added nas/traefik

nas/traefik/docker-compose.yml

@@ -0,0 +1,92 @@
+---
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    hostname: traefik
+    restart: unless-stopped
+
+    dns: 1.1.1.1
+
+    environment:
+      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
+      - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_KEY}
+
+    ports:
+      - mode: host
+        protocol: tcp
+        published: 80
+        target: 80
+      - mode: host
+        protocol: tcp
+        published: 443
+        target: 443
+
+    volumes:
+      - /volume1/docker/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
+      - /volume1/docker/traefik/custom:/etc/traefik/custom:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - certs:/letsencrypt
+
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.traefik.rule=Host(`traefik.nas.dudenhoeffer.casa`)'
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - 'entrypoints.websecure.http.tls=true'
+      - 'entrypoints.websecure.http.tls.certResolver=letsencrypt'
+      - 'entrypoints.websecure.http.tls.domains[0].main=nas.dudenhoeffer.casa'
+      - 'entrypoints.websecure.http.tls.domains[0].sans=*.nas.dudenhoeffer.casa'
+      - "traefik.http.routers.traefik.service=api@internal"
+      - 'traefik.http.routers.traefik.middlewares=strip'
+      - 'traefik.http.middlewares.strip.stripprefix.prefixes=/traefik'
+      - 'traefik.http.services.traefik.loadbalancer.server.port=8080'
+      - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https://login.nas.dudenhoeffer.casa/'
+      - 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
+      - 'certificatesresolvers.letsencrypt.acme.dnschallenge=true'
+      - 'certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare'
+      - 'certificatesresolvers.letsencrypt.acme.email=${CLOUDFLARE_EMAIL}'
+      - 'certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json'
+
+    networks:
+      - web
+
+  authelia:
+    image: authelia/authelia
+    container_name: authelia
+    volumes:
+      - authelia_config:/config
+      - /volume1/docker/authelia/configuration.yml:/config/configuration.yml:ro
+      - /volume1/docker/authelia/users_database.yml:/config/users_database.yml:ro
+
+    environment:
+      - TZ=${TIMEZONE}
+
+    networks:
+      - web
+
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.authelia.rule=Host(`login.nas.dudenhoeffer.casa`)'
+      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://login.nas.dudenhoeffer.casa/'  # yamllint disable-line rule:line-length
+      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'  # yamllint disable-line rule:line-length
+      - 'traefik.http.services.authelia.loadbalancer.server.port=9091'
+
+    restart: unless-stopped
+    healthcheck:
+      ## In production the healthcheck section should be commented.
+      disable: true
+
+networks:
+  web:
+    external: true
+
+volumes:
+  certs:
+    name: certs
+    driver: local
+
+  authelia_config:
+    name: authelia_config
+    driver: local