[DOCS] Update secrets examples for Docker Compose (#948)

* [DOCS] Update secrets examples for Docker Compose * Fix typo * Include examples for Docker Secrets and bind mounted secret files
2020-05-01 16:58:40 +10:00 · 2020-05-01 16:58:40 +10:00 · 6d8f45513f
parent aebcb38f90
commit 6d8f45513f
1 changed files with 103 additions and 0 deletions
--- a/docs/configuration/secrets.md
+++ b/docs/configuration/secrets.md
@ -66,6 +66,109 @@ prevent secret leaks if an another application gets compromised on your
 server. The UNIX permissions should probably be something like 600.


+## Docker
+
+Secrets can be provided in a `docker-compose.yml` either with Docker secrets or
+bind mounted secret files, examples of these are provided below. 
+
+
+### Compose with Docker secrets
+
+This example assumes secrets are stored in `/path/to/authelia/secrets/{secretname}`
+on the host and are exposed with Docker secrets in a `docker-compose.yml` file:
+
+```yaml
+version: '3.8'
+
+networks:
+  net:
+    driver: bridge
+
+secrets:
+  jwt:
+    file: /path/to/authelia/secrets/jwt
+  duo:
+    file: /path/to/authelia/secrets/duo
+  session:
+    file: /path/to/authelia/secrets/session
+  redis:
+    file: /path/to/authelia/secrets/redis
+  mysql:
+    file: /path/to/authelia/secrets/mysql
+  smtp:
+    file: /path/to/authelia/secrets/smtp
+  ldap:
+    file: /path/to/authelia/secrets/ldap
+
+services:
+  authelia:
+    image: authelia/authelia
+    container_name: authelia
+    secrets:
+      - jwt
+      - duo
+      - session
+      - redis
+      - mysql
+      - smtp
+      - ldap
+    volumes:
+      - /path/to/authelia:/var/lib/authelia
+      - /path/to/authelia/configuration.yml:/etc/authelia/configuration.yml:ro
+    networks:
+      - net
+    expose:
+      - 9091
+    restart: unless-stopped
+    environment:
+      - AUTHELIA_JWT_SECRET_FILE=/run/secrets/jwt
+      - AUTHELIA_DUO_API_SECRET_KEY_FILE=/run/secrets/duo
+      - AUTHELIA_SESSION_SECRET_FILE=/run/secrets/session
+      - AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/run/secrets/redis
+      - AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/run/secrets/mysql
+      - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/run/secrets/smtp
+      - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/run/secrets/ldap
+      - TZ=Australia/Melbourne
+```
+
+### Compose with bind mounted secret files
+
+This example assumes secrets are stored in `/path/to/authelia/secrets/{secretname}`
+on the host and are exposed with bind mounted secret files in a `docker-compose.yml` file
+at `/etc/authelia/secrets/`:
+
+```yaml
+version: '3.8'
+
+networks:
+  net:
+    driver: bridge
+
+services:
+  authelia:
+    image: authelia/authelia
+    container_name: authelia
+    volumes:
+      - /path/to/authelia:/var/lib/authelia
+      - /path/to/authelia/configuration.yml:/etc/authelia/configuration.yml:ro
+      - /path/to/authelia/secrets:/etc/authelia/secrets
+    networks:
+      - net
+    expose:
+      - 9091
+    restart: unless-stopped
+    environment:
+      - AUTHELIA_JWT_SECRET_FILE=/etc/authelia/secrets/jwt
+      - AUTHELIA_DUO_API_SECRET_KEY_FILE=/etc/authelia/secrets/duo
+      - AUTHELIA_SESSION_SECRET_FILE=/etc/authelia/secrets/session
+      - AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/etc/authelia/secrets/redis
+      - AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/etc/authelia/secrets/mysql
+      - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/etc/authelia/secrets/smtp
+      - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/etc/authelia/secrets/ldap
+      - TZ=Australia/Melbourne
+```
+
+
 ## Kubernetes

 Secrets can be mounted as files using the following sample manifests.