--- version: '3.3' networks: net: driver: bridge services: authelia: image: authelia/authelia container_name: authelia volumes: - ./authelia:/config networks: - net labels: - 'traefik.enable=true' - 'traefik.http.routers.authelia.rule=Host(`authelia.example.com`)' - 'traefik.http.routers.authelia.entrypoints=https' - 'traefik.http.routers.authelia.tls=true' - 'traefik.http.routers.authelia.tls.options=default' - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia-url=https://authelia.example.com' # yamllint disable-line rule:line-length - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length expose: - 9091 restart: unless-stopped healthcheck: ## In production the healthcheck section should be commented. disable: true environment: - TZ=Australia/Melbourne traefik: image: traefik:v2.9.9 container_name: traefik volumes: - ./traefik:/etc/traefik - /var/run/docker.sock:/var/run/docker.sock networks: - net labels: - 'traefik.enable=true' - 'traefik.http.routers.api.rule=Host(`traefik.example.com`)' - 'traefik.http.routers.api.entrypoints=https' - 'traefik.http.routers.api.service=api@internal' - 'traefik.http.routers.api.tls=true' - 'traefik.http.routers.api.tls.options=default' - 'traefik.http.routers.api.middlewares=authelia@docker' ports: - '80:80' - '443:443' command: - '--api' - '--providers.docker=true' - '--providers.docker.exposedByDefault=false' - '--providers.file.filename=/etc/traefik/certificates.yml' - '--entrypoints.http=true' - '--entrypoints.http.address=:80' - '--entrypoints.http.http.redirections.entrypoint.to=https' - '--entrypoints.http.http.redirections.entrypoint.scheme=https' - '--entrypoints.https=true' - '--entrypoints.https.address=:443' - '--log=true' - '--log.level=DEBUG' secure: image: traefik/whoami container_name: secure networks: - net labels: - 'traefik.enable=true' - 'traefik.http.routers.secure.rule=Host(`secure.example.com`)' - 'traefik.http.routers.secure.entrypoints=https' - 'traefik.http.routers.secure.tls=true' - 'traefik.http.routers.secure.tls.options=default' - 'traefik.http.routers.secure.middlewares=authelia@docker' expose: - 80 restart: unless-stopped public: image: traefik/whoami container_name: public networks: - net labels: - 'traefik.enable=true' - 'traefik.http.routers.public.rule=Host(`public.example.com`)' - 'traefik.http.routers.public.entrypoints=https' - 'traefik.http.routers.public.tls=true' - 'traefik.http.routers.public.tls.options=default' - 'traefik.http.routers.public.middlewares=authelia@docker' expose: - 80 restart: unless-stopped ...