authelia/examples/compose/lite/docker-compose.yml

114 lines
3.6 KiB
YAML
Raw Permalink Normal View History

---
version: '3.8'
networks:
net:
driver: 'bridge'
services:
authelia:
image: 'authelia/authelia'
container_name: 'authelia'
volumes:
- './authelia:/config'
networks:
- 'net'
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.authelia.rule=Host(`authelia.example.com`)'
- 'traefik.http.routers.authelia.entrypoints=https'
- 'traefik.http.routers.authelia.tls=true'
- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https://authelia.example.com' # yamllint disable-line rule:line-length
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length
expose:
- 9091
restart: 'unless-stopped'
healthcheck:
## In production the healthcheck section should be commented.
disable: true
environment:
TZ: 'Australia/Melbourne'
redis:
image: 'redis:alpine'
container_name: 'redis'
volumes:
- './redis:/data'
networks:
- 'net'
expose:
- 6379
restart: 'unless-stopped'
environment:
TZ: 'Australia/Melbourne'
traefik:
image: 'traefik:v2.10.1'
container_name: 'traefik'
volumes:
- './traefik:/etc/traefik'
- '/var/run/docker.sock:/var/run/docker.sock'
networks:
- 'net'
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
- 'traefik.http.routers.api.entrypoints=https'
- 'traefik.http.routers.api.service=api@internal'
- 'traefik.http.routers.api.tls=true'
- 'traefik.http.routers.api.tls.certresolver=letsencrypt'
- 'traefik.http.routers.api.middlewares=authelia@docker'
ports:
- '80:80'
- '443:443'
command:
- '--api'
- '--providers.docker=true'
- '--providers.docker.exposedByDefault=false'
- '--entrypoints.http=true'
- '--entrypoints.http.address=:80'
- '--entrypoints.http.http.redirections.entrypoint.to=https'
- '--entrypoints.http.http.redirections.entrypoint.scheme=https'
- '--entrypoints.https=true'
- '--entrypoints.https.address=:443'
- '--certificatesResolvers.letsencrypt.acme.email=your-email@your-domain.com'
- '--certificatesResolvers.letsencrypt.acme.storage=/etc/traefik/acme.json'
- '--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http'
- '--log=true'
- '--log.level=DEBUG'
secure:
image: 'traefik/whoami'
container_name: 'secure'
networks:
- 'net'
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.secure.rule=Host(`secure.example.com`)'
- 'traefik.http.routers.secure.entrypoints=https'
- 'traefik.http.routers.secure.tls=true'
- 'traefik.http.routers.secure.tls.certresolver=letsencrypt'
- 'traefik.http.routers.secure.middlewares=authelia@docker'
expose:
- 80
restart: 'unless-stopped'
public:
image: 'traefik/whoami'
container_name: 'public'
networks:
- 'net'
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.public.rule=Host(`public.example.com`)'
- 'traefik.http.routers.public.entrypoints=https'
- 'traefik.http.routers.public.tls=true'
- 'traefik.http.routers.public.tls.certresolver=letsencrypt'
- 'traefik.http.routers.public.middlewares=authelia@docker'
expose:
- 80
restart: 'unless-stopped'
...