100 lines
3.4 KiB
YAML
100 lines
3.4 KiB
YAML
services:
|
|
traefik:
|
|
image: traefik:v3.0.2
|
|
container_name: traefik
|
|
restart: unless-stopped
|
|
cap_add:
|
|
- NET_BIND_SERVICE
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.traefik.entrypoints=https"
|
|
- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
|
|
- "traefik.http.routers.traefik.tls=true"
|
|
- "traefik.http.routers.traefik.tls.options=default"
|
|
- "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
|
|
- "traefik.http.routers.traefik.service=api@internal"
|
|
- "traefik.http.routers.traefik.middlewares=authelia@docker"
|
|
- "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
|
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
|
# global redirect to https
|
|
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
|
- "traefik.http.routers.http-catchall.entrypoints=http"
|
|
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
|
|
volumes:
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ./data/traefik/traefik.yaml:/traefik.yml:ro
|
|
- ./data/traefik/acme.json:/acme.json
|
|
- ./data/logs/stdout.log:/data/stdout.log:rw
|
|
- ./data/logs/access.log:/data/access.log:rw
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
networks:
|
|
- webproxy
|
|
- authelia
|
|
|
|
authelia:
|
|
container_name: authelia
|
|
image: authelia/authelia:4.38.8
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
disable: true
|
|
command:
|
|
- 'authelia'
|
|
- '--config=/config/configuration.yml'
|
|
- '--config=/config/access_control.yml'
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=webproxy"
|
|
- "traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)"
|
|
- "traefik.http.routers.authelia.entrypoints=https"
|
|
- "traefik.http.routers.authelia.tls=true"
|
|
- "traefik.http.routers.authelia.tls.certresolver=letsEncrypt"
|
|
- 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https%3A%2F%2Fauth.${DOMAIN}%2F'
|
|
- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
|
|
- "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email"
|
|
- "traefik.http.routers.authelia.middlewares=redirect-to-https"
|
|
environment:
|
|
TZ: "Asia/Novosibirsk"
|
|
AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /secrets/smtp-pass.key
|
|
volumes:
|
|
- ./data/authelia:/config
|
|
- ./data/authelia/secrets:/secrets
|
|
networks:
|
|
- webproxy
|
|
- authelia
|
|
|
|
redis:
|
|
image: redis:alpine
|
|
restart: unless-stopped
|
|
container_name: redis
|
|
volumes:
|
|
- ./data/redis:/data
|
|
networks:
|
|
- authelia
|
|
|
|
nginx1:
|
|
image: nginx
|
|
restart: unless-stopped
|
|
container_name: nginx1
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=webproxy"
|
|
- "traefik.http.routers.nginx.rule=Host(`test1.${DOMAIN}`)"
|
|
- "traefik.http.routers.nginx.entrypoints=https"
|
|
- "traefik.http.routers.nginx.tls=true"
|
|
- "traefik.http.routers.nginx.tls.certresolver=letsEncrypt"
|
|
- "traefik.http.routers.nginx.middlewares=authelia@docker"
|
|
networks:
|
|
- authelia
|
|
- webproxy
|
|
|
|
networks:
|
|
authelia:
|
|
name: authelia-net
|
|
webproxy:
|
|
name: webproxy
|