pub/traefik-tinyauth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Vassiliy Yegorov
2025-07-30 02:18:18 +00:00
commit 7ccaee4d6f
5 changed files with 146 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
logs/*
data/acme.json

17
README.md Normal file
View File

@@ -0,0 +1,17 @@
# Tinyauth
## Что нужно
суб домены:
- traefik.
- tinyauth.
- app1.
## генерация секрета tiny
openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32 && echo
## генерация юзеров
docker run --rm -it ghcr.io/steveiliop56/tinyauth:v3 user create --username admin --password pa4803w0rd | sed 's/\$/\$\$/g'

48
data/traefik.yml Normal file
View File

@@ -0,0 +1,48 @@
global:
checkNewVersion: true
log:
level: info
filePath: /data/stdout.log
format: common
accessLog:
filePath: "/data/access.log"
filters:
statusCodes:
- "500-505"
retryAttempts: true
minDuration: "10ms"
serversTransport:
insecureSkipVerify: true
api:
dashboard: true
entryPoints:
http:
address: ":80"
forwardedHeaders:
insecure: true
http:
redirections:
entryPoint:
to: "https"
scheme: "https"
permanent: true
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
letsEncrypt:
acme:
email: noreply@yandex.ru
storage: acme.json
httpChallenge:
entryPoint: http

73
docker-compose.yaml Normal file
View File

@@ -0,0 +1,73 @@
services:
traefik:
image: traefik
container_name: traefik
restart: unless-stopped
cap_add:
- NET_BIND_SERVICE
security_opt:
- no-new-privileges:true
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`traefik.lab.realmanual.ru`)"
- "traefik.http.routers.traefik.tls=true"
- 'traefik.http.routers.traefik.tls.options=default'
- "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
- 'traefik.http.middlewares.tinyauth.forwardauth.address=http://tinyauth:3000/api/auth/traefik'
- 'traefik.http.middlewares.tinyauth.forwardauth.trustForwardHeader=true'
- 'traefik.http.routers.traefik.middlewares=tinyauth'
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./logs/stdout.log:/data/stdout.log:rw
- ./logs/access.log:/data/access.log:rw
ports:
- 80:80
- 443:443
networks:
- webproxy
tinyauth:
container_name: tinyauth-ggsel
image: ghcr.io/steveiliop56/tinyauth:v3
restart: unless-stopped
environment:
- SECRET=dfmGGllQXsQ7U8KbJ47etByrVqWuiKvo
- APP_URL=https://tinyauth.lab.realmanual.ru
- USERS=admin:$$2a$$10$$arlbhE48xDt58L3a5aZc6.j4tGWrandXjwCPBUh8RzJI6ZeuA6Psy # pass: pa4803w0rd
- DISABLE_CONTINUE=true
- APP_TITLE=My best auth
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.tinyauth.entrypoints=https'
- "traefik.http.routers.tinyauth.tls.certresolver=letsEncrypt"
- 'traefik.http.routers.tinyauth.tls=true'
- 'traefik.http.routers.tinyauth.rule=Host(`tinyauth.lab.realmanual.ru`)'
- 'traefik.http.middlewares.tinyauth-ggsel.forwardauth.address=http://tinyauth:3000/api/auth/traefik'
- "traefik.docker.network=webproxy"
networks:
- webproxy
whoami:
image: traefik/whoami:latest
container_name: app1
restart: unless-stopped
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.whoami.entrypoints=https'
- "traefik.http.routers.whoami.tls.certresolver=letsEncrypt"
- 'traefik.http.routers.whoami.tls=true'
- 'traefik.http.routers.whoami.rule=Host(`app1.lab.realmanual.ru`)'
- 'traefik.http.routers.whoami.middlewares=tinyauth'
- "traefik.docker.network=webproxy"
networks:
- webproxy
networks:
webproxy:
name: webproxy

6
init.sh Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
touch data/acme.json
touch logs/access.log
touch logs/stdout.log
chmod 600 data/acme.json