docs: add an example of deploying authelia lite on docker swarm (#1899)

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-04-10 22:10:02 +01:00 · 2021-04-10 22:10:02 +01:00 · fd21157aac
parent be4f6b6fb1
commit fd21157aac
1 changed files with 181 additions and 0 deletions
--- a/docs/community/example-of-authelia-lite-on-docker-swarm.md
+++ b/docs/community/example-of-authelia-lite-on-docker-swarm.md
@ -0,0 +1,181 @@
+---
+layout: default
+title: Example of authelia lite on docker swarm
+parent: Community
+nav_order: 4
+---
+
+The overlay network for docker swarm can be initialized with:
+
+```
+$ docker swarm init
+$ docker swarm init && docker network create --driver=overlay traefik-public
+$ mkdir ./redis ./letsencrypt
+```
+
+The structure of the folder should be like this:
+
+```
+├── authelia/
+│   ├── configuration.yml
+│   └── users_database.yml
+├── redis/
+├── letsencrypt/
+│   └── acme.json
+└── traefik-compose.yml
+```
+
+The following configuration allows you to deploy authelia to docker swarm with traefik 2.x. Please replace the **example.com** and **your@email.com** with your domain and email respectively.  Then save it as **traefik-compose.yml**.
+
+```
+version: '3.3'
+
+services:
+  authelia:
+    image: authelia/authelia:4
+    volumes:
+      - ./authelia:/config
+    networks:
+      - traefik-public
+    deploy:
+      labels:
+        - 'traefik.enable=true'
+        - 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)'
+        - 'traefik.http.routers.authelia.entrypoints=web'
+        - "traefik.http.services.authelia.loadbalancer.server.port=9091"
+        # TLS
+        - "traefik.http.routers.authelias.rule=Host(`auth.example.com`)"
+        - "traefik.http.routers.authelias.entrypoints=websecure"
+        - "traefik.http.routers.authelias.tls.certresolver=letsencrypt"
+        # Redirect
+        - "traefik.http.routers.authelia.middlewares=https_redirect"
+        - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
+        # Authelia
+        - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com'
+        - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
+        - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups'
+        - "traefik.http.routers.authelia.service=authelia"
+
+  redis:
+    image: redis:6-alpine
+    volumes:
+      - ./redis:/data
+    networks:
+      - traefik-public
+
+  traefik:
+    # The official v2.0 Traefik docker image
+    image: traefik:v2.2
+    deploy:
+      labels:
+        - 'traefik.enable=true'
+        - 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
+        - 'traefik.http.routers.api.entrypoints=web'
+        - 'traefik.http.routers.api.service=api@internal'
+        - 'traefik.http.services.traefik.loadbalancer.server.port=80'
+        # TLS
+        - "traefik.http.routers.apis.rule=Host(`traefik.example.com`)"
+        - "traefik.http.routers.apis.entrypoints=websecure"
+        - "traefik.http.routers.apis.tls.certresolver=letsencrypt"
+        # Redirect
+        - "traefik.http.routers.api.middlewares=https_redirect"
+        - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
+        # Authelia
+        - 'traefik.http.routers.apis.service=api@internal'
+        - 'traefik.http.routers.apis.middlewares=authelia@docker'
+      placement:
+        constraints:
+          - node.role == manager
+    command: 
+      - "--api"
+      - "--providers.docker=true"
+      - "--providers.docker.swarmMode=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entryPoints.websecure.address=:443"
+      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
+      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.letsencrypt.acme.email=your@email.com"
+      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
+    ports:
+      # Listen on port 80, default for HTTP, necessary to redirect to HTTPS
+      - target: 80
+        published: 80
+        mode: host
+      # Listen on port 443, default for HTTPS
+      - target: 443
+        published: 443
+        mode: host
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./letsencrypt:/letsencrypt
+    networks:
+      - traefik-public
+
+  secure:
+    image: containous/whoami
+    networks:
+      - traefik-public
+    deploy:
+      labels:
+        - 'traefik.enable=true'
+        - 'traefik.http.routers.secure.rule=Host(`secure.example.com`)'
+        - 'traefik.http.routers.secure.entrypoints=web'
+        - 'traefik.http.services.secure.loadbalancer.server.port=80'
+        # TLS
+        - "traefik.http.routers.secures.rule=Host(`secure.example.com`)"
+        - "traefik.http.routers.secures.entrypoints=websecure"
+        - "traefik.http.routers.secures.tls.certresolver=letsencrypt"
+        # Redirect
+        - "traefik.http.routers.secure.middlewares=https_redirect"
+        - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
+        # Authelia
+        - 'traefik.http.routers.secures.middlewares=authelia@docker'
+
+  public:
+    image: containous/whoami
+    networks:
+      - traefik-public
+    deploy:
+      labels:
+        - 'traefik.enable=true'
+        - 'traefik.http.routers.public.rule=Host(`public.example.com`)'
+        - 'traefik.http.routers.public.entrypoints=web'
+        - 'traefik.http.services.public.loadbalancer.server.port=80'
+        # TLS
+        - "traefik.http.routers.publics.rule=Host(`public.example.com`)"
+        - "traefik.http.routers.publics.entrypoints=websecure"
+        - "traefik.http.routers.publics.tls.certresolver=letsencrypt"
+        # Redirect
+        - "traefik.http.routers.public.middlewares=https_redirect"
+        - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
+        # Authelia
+        - 'traefik.http.routers.publics.middlewares=authelia@docker'
+
+networks:
+  traefik-public:
+    external: true
+```
+
+Finally, the stack is ready to be deployed.
+
+```
+$ docker stack deploy -c traefik-compose.yml traefik
+```
+
+Full configuration files can be found here https://github.com/wuhanstudio/authelia-docker-swarm
+
+```
+$ docker swarm init && docker network create --driver=overlay traefik-public
+
+$ git clone https://github.com/wuhanstudio/authelia-docker-swarm && cd authelia-docker-swarm
+
+# Replace wuhanstudio.cc with your domain
+$ find . -type f -name "*.yml" -exec sed -i'' -e 's/example.com/wuhanstudio.cc/g' {} +
+
+# Replace wuhanstudio@qq.com with your email
+$ find . -type f -name "*.yml" -exec sed -i'' -e 's/your@email.com/wuhanstudio@qq.com/g' {} +
+
+$ docker stack deploy -c traefik-compose.yml traefik
+```