88 lines
2.6 KiB
YAML
88 lines
2.6 KiB
YAML
|
---
|
||
|
version: "3.8"
|
||
|
services:
|
||
|
traefik:
|
||
|
image: traefik:latest
|
||
|
container_name: traefik
|
||
|
hostname: traefik
|
||
|
|
||
|
|
||
|
environment:
|
||
|
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
|
||
|
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_KEY}
|
||
|
- DOMAIN_ROOT=${DOMAIN_ROOT}
|
||
|
|
||
|
ports:
|
||
|
- mode: host
|
||
|
protocol: tcp
|
||
|
published: 80
|
||
|
target: 80
|
||
|
- mode: host
|
||
|
protocol: tcp
|
||
|
published: 443
|
||
|
target: 443
|
||
|
|
||
|
volumes:
|
||
|
- ./traefik.yml:/etc/traefik/traefik.yml:ro
|
||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||
|
- certs:/letsencrypt
|
||
|
|
||
|
networks:
|
||
|
- home-proxy
|
||
|
|
||
|
|
||
|
labels:
|
||
|
- 'traefik.enable=true'
|
||
|
- 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN_ROOT}`)'
|
||
|
- "traefik.http.routers.traefik.entrypoints=websecure"
|
||
|
- 'entrypoints.websecure.http.tls=true'
|
||
|
- 'entrypoints.websecure.http.tls.certResolver=letsencrypt'
|
||
|
- 'entrypoints.websecure.http.tls.domains[0].main=${DOMAIN_ROOT}'
|
||
|
- 'entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN_ROOT}'
|
||
|
- "traefik.http.routers.traefik.service=api@internal"
|
||
|
- 'traefik.http.routers.traefik.middlewares=strip'
|
||
|
- 'traefik.http.middlewares.strip.stripprefix.prefixes=/traefik'
|
||
|
- 'traefik.http.services.traefik.loadbalancer.server.port=8080'
|
||
|
- 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https://login.${DOMAIN_ROOT}/'
|
||
|
- 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
|
||
|
- 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
|
||
|
- 'certificatesresolvers.letsencrypt.acme.dnschallenge=true'
|
||
|
- 'certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare'
|
||
|
- 'certificatesresolvers.letsencrypt.acme.email=${CLOUDFLARE_EMAIL}'
|
||
|
- 'certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json'
|
||
|
|
||
|
|
||
|
|
||
|
authelia:
|
||
|
image: docker.io/authelia/authelia:latest
|
||
|
container_name: authelia
|
||
|
restart: unless-stopped
|
||
|
networks:
|
||
|
- home-proxy
|
||
|
environment:
|
||
|
- TZ=${TIMEZONE}
|
||
|
- AUTHELIA_JWT_SECRET=${AUTH_JWT_SECRET}
|
||
|
- AUTHELIA_SESSION_SECRET=${AUTH_SESSION_SECRET}
|
||
|
- AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTH_STORAGE_KEY}
|
||
|
- DOMAIN_ROOT=${DOMAIN_ROOT}
|
||
|
|
||
|
volumes:
|
||
|
- authelia_config:/config
|
||
|
|
||
|
labels:
|
||
|
- 'traefik.enable=true'
|
||
|
- 'traefik.http.routers.authelia.rule=Host(`login.${DOMAIN_ROOT}`)'
|
||
|
- 'traefik.http.services.authelia.loadbalancer.server.port=9091'
|
||
|
|
||
|
volumes:
|
||
|
certs:
|
||
|
external: true
|
||
|
|
||
|
authelia_config:
|
||
|
external: true
|
||
|
|
||
|
|
||
|
networks:
|
||
|
home-proxy:
|
||
|
external: true
|