beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden compose secrets and add required provisioning docs

Browse Source
This commit is contained in:
beatz174-bit
2026-04-07 16:12:50 +10:00
parent 417973b1cb
commit 3c2d28c763
14 changed files with 242 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/authelia/configuration.yml
+3 -6
View File
@@ -3,16 +3,16 @@ server.address: tcp://0.0.0.0:9091
log:
level: info
identity_validation.reset_password.jwt_secret: T72Xcxa4d7xpQRypFDZpunlZt0IjqspojmBlxBr69gnkRjzR144YgjZsgFYZK0gS
identity_validation.reset_password.jwt_secret: ${AUTHELIA_JWT_SECRET}
session:
secret: BYksO7YUAJ8gXx9Endgpe46RgB10nkeKpD1qcQPt0GuYGQm2pS2zjJtNOrCEqpav
secret: ${AUTHELIA_SESSION_SECRET}
cookies:
- domain: lan.ddnsgeek.com
authelia_url: https://auth.lan.ddnsgeek.com
storage:
encryption_key: N7mkWziClgDhLgZDRkRwU6jEHmGF6ciOt53pzoFcZ0meEV1AZCC5bWZd24jeu19y
encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
local:
path: /config/data/db.sqlite3
@@ -23,8 +23,6 @@ authentication_backend:
access_control:
default_policy: deny
rules:
# - domain: "*.lan.ddnsgeek.com"
# policy: two_factor
- domain: alertmanager.lan.ddnsgeek.com
resources:
- "^/api/.*"
@@ -45,7 +43,6 @@ access_control:
- "^/metrics"
policy