init

docker-compose.yml

@@ -0,0 +1,99 @@
+services:
+  traefik:
+    image: traefik:v3.0.2
+    container_name: traefik
+    restart: unless-stopped
+    cap_add:
+      - NET_BIND_SERVICE
+    security_opt:
+      - no-new-privileges:true
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.entrypoints=https"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
+      - "traefik.http.routers.traefik.tls=true"
+      - "traefik.http.routers.traefik.tls.options=default"
+      - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.middlewares=authelia@docker"
+      - "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      # global redirect to https
+      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.entrypoints=http"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./data/traefik/traefik.yaml:/traefik.yml:ro
+      - ./data/traefik/acme.json:/acme.json
+      - ./data/logs/stdout.log:/data/stdout.log:rw
+      - ./data/logs/access.log:/data/access.log:rw
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - webproxy
+      - authelia
+
+  authelia:
+    container_name: authelia
+    image: authelia/authelia:4.38.8
+    restart: unless-stopped
+    healthcheck:
+      disable: true
+    command:
+      - 'authelia'
+      - '--config=/config/configuration.yml'
+      - '--config=/config/access_control.yml'
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=webproxy"
+      - "traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)"
+      - "traefik.http.routers.authelia.entrypoints=https"
+      - "traefik.http.routers.authelia.tls=true"
+      - "traefik.http.routers.authelia.tls.certresolver=letsEncrypt"
+      - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https%3A%2F%2Fauth.${DOMAIN}%2F'
+      - "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
+      - "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email"
+      - "traefik.http.routers.authelia.middlewares=redirect-to-https"
+    environment:
+      TZ: "Asia/Novosibirsk"
+      AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /secrets/smtp-pass.key
+    volumes:
+      - ./data/authelia:/config
+      - ./data/authelia/secrets:/secrets
+    networks:
+      - webproxy
+      - authelia
+
+  redis:
+    image: redis:alpine
+    restart: unless-stopped
+    container_name: redis
+    volumes:
+      - ./data/redis:/data
+    networks:
+      - authelia
+
+  nginx1:
+    image: nginx
+    restart: unless-stopped
+    container_name: nginx1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=webproxy"
+      - "traefik.http.routers.nginx.rule=Host(`test1.${DOMAIN}`)"
+      - "traefik.http.routers.nginx.entrypoints=https"
+      - "traefik.http.routers.nginx.tls=true"
+      - "traefik.http.routers.nginx.tls.certresolver=letsEncrypt"
+      - "traefik.http.routers.nginx.middlewares=authelia@docker"
+    networks:
+      - authelia
+      - webproxy
+
+networks:
+  authelia:
+    name: authelia-net
+  webproxy:
+    name: webproxy