authelia/internal/suites/example/compose/traefik2/docker-compose.yml

---
version: '3'
services:
  traefik:
    image: traefik:v2.9.1
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
      - 'traefik.http.routers.api.entrypoints=https'
      - 'traefik.http.routers.api.service=api@internal'
      - 'traefik.http.routers.api.tls=true'
      # Traefik 2.x
      - 'traefik.http.middlewares.authelia.forwardauth.address=https://authelia-backend:9091${PathPrefix}/api/verify?rd=https://login.example.com:8080${PathPrefix}'  # yamllint disable-line rule:line-length
      - 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true'
      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'  # yamllint disable-line rule:line-length
    command:
      - '--accesslog=true'
      - '--api'
      - '--providers.docker=true'
      - '--entrypoints.https=true'
      - '--entrypoints.https.address=:8080'
      - '--log=true'
      - '--log.level=DEBUG'
      - '--providers.docker.exposedByDefault=false'
      - '--serversTransport.insecureSkipVerify=true'
    networks:
      authelianet:
        aliases:
          - public.example.com
          - secure.example.com
          - login.example.com
        # Set the IP to be able to query on port 8080
        ipv4_address: 192.168.240.100
...
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`---`
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version 2020-01-19 10:06:37 +00:00			`version: '3'`
			`services:`
			`traefik:`
build(deps): update traefik docker tag to v2.9.1 (#4126) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> 2022-10-04 03:13:03 +00:00			`image: traefik:v2.9.1`
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version 2020-01-19 10:06:37 +00:00			`volumes:`
			`- '/var/run/docker.sock:/var/run/docker.sock'`
			`labels:`
refactor(suites): stop integration tests on first failure (#3270) * refactor(suites): stop integration tests on first failure * refactor(suites): remove additional nginx instance * refactor(suites): log relevant containers * refactor(suites): add traefik2 logs to stdout * refactor(suites): explicitly enable traefik for tests * refactor(suites): remove redis restart and duplicate pathprefix tests * ci(buildkite): allow manual retry on integration tests 2022-05-02 04:50:37 +00:00			`- 'traefik.enable=true'`
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version 2020-01-19 10:06:37 +00:00			- 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
			`- 'traefik.http.routers.api.entrypoints=https'`
			`- 'traefik.http.routers.api.service=api@internal'`
			`- 'traefik.http.routers.api.tls=true'`
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`# Traefik 2.x`
			`- 'traefik.http.middlewares.authelia.forwardauth.address=https://authelia-backend:9091${PathPrefix}/api/verify?rd=https://login.example.com:8080${PathPrefix}' # yamllint disable-line rule:line-length`
			`- 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true'`
			`- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'`
			`- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email' # yamllint disable-line rule:line-length`
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version 2020-01-19 10:06:37 +00:00			`command:`
refactor(suites): stop integration tests on first failure (#3270) * refactor(suites): stop integration tests on first failure * refactor(suites): remove additional nginx instance * refactor(suites): log relevant containers * refactor(suites): add traefik2 logs to stdout * refactor(suites): explicitly enable traefik for tests * refactor(suites): remove redis restart and duplicate pathprefix tests * ci(buildkite): allow manual retry on integration tests 2022-05-02 04:50:37 +00:00			`- '--accesslog=true'`
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version 2020-01-19 10:06:37 +00:00			`- '--api'`
			`- '--providers.docker=true'`
			`- '--entrypoints.https=true'`
			`- '--entrypoints.https.address=:8080'`
			`- '--log=true'`
			`- '--log.level=DEBUG'`
refactor(suites): stop integration tests on first failure (#3270) * refactor(suites): stop integration tests on first failure * refactor(suites): remove additional nginx instance * refactor(suites): log relevant containers * refactor(suites): add traefik2 logs to stdout * refactor(suites): explicitly enable traefik for tests * refactor(suites): remove redis restart and duplicate pathprefix tests * ci(buildkite): allow manual retry on integration tests 2022-05-02 04:50:37 +00:00			`- '--providers.docker.exposedByDefault=false'`
[FEATURE] Make Authelia serve over TLS in all suites (#864) * [BUGFIX] Fix dev workflow by using TLS for all suites. * Fix traefik 1.x and 2.x suites. * Display authelia logs on suite failure. * Fix HAProxy suite. * Extend timeout of test case. * Display current URL in verify assertion. * fix doLoginTwoFactor by adding a timeout * when doLoginTwoFactor is used with blank target and a protected domain is quickly visited authelia sometimes redirects back to the portal * fix by adding one second timeout * bump go version to 1.14.2 * Fix Kube suite and bump dashboard. * Update dist authelia-frontend to proxy_pass with variable * Apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> * Apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> * Remove debug logs since it's polluting logs. Also set timeout back to 5 seconds in HA suite. Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2020-04-13 23:57:28 +00:00			`- '--serversTransport.insecureSkipVerify=true'`
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version 2020-01-19 10:06:37 +00:00			`networks:`
			`authelianet:`
feature(oidc): add support for OpenID Connect OpenID connect has become a standard when it comes to authentication and in order to fix a security concern around forwarding authentication and authorization information it has been decided to add support for it. This feature is in beta version and only enabled when there is a configuration for it. Before enabling it in production, please consider that it's in beta with potential bugs and that there are several production critical features still missing such as all OIDC related data is stored in configuration or memory. This means you are potentially going to experience issues with HA deployments, or when restarting a single instance specifically related to OIDC. We are still working on adding the remaining set of features before making it GA as soon as possible. Related to #189 Co-authored-by: Clement Michaud <clement.michaud34@gmail.com> 2021-05-04 22:06:05 +00:00			`aliases:`
			`- public.example.com`
			`- secure.example.com`
			`- login.example.com`
Add Traefik2 suite and refactor Traefik suite (#562) * Update Traefik 1.x to v1.7.20 for integration tests * Add suite for Traefik 2.x * Refactor Traefik2 suite to utilise Docker labels * Move Traefik2 middleware definition to a file based provider * Expose Traefik2 dashboard The API/Dashboard can be reached at https://traefik.example.com:8080/ * Move Traefik frontend/backend definitions to Docker labels * Move Traefik2 router/service definitions to Docker labels * Normalise all Traefik configuration via labels and commands When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files. * Define ports for Authelia frontend/backend services * Adjust Traefik2 suite to new dev workflow * Normalise all Traefik2 middlewares via labels * Fix typo in middleware and comment labels specifying Traefik version 2020-01-19 10:06:37 +00:00			`# Set the IP to be able to query on port 8080`
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`ipv4_address: 192.168.240.100`
			`...`