.
|
||||||
|
test: ["CMD", "wget", "-O", "-", "authelia:9091/api/state"]
|
||||||
labels:
|
labels:
|
||||||
traefik.enable: true
|
traefik.enable: true
|
||||||
traefik.http.services.traefik.loadbalancer.server.port: 8080
|
traefik.http.services.traefik.loadbalancer.server.port: 8080
|
||||||
|
|
||||||
traefik.http.routers.traefik.rule: Host(`traefik.${PRIVATE_DOMAIN}`)
|
traefik.http.routers.traefik.rule: Host(`traefik.${PRIVATE_DOMAIN}`)
|
||||||
traefik.http.routers.traefik.middlewares: auth@file
|
traefik.http.routers.traefik.middlewares: auth@file
|
||||||
traefik.http.routers.traefik.tls.certResolver: le
|
traefik.http.routers.traefik.tls.certResolver: le
|
||||||
|
autoheal: "true"
|
||||||
|
|
||||||
authelia-config:
|
authelia-config:
|
||||||
# Preprocess authelia configuration through gomplate
|
# Preprocess authelia configuration through gomplate
|
||||||
@ -63,17 +72,37 @@ services:
|
|||||||
- ENVIRONMENT=dev
|
- ENVIRONMENT=dev
|
||||||
- NODE_TLS_REJECT_UNAUTHORIZED=1
|
- NODE_TLS_REJECT_UNAUTHORIZED=1
|
||||||
networks:
|
networks:
|
||||||
- web
|
web:
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "wget", "-O", "-", "127.0.0.1:9091/api/state"]
|
||||||
labels:
|
labels:
|
||||||
traefik.enable: true
|
traefik.enable: true
|
||||||
traefik.http.routers.authelia.rule: Host(`auth.${PRIVATE_DOMAIN}`)
|
traefik.http.routers.authelia.rule: Host(`auth.${PRIVATE_DOMAIN}`)
|
||||||
traefik.http.routers.authelia.tls.certResolver: le
|
traefik.http.routers.authelia.tls.certResolver: le
|
||||||
traefik.http.routers.authelia.entrypoints: websecure
|
traefik.http.routers.authelia.entrypoints: websecure
|
||||||
|
autoheal: "true"
|
||||||
|
|
||||||
|
homer:
|
||||||
|
container_name: homer
|
||||||
|
image: b4bz/homer
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- ./homer:/www/assets
|
||||||
|
environment:
|
||||||
|
UID: 1000
|
||||||
|
GID: 1001
|
||||||
|
networks:
|
||||||
|
web:
|
||||||
|
labels:
|
||||||
|
traefik.enable: true
|
||||||
|
traefik.http.routers.homer.rule: Host(`${PRIVATE_DOMAIN}`)
|
||||||
|
traefik.http.routers.homer.tls.certResolver: le
|
||||||
|
traefik.http.routers.homer.entrypoints: websecure
|
||||||
|
|
||||||
# whoami-https:
|
# whoami-https:
|
||||||
# image: containous/whoami
|
# image: containous/whoami
|
||||||
# networks:
|
# networks:
|
||||||
# - web
|
# web:
|
||||||
# labels:
|
# labels:
|
||||||
# traefik.enable: true
|
# traefik.enable: true
|
||||||
# traefik.http.routers.wait-https.rule: Host(`wai-https.${PRIVATE_DOMAIN}`)
|
# traefik.http.routers.wait-https.rule: Host(`wai-https.${PRIVATE_DOMAIN}`)
|
||||||
@ -82,7 +111,8 @@ services:
|
|||||||
# whoami-auth:
|
# whoami-auth:
|
||||||
# image: containous/whoami
|
# image: containous/whoami
|
||||||
# networks:
|
# networks:
|
||||||
# - web
|
# web:
|
||||||
|
# macvlan:
|
||||||
# labels:
|
# labels:
|
||||||
# traefik.enable: true
|
# traefik.enable: true
|
||||||
# traefik.http.routers.wai-auth.rule: Host(`wai-auth.${PRIVATE_DOMAIN}`)
|
# traefik.http.routers.wai-auth.rule: Host(`wai-auth.${PRIVATE_DOMAIN}`)
|
||||||
|
|||||||
@ -30,6 +30,9 @@ http:
|
|||||||
address: http://authelia:9091/api/verify?rd=https://auth.{{ env "PRIVATE_DOMAIN" }}/
|
address: http://authelia:9091/api/verify?rd=https://auth.{{ env "PRIVATE_DOMAIN" }}/
|
||||||
trustForwardHeader: true
|
trustForwardHeader: true
|
||||||
authResponseHeaders:
|
authResponseHeaders:
|
||||||
- X-Forwarded-User
|
- X-Remote-User
|
||||||
|
- Remote-User
|
||||||
|
- X-Remote-Groups
|
||||||
|
- Remote-Groups
|
||||||
tls:
|
tls:
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
|||||||
@ -1,6 +1,9 @@
|
|||||||
api:
|
api:
|
||||||
insecure: true
|
insecure: true
|
||||||
|
|
||||||
|
serversTransport:
|
||||||
|
insecureSkipVerify: true
|
||||||
|
|
||||||
providers:
|
providers:
|
||||||
file:
|
file:
|
||||||
directory: /data/config
|
directory: /data/config
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user