121 lines
3.3 KiB
YAML
121 lines
3.3 KiB
YAML
version: "2.4"
|
|
|
|
networks:
|
|
web:
|
|
# All containers that are router through traefik needs to be on this network
|
|
external: true
|
|
|
|
volumes:
|
|
authelia-config:
|
|
# Used for pre-processing of authelia configuration
|
|
|
|
services:
|
|
autoheal:
|
|
container_name: autoheal
|
|
restart: always
|
|
image: willfarrell/autoheal
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
traefik:
|
|
container_name: traefik
|
|
image: traefik
|
|
restart: always
|
|
environment:
|
|
- EMAIL
|
|
- PRIVATE_DOMAIN
|
|
- PUBLIC_DOMAIN
|
|
networks:
|
|
web:
|
|
command:
|
|
- "--configFile=/data/traefik.yaml"
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
# Open port 8080 for debugging emergencies
|
|
- 8080:8080
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./traefik:/data
|
|
healthcheck:
|
|
# Sometimes, traefik loses connection to authelia. The only thing that works then is a restart, handled by autoheal.
|
|
test: ["CMD", "wget", "-O", "-", "authelia:9091/api/state"]
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.http.services.traefik.loadbalancer.server.port: 8080
|
|
traefik.http.routers.traefik.rule: Host(`traefik.${PRIVATE_DOMAIN}`)
|
|
traefik.http.routers.traefik.middlewares: auth@file
|
|
traefik.http.routers.traefik.tls.certResolver: le
|
|
autoheal: "true"
|
|
|
|
authelia-config:
|
|
# Preprocess authelia configuration through gomplate
|
|
image: hairyhenderson/gomplate
|
|
environment:
|
|
- PRIVATE_DOMAIN
|
|
- PUBLIC_DOMAIN
|
|
volumes:
|
|
- ./authelia/configuration.yml:/data/input:ro
|
|
- authelia-config:/data/output
|
|
command: '--file=/data/input --out=/data/output/configuration.yml'
|
|
authelia:
|
|
container_name: authelia
|
|
image: authelia/authelia
|
|
restart: always
|
|
depends_on:
|
|
# config preprocessor should run first
|
|
- authelia-config
|
|
volumes:
|
|
- ./authelia:/opt/authelia
|
|
- authelia-config:/etc/authelia/
|
|
environment:
|
|
- ENVIRONMENT=dev
|
|
- NODE_TLS_REJECT_UNAUTHORIZED=1
|
|
networks:
|
|
web:
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-O", "-", "127.0.0.1:9091/api/state"]
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.http.routers.authelia.rule: Host(`auth.${PRIVATE_DOMAIN}`)
|
|
traefik.http.routers.authelia.tls.certResolver: le
|
|
traefik.http.routers.authelia.entrypoints: websecure
|
|
autoheal: "true"
|
|
|
|
homer:
|
|
container_name: homer
|
|
image: b4bz/homer
|
|
restart: always
|
|
volumes:
|
|
- ./homer:/www/assets
|
|
environment:
|
|
UID: 1000
|
|
GID: 1001
|
|
networks:
|
|
web:
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.http.routers.homer.rule: Host(`${PRIVATE_DOMAIN}`)
|
|
traefik.http.routers.homer.tls.certResolver: le
|
|
traefik.http.routers.homer.entrypoints: websecure
|
|
|
|
# whoami-https:
|
|
# image: containous/whoami
|
|
# networks:
|
|
# web:
|
|
# labels:
|
|
# traefik.enable: true
|
|
# traefik.http.routers.wait-https.rule: Host(`wai-https.${PRIVATE_DOMAIN}`)
|
|
# traefik.http.routers.wait-https.tls.certResolver: le
|
|
|
|
# whoami-auth:
|
|
# image: containous/whoami
|
|
# networks:
|
|
# web:
|
|
# macvlan:
|
|
# labels:
|
|
# traefik.enable: true
|
|
# traefik.http.routers.wai-auth.rule: Host(`wai-auth.${PRIVATE_DOMAIN}`)
|
|
# traefik.http.routers.wai-auth.tls.certResolver: le
|
|
# traefik.http.routers.wai-auth.middlewares: auth@file
|