Advertisement
d3athwarrior

Untitled

May 22nd, 2024 (edited)
102
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 4.00 KB | Source Code | 0 0
  1. services:
  2.   db:
  3.     image: postgres:16-alpine
  4.     restart: unless-stopped
  5.     healthcheck:
  6.       test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
  7.       start_period: 20s
  8.       interval: 30s
  9.       retries: 5
  10.       timeout: 5s
  11.     volumes:
  12.      - database:/var/lib/postgresql/data
  13.     environment:
  14.       POSTGRES_PASSWORD: ${PG_PASS:-authentik}
  15.       POSTGRES_USER: ${PG_USER:-authentik}
  16.       POSTGRES_DB: ${PG_DB:-authentik}
  17.     env_file:
  18.      - ./.env
  19.     networks:
  20.      - default
  21.   redis:
  22.     image: redis:alpine
  23.     command: --save 60 1 --loglevel warning
  24.     restart: unless-stopped
  25.     healthcheck:
  26.       test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
  27.       start_period: 20s
  28.       interval: 30s
  29.       retries: 5
  30.       timeout: 3s
  31.     volumes:
  32.      - redis:/data
  33.     networks:
  34.      - default
  35.   server:
  36.     image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.4}
  37.     restart: unless-stopped
  38.     command: server
  39.     environment:
  40.       AUTHENTIK_REDIS__HOST: redis
  41.       AUTHENTIK_POSTGRESQL__HOST: db
  42.       AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
  43.       AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
  44.       AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-authentik}
  45.       AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
  46.     volumes:
  47.      - media:/media
  48.       - custom-templates:/templates
  49.     env_file:
  50.      - ./.env
  51.     # ports:
  52.     #   - "9000:9000"
  53.     #   - "9443:9443"
  54.     depends_on:
  55.      - db
  56.       - redis
  57.     labels:
  58.      - "traefik.enable=true"
  59.       - "traefik.http.routers.authentik.rule=Host(`${AUTHENTIK_SUBDOMAIN}.${DOMAIN_NAME}`)"
  60.       - "traefik.http.routers.authentik.entrypoints=securedweb"
  61.       - "traefik.http.routers.authentik-outpost.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.${DOMAIN_NAME}`) && PathPrefix(`/outpost.goauthentik.io/`)"
  62.       - "traefik.http.routers.authentik-outpost.entrypoints=securedweb"
  63.       - "traefik.http.services.authentik.loadbalancer.server.port=9000"
  64.     networks:
  65.      - default
  66.       - traefik_proxy
  67.   worker:
  68.     image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.4}
  69.     restart: unless-stopped
  70.     command: worker
  71.     environment:
  72.       AUTHENTIK_REDIS__HOST: redis
  73.       AUTHENTIK_POSTGRESQL__HOST: db
  74.       AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
  75.       AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
  76.       AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-authentik}
  77.       AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
  78.     volumes:
  79.      - /var/run/docker.sock:/var/run/docker.sock:ro
  80.       - media:/media
  81.       - certs:/certs
  82.       - custom-templates:/templates
  83.     env_file:
  84.      - ./.env
  85.     user: root
  86.     depends_on:
  87.      - db
  88.       - redis
  89.     networks:
  90.      - default
  91.   ldap:
  92.     image: ghcr.io/goauthentik/ldap:${AUTHENTIK_VERSION:-2024.4}
  93.     networks:
  94.      - default
  95.       - traefik_proxy
  96.     environment:
  97.         AUTHENTIK_HOST: https://${AUTHENTIK_SUBDOMAIN}.${DOMAIN_NAME}
  98.         AUTHENTIK_INSECURE: false
  99.         AUTHENTIK_TOKEN: ${AUTHENTIK_LDAP_TOKEN}
  100.         #AUTHENTIK_LISTEN__LDAP: "0.0.0.0:389"
  101.         #AUTHENTIK_LISTEN__LDAPS: "0.0.0.0:636"
  102.     env_file:
  103.        ./.env
  104.     labels:
  105.      - "io.goauthentik.outpost-uuid=219aeada-d950-4ac3-88a2-aaa56ad4d556"
  106.       - "traefik.enable=true"
  107.       - "traefik.tcp.routers.ak-outpost-ldap.rule=HostSNI(`*`)"
  108.       - "traefik.tcp.routers.ak-outpost-ldap.entrypoints=ldaps"
  109.       # - "traefik.tcp.services.ak-outpost-ldap.loadbalancer.healthcheck.path=/outpost.goauthentik.io/ping"
  110.       # - "traefik.tcp.services.ak-outpost-ldap.loadbalancer.healthcheck.port=9300"
  111.       - "traefik.tcp.services.ak-outpost-ldap.loadbalancer.server.port=3389"
  112.       - "traefik.tcp.routers.ak-outpost-ldap.tls.certResolver=wildcardresolver"
  113.       - "traefik.tcp.routers.ak-outpost-ldap.tls=true"
  114.       # - "traefik.tcp.routers.ak-outpost-ldap.tls.passthrough=false"
  115.  
  116. volumes:
  117.   database:
  118.   redis:
  119.   media:
  120.   custom-templates:
  121.   certs:
  122. networks:
  123.   default:
  124.   traefik_proxy:
  125.     external: true
  126.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement