91 lines
2.4 KiB
YAML
91 lines
2.4 KiB
YAML
version: "3.5"
|
|
|
|
networks:
|
|
web:
|
|
# All containers that are router through traefik needs to be on this network
|
|
external: false
|
|
name: web
|
|
|
|
volumes:
|
|
authelia-config:
|
|
# Used for pre-processing of authelia configuration
|
|
|
|
services:
|
|
proxy:
|
|
container_name: traefik
|
|
image: traefik:v2.1
|
|
restart: always
|
|
environment:
|
|
- EMAIL
|
|
- PRIVATE_DOMAIN
|
|
- PUBLIC_DOMAIN
|
|
networks:
|
|
- web
|
|
command:
|
|
- "--configFile=/data/traefik.yaml"
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
# Open port 8080 for debugging emergencies
|
|
# - 8080:8080
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./traefik:/data
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.http.services.traefik.loadbalancer.server.port: 8080
|
|
|
|
traefik.http.routers.traefik.rule: Host(`traefik.${PRIVATE_DOMAIN}`)
|
|
traefik.http.routers.traefik.middlewares: auth@file
|
|
traefik.http.routers.traefik.tls.certResolver: le
|
|
|
|
authelia-config:
|
|
# Preprocess authelia configuration through gomplate
|
|
image: hairyhenderson/gomplate
|
|
environment:
|
|
- PRIVATE_DOMAIN
|
|
- PUBLIC_DOMAIN
|
|
volumes:
|
|
- ./authelia/configuration.yml:/data/input:ro
|
|
- authelia-config:/data/output
|
|
command: '--file=/data/input --out=/data/output/configuration.yml'
|
|
authelia:
|
|
container_name: authelia
|
|
image: authelia/authelia
|
|
restart: always
|
|
depends_on:
|
|
# config preprocessor should run first
|
|
- authelia-config
|
|
volumes:
|
|
- ./authelia:/opt/authelia
|
|
- authelia-config:/etc/authelia/
|
|
environment:
|
|
- ENVIRONMENT=dev
|
|
- NODE_TLS_REJECT_UNAUTHORIZED=1
|
|
networks:
|
|
- web
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.http.routers.authelia.rule: Host(`auth.${PRIVATE_DOMAIN}`)
|
|
traefik.http.routers.authelia.tls.certResolver: le
|
|
traefik.http.routers.authelia.entrypoints: websecure
|
|
|
|
# whoami-https:
|
|
# image: containous/whoami
|
|
# networks:
|
|
# - web
|
|
# labels:
|
|
# traefik.enable: true
|
|
# traefik.http.routers.wait-https.rule: Host(`wai-https.${PRIVATE_DOMAIN}`)
|
|
# traefik.http.routers.wait-https.tls.certResolver: le
|
|
|
|
# whoami-auth:
|
|
# image: containous/whoami
|
|
# networks:
|
|
# - web
|
|
# labels:
|
|
# traefik.enable: true
|
|
# traefik.http.routers.wai-auth.rule: Host(`wai-auth.${PRIVATE_DOMAIN}`)
|
|
# traefik.http.routers.wai-auth.tls.certResolver: le
|
|
# traefik.http.routers.wai-auth.middlewares: auth@file
|