Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Traefik docker-compose
- version: '3'
- services:
- traefik:
- image: traefik:v2.4.5
- container_name: traefik
- restart: unless-stopped
- security_opt:
- - no-new-privileges:true
- networks:
- - t2_proxy
- ports:
- - 80:80
- - 443:443
- volumes:
- - /etc/localtime:/etc/localtime:ro
- - /var/run/docker.sock:/var/run/docker.sock:ro
- - ./data/usersfile:/usersfile:ro
- - ./data/traefik.yml:/traefik.yml:ro
- - ./data/acme.json:/acme.json
- - /var/log:/var/log
- labels:
- - "traefik.enable=true"
- - "traefik.http.routers.traefik.entrypoints=web"
- - "traefik.http.routers.traefik.rule=Host(`example.com`)"
- #- "traefik.http.middlewares.traefik-auth.basicauth.usersfile=usersfile"
- - "traefik.http.routers.traefik-secure.entrypoints=websecure"
- - "traefik.http.routers.traefik-secure.rule=Host(`example.com`)"
- #- "traefik.http.routers.traefik-secure.tls=true" no longer needed, static config
- - "traefik.http.routers.traefik-secure.tls.certresolver=http"
- - "traefik.http.routers.traefik-secure.service=api@internal"
- #Authelia froward auth
- - "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://example.com/authelia/"
- - "traefik.http.middlewares.authelia.forwardauth.trustforwardheader=true"
- - "traefik.http.middlewares.authelia.forwardauth.authresponseheaders=Remote-User, Remote-Groups"
- #Use authelia to authenticate
- - "traefik.http.routers.traefik-secure.middlewares=authelia@docker"
- - "traefik.http.routers.traefik.middlewares=authelia@docker"
- networks:
- t2_proxy:
- external: true
- #Traefik Config
- api:
- dashboard: true
- entryPoints:
- web:
- address: ":80"
- http:
- redirections:
- entrypoint:
- to: websecure
- scheme: https
- websecure:
- address: ":443"
- http:
- tls: {}
- providers:
- docker:
- endpoint: "unix:///var/run/docker.sock"
- exposedByDefault: false
- file:
- directory: "rules/"
- certificatesResolvers:
- http:
- acme:
- email: example@gmail.com
- storage: acme.json
- httpChallenge:
- entrypoint: web
- log:
- filePath: "/var/log/traefik.log"
- level: WARN
- accessLog:
- filePath: "var/log/access.log"
- filters:
- statusCodes:
- - "400-499"
- retryAttempts: true
- #authelia docker-compose
- version: "2.4"
- services:
- authelia:
- image: authelia/authelia:4.21.0
- container_name: authelia
- environment:
- - TZ=America/Chicago
- volumes:
- - ./authelia:/config
- - ./authelia/secrets:/config/secrets:ro
- restart: unless-stopped
- networks:
- - t2_proxy
- environment:
- - AUTHELIA_JWT_SECRET_FILE=/config/secrets/jwt
- - AUTHELIA_SESSION_SECRET_FILE=/config/secrets/session
- - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/config/secrets/email
- labels:
- - "traefik.enable=true"
- - "traefik.http.routers.authelia-https.rule=Host(`example.com`) && PathPrefix(`/authelia{regex:$$|/.*}`)"
- - "traefik.http.routers.authelia-https.entrypoints=websecure"
- - "traefik.http.routers.authelia-https.tls=true"
- - "traefik.http.routers.authelia-https.service=authelia-svc"
- - "traefik.http.services.authelia-svc.loadbalancer.server.port=9091"
- networks:
- t2_proxy:
- external: true
- #authelia config
- host: 0.0.0.0
- port: 9091
- log_level: info
- #jwt_secret:
- default_redirection_url: https://example.com/dashboard/
- ### TOTP Settings
- totp:
- issuer: example.com
- period: 30
- skew: 1
- authentication_backend:
- disable_reset_password: false
- file:
- path: /config/users_database.yml
- password:
- algorithm: argon2id
- iterations: 1
- key_length: 32
- salt_length: 16
- memory: 512
- parallelism: 8
- access_control:
- default_policy: deny
- rules:
- - domain:
- - example.com
- - "*.example.com"
- policy: bypass
- networks:
- - 192.168.0.0/16
- - 172.16.0.0/12
- - 10.0.0.0/8
- - domain:
- - example.com
- - "*.example.com"
- policy: two_factor
- server:
- path: authelia
- session:
- name: authelia_session
- # secret:
- expiration: 1h
- inactivity: 5m
- remember_me_duration: 1M
- domain: example.com
- regulation:
- max_retries: 3
- find_time: 2m
- ban_time: 5m
- storage:
- local:
- path: /config/db.sqlite3
- notifier:
- disable_startup_check: false
- smtp:
- username: example@outlook.com
- #password: set in environment
- host: smtp.office365.com
- port: 587
- sender: example@outlook.com
- #identifier: localhost
- subject: "[Authelia] {Login Setup}"
- #startup_check_address: "example@outlook.com"
- #disable_require_tls: false
- #disable_html_emails: false
- #tls:
- # skip_verify: false
- # minimum_version: TLS1.2
- #filesystem:
- # filename: /config/notification.txt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement