--- version: "3.8" services: traefik: image: traefik:latest container_name: traefik hostname: traefik command: --providers.file.filename=/etc/traefik/dynamic.yml --providers.docker environment: - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL} - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_KEY} - DOMAIN_ROOT=${DOMAIN_ROOT} ports: - mode: host protocol: tcp published: 80 target: 80 - mode: host protocol: tcp published: 443 target: 443 volumes: - ./traefik.yml:/etc/traefik/traefik.yml:ro - ./custom:/etc/traefik/custom:ro - /var/run/docker.sock:/tmp/docker.sock:ro - certs:/letsencrypt networks: - home-proxy labels: - 'traefik.enable=true' - 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN_ROOT}`)' - "traefik.http.routers.traefik.entrypoints=websecure" - 'entrypoints.websecure.http.tls=true' - 'entrypoints.websecure.http.tls.certResolver=letsencrypt' - 'entrypoints.websecure.http.tls.domains[0].main=${DOMAIN_ROOT}' - 'entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN_ROOT}' - "traefik.http.routers.traefik.service=api@internal" - 'traefik.http.routers.traefik.middlewares=strip' - 'traefik.http.middlewares.strip.stripprefix.prefixes=/traefik' - 'traefik.http.services.traefik.loadbalancer.server.port=8080' - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https://login.${DOMAIN_ROOT}/' - 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true' - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' - 'certificatesresolvers.letsencrypt.acme.dnschallenge=true' - 'certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare' - 'certificatesresolvers.letsencrypt.acme.email=${CLOUDFLARE_EMAIL}' - 'certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json' authelia: image: docker.io/authelia/authelia:latest container_name: authelia restart: unless-stopped networks: - home-proxy environment: - TZ=${TIMEZONE} - AUTHELIA_JWT_SECRET=${AUTH_JWT_SECRET} - AUTHELIA_SESSION_SECRET=${AUTH_SESSION_SECRET} - AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTH_STORAGE_KEY} - DOMAIN_ROOT=${DOMAIN_ROOT} volumes: - authelia_config:/config labels: - 'traefik.enable=true' - 'traefik.http.routers.authelia.rule=Host(`login.${DOMAIN_ROOT}`)' - 'traefik.http.services.authelia.loadbalancer.server.port=9091' volumes: certs: external: true authelia_config: external: true networks: home-proxy: external: true