261 lines
7.7 KiB
YAML
261 lines
7.7 KiB
YAML
version: "3.9"
|
|
|
|
secrets:
|
|
authelia_jwt_secret:
|
|
file: $SECRETSDIR/authelia_jwt_secret
|
|
authelia_session_secret:
|
|
file: $SECRETSDIR/authelia_session_secret
|
|
authelia_storage_postgres_password:
|
|
file: $SECRETSDIR/authelia_storage_postgres_password
|
|
authelia_storage_encryption_key_file:
|
|
file: $SECRETSDIR/authelia_storage_encryption_key_file
|
|
authelia_notifier_smtp_password:
|
|
file: $SECRETSDIR/authelia_notifier_smtp_password
|
|
authelia_duo_api_secret_key:
|
|
file: $SECRETSDIR/authelia_duo_api_secret_key
|
|
|
|
|
|
########################### EXTENSION FIELDS ##########################
|
|
# Helps eliminate repetition of sections
|
|
# More Info on how to use this: https://github.com/htpcBeginner/docker-traefik/pull/228
|
|
#######################################################################
|
|
x-environment: &default-tz-puid-pgid
|
|
- TZ=$TZ
|
|
- PUID=$PUID
|
|
- PGID=$PGID
|
|
|
|
x-common-keys-monitoring: &common-keys-monitoring
|
|
networks:
|
|
- backend
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
restart: always
|
|
|
|
services:
|
|
|
|
|
|
reverse-proxy:
|
|
# The official v2.0 Traefik docker image
|
|
image: traefik:v2.9
|
|
container_name: "traefik"
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "5m"
|
|
max-file: "3"
|
|
restart: unless-stopped
|
|
networks:
|
|
- backend
|
|
- frontend
|
|
ports:
|
|
# The HTTP port
|
|
- "80:80"
|
|
- "443:443"
|
|
# Influx
|
|
- "8086:8086"
|
|
# Mqtt
|
|
- "9001:9001"
|
|
- "8883:8883"
|
|
volumes:
|
|
# So that Traefik can listen to the Docker events
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./traefik.yml:/etc/traefik/traefik.yml
|
|
- ./traefik:/rules
|
|
- ./static_config.yml:/etc/traefik/static_config.yml
|
|
# - "./log.json:/etc/traefik/log.json"
|
|
#- ./acme.json:/acme.json
|
|
- ./letsencrypt/acme.json:/letsencrypt/acme.json
|
|
- ${DIR}/traefik/log:/log
|
|
environment:
|
|
- CF_API_EMAIL=simon@milvert.com
|
|
- CF_API_KEY=48d9ae3752afb6e73d99d23c432ba8e38b24c
|
|
- CLOUDFLARE_IPS
|
|
- LOCAL_IPS
|
|
labels:
|
|
- diun.enable=true
|
|
- "traefik.http.routers.zighome-secure.middlewares=chain-authelia@file"
|
|
dns:
|
|
- 8.8.8.8
|
|
|
|
authelia:
|
|
image: authelia/authelia:4
|
|
container_name: authelia
|
|
volumes:
|
|
- ./authelia:/config
|
|
- ./notify.txt:/tmp/authelia/notification.txt
|
|
networks:
|
|
- backend
|
|
- frontend
|
|
ports:
|
|
# The HTTP port
|
|
- "9091:9091"
|
|
environment:
|
|
- TZ=$TZ
|
|
- PUID=$PUID
|
|
- PGID=$PGID
|
|
- AUTHELIA_JWT_SECRET_FILE=/run/secrets/authelia_jwt_secret
|
|
- AUTHELIA_SESSION_SECRET_FILE=/run/secrets/authelia_session_secret
|
|
- AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE=/run/secrets/authelia_storage_postgres_password
|
|
#- AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/run/secrets/authelia_notifier_smtp_password
|
|
- AUTHELIA_DUO_API_SECRET_KEY_FILE=/run/secrets/authelia_duo_api_secret_key
|
|
- AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/authelia_storage_encryption_key_file
|
|
labels:
|
|
- diun.enable=true
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.authelia.entrypoints=web-secure"
|
|
- "traefik.http.routers.authelia.rule=Host(`authelia.${DOMAIN}`)"
|
|
- "traefik.http.services.authelia-service.loadbalancer.server.port=9091"
|
|
- "traefik.http.routers.authelia.tls.certresolver=milvert_dns"
|
|
- "traefik.http.routers.authelia.tls=true"
|
|
- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https://authelia.${DOMAIN}" # yamllint disable-line rule:line-length
|
|
- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
|
|
- "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email" # yamllint disable-line rule:line-length
|
|
secrets:
|
|
- authelia_jwt_secret
|
|
- authelia_session_secret
|
|
