Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Authentik
- Name: mealie
- Authentificationmethode: default-authentication-flow (Welcome to authentik!)
- Authorizationmethode: default-provider-authorization-explicit-consent (Authorize Application)
- Clienttype: public
- Client ID: redacted
- Redirect URIs:
- - https://mealie.domain/login
- - https://mealie.domain/login*
- - https://mealie.domain/login?direct=1
- - https://mealie.domain
- Scope: email openid profile
- Based on the Users hased ID
- Checked: id_token
- Checked: Different Issues for each provider
- Groups: "Mealie-Admins" and "Mealie-Users"
- # Mealie Compose
- services:
- mealie:
- image: ghcr.io/mealie-recipes/mealie:latest #
- container_name: mealie
- restart: always
- ports:
- - "9925:9000" #
- deploy:
- resources:
- limits:
- memory: 1000M #
- volumes:
- - ${PWD}/mealie-data:/app/data/
- environment:
- # Set Backend ENV Variables Here
- ALLOW_SIGNUP: false
- PUID: 1000
- PGID: 1000
- TZ: Europe/Berlin
- MAX_WORKERS: 1
- WEB_CONCURRENCY: 1
- BASE_URL: "https://mealie.domain"
- #Security
- SECURITY_MAX_LOGIN_ATTEMPTS: 5
- SECURITY_USER_LOCKOUT_TIME: 24
- #OIDC
- OIDC_AUTH_ENABLED: true
- OIDC_SIGNUP_ENABLED: true
- OIDC_CONFIGURATION_URL: https://authentik.domain/application/o/mealie/.well-known/openid-configuration
- OIDC_CLIENT_ID: ID
- OIDC_USER_GROUP: "Mealie-Users"
- OIDC_ADMIN_GROUP: "Mealie-Admins"
- OIDC_AUTO_REDIRECT: false
- OIDC_PROVIDER_NAME: "Authentik"
- OIDC_REMEMBER_ME: true
- OIDC_SIGNING_ALGORITHM: RS256
- OIDC_USER_CLAIM: email
- #OIDC_GROUPS_CLAIM: groups
- #OIDC_TLS_CACERTFILE: none
- LOG_LEVEL: DEBUG
- # Email
- SMTP_HOST: redacted #Required For email
- SMTP_PORT: 587 #Required For email
- SMTP_FROM_NAME: Mealie #Required For email
- SMTP_AUTH_STRATEGY: TLS #Required For email, Options: 'TLS', 'SSL', 'NONE'
- SMTP_FROM_EMAIL: None #Required For email
- SMTP_USER: "redacted" #Required if SMTP_AUTH_STRATEGY is 'TLS' or 'SSL'
- SMTP_PASSWORD: "redacted"
- # Traefik
- http:
- routers:
- mealie:
- entryPoints:
- - "http"
- rule: "Host(`mealie.domain`)"
- middlewares:
- - https-redirectscheme
- tls: {}
- service: mealie
- mealie-secure:
- entryPoints:
- - "https"
- rule: "Host(`mealie.domain`)"
- middlewares:
- - crowdsec-bouncer
- - mealie-secure-headers
- tls: {}
- service: mealie
- services:
- mealie:
- loadBalancer:
- servers:
- - url: "http://IP:9925"
- passHostHeader: true
- middlewares:
- mealie-secure-headers:
- headers:
- accessControlAllowMethods: ["GET", "OPTIONS", "PUT"]
- accessControlAllowHeaders: "*"
- accessControlAllowOriginList: "https://mealie.domain"
- accessControlMaxAge: 100
- hostsProxyHeaders: ["X-Forwarded-Host"]
- stsSeconds: 63072000
- stsIncludeSubdomains: true
- stsPreload: true
- forceSTSHeader: true
- customFrameOptionsValue: "allow-from https:domain"
- contentTypeNosniff: true
- browserXssFilter: true
- referrerPolicy: "same-origin"
- contentsecuritypolicy: " default-src 'none'; style-src 'self'; script-src 'self' blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self';form-action 'none';img-src 'self';base-uri 'self'"
- featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
- customResponseHeaders:
- X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,noindex,nofollow"
- server: ""
- tls:
- default:
- minVersion: "VersionTLS13"
- sniStrict: true
- - "secp384r1"
- cipherSuites:
- - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
- - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"
- - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
- - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
- - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
Advertisement
Add Comment
Please, Sign In to add comment
