45 lines
1.8 KiB
YAML
45 lines
1.8 KiB
YAML
secrets:
|
|
JWT_SECRET:
|
|
file: ${INFRA_PATH}/authelia/secrets/JWT_SECRET
|
|
SESSION_SECRET:
|
|
file: ${INFRA_PATH}/authelia/secrets/SESSION_SECRET
|
|
STORAGE_PASSWORD:
|
|
file: ${INFRA_PATH}/authelia/secrets/STORAGE_PASSWORD
|
|
STORAGE_ENCRYPTION_KEY:
|
|
file: ${INFRA_PATH}/authelia/secrets/STORAGE_ENCRYPTION_KEY
|
|
services:
|
|
authelia:
|
|
extends:
|
|
file: ${TEMPLATES_PATH}
|
|
service: default
|
|
container_name: authelia
|
|
image: authelia/authelia:latest
|
|
ports:
|
|
- 9959:9959 # metrics prometheus
|
|
networks:
|
|
- ip6net
|
|
expose:
|
|
- 9091
|
|
secrets: [JWT_SECRET, SESSION_SECRET, STORAGE_PASSWORD, STORAGE_ENCRYPTION_KEY]
|
|
environment:
|
|
AUTHELIA_JWT_SECRET_FILE: /run/secrets/JWT_SECRET
|
|
AUTHELIA_SESSION_SECRET_FILE: /run/secrets/SESSION_SECRET
|
|
AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /run/secrets/STORAGE_PASSWORD
|
|
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/STORAGE_ENCRYPTION_KEY
|
|
AUTHELIA_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} # this does not work for access control or openID yet
|
|
AUTHELIA_LOCAL_DOMAIN: ${LOCAL_DOMAIN} # this does not work for access control or openID yet
|
|
volumes:
|
|
- ${INFRA_PATH}/authelia/config:/config
|
|
labels:
|
|
# Watchtower
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
# Traefik
|
|
- 'traefik.enable=true'
|
|
- 'traefik.http.routers.authelia.rule=Host(`auth.${PUBLIC_DOMAIN}`)'
|
|
- "traefik.http.routers.authelia.tls.certresolver=myresolver"
|
|
- 'traefik.http.routers.authelia.entryPoints=https'
|
|
- 'traefik.http.routers.authelia.tls=true'
|
|
- 'traefik.http.routers.authelia.service=authelia-svc'
|
|
- 'traefik.http.services.authelia-svc.loadbalancer.server.port=9091'
|
|
# Middleware
|
|
- "traefik.http.routers.authelia.middlewares=crowdsec-bouncer@file" |