- authelia_storage_postgres_password
|
|
- authelia_notifier_smtp_password
|
|
- authelia_duo_api_secret_key
|
|
- authelia_storage_encryption_key_file
|
|
|
|
|
|
######################### DATABASE ############################
|
|
#
|
|
# DATABASE
|
|
#
|
|
###############################################################
|
|
|
|
db:
|
|
image: mariadb:10.5.6
|
|
container_name: mariaDB
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "5m"
|
|
max-file: "3"
|
|
restart: always
|
|
networks:
|
|
- backend
|
|
volumes:
|
|
- ${DIR}/database:/var/lib/mysql:rw
|
|
ports:
|
|
- "3307:3306"
|
|
labels:
|
|
- diun.enable=true
|
|
- "traefik.enable=false"
|
|
environment:
|
|
- PUID=${UID}
|
|
- PGID=${GID}
|
|
- TZ=${TZ}
|
|
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
|
- MYSQL_USER=${MYSQL_USERNAME}
|
|
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
|
|
|
web_db:
|
|
image: adminer
|
|
container_name: adminer
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "5m"
|
|
max-file: "3"
|
|
restart: always
|
|
networks:
|
|
- backend
|
|
labels:
|
|
- diun.enable=true
|
|
- "traefik.enable=true"
|
|
- "traefik.http.middlewares.webdb-mid.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24"
|
|
- "traefik.http.routers.webdb-secure.middlewares=webdb-mid"
|
|
- "traefik.http.routers.webdb-secure.entrypoints=web-secure"
|
|
- "traefik.http.routers.webdb-secure.rule=Host(`webdb.${DOMAIN}`)"
|
|
- "traefik.http.routers.webdb-secure.tls.certresolver=milvert_dns"
|
|
- "traefik.http.routers.webdb-secure.tls=true"
|
|
- "traefik.http.services.webdb-service.loadbalancer.server.port=8080"
|
|
depends_on:
|
|
- db
|
|
environment:
|
|
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
|
- MYSQL_USER=${MYSQL_USERNAME}
|
|
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
|
- PMA_ARBITRARY=1
|
|
|
|
postgres:
|
|
image: postgres:15
|
|
container_name: postgres
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "5m"
|
|
max-file: "3"
|
|
restart: always
|
|
networks:
|
|
- backend
|
|
volumes:
|
|
- ${DIR}/database_pg/data:/var/lib/postgresql/data
|
|
labels:
|
|
- diun.enable=true
|
|
- "traefik.enable=false"
|
|
environment:
|
|
- PUID=${UID}
|
|
- PGID=${GID}
|
|
- TZ=${TZ}
|
|
- POSTGRES_USER=${POSTGRES_USER}
|
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
|
|
|
|
|
pgadmin:
|
|
container_name: pgadmin_container
|
|
image: dpage/pgadmin4
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "5m"
|
|
max-file: "3"
|
|
environment:
|
|
PUID: ${UID}
|
|
PGID: ${GID}
|
|
TZ: ${TZ}
|
|
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
|
|
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
|
|
volumes:
|
|
- ${DIR}/database_pg/pgadmin:/root/.pgadmin
|
|
networks:
|
|
- backend
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- postgres
|
|
labels:
|
|
- diun.enable=true
|
|
- "traefik.enable=true"
|
|
#- "traefik.http.middlewares.webpg-mid.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24"
|
|
# # # - "traefik.http.routers.webpg-secure.middlewares=webpg-mid"
|
|
- "traefik.http.routers.webpg-secure.entrypoints=web-secure"
|
|
- "traefik.http.routers.webpg-secure.rule=Host(`webpg.${DOMAIN}`)"
|
|
- "traefik.http.routers.webpg-secure.tls.certresolver=milvert_dns"
|
|
- "traefik.http.routers.webpg-secure.tls=true"
|
|
#- "traefik.http.services.webpg-service.loadbalancer.server.port=8080"
|
|
|
|
redis:
|
|
image: redis:7.0-alpine
|
|
container_name: redis
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "5m"
|
|
max-file: "3"
|
|
restart: always
|
|
networks:
|
|
- backend
|
|
volumes:
|
|
- ${DIR}/redis:/var/lib/redis
|
|
#entrypoint: redis-server --appendonly yes --requirepass $REDIS_PASSWORD --maxmemory 512mb --maxmemory-policy allkeys-lru
|
|
labels:
|
|
- diun.enable=true
|
|
networks:
|
|
frontend:
|
|
external: true
|
|
backend:
|
|
external: false
|
|
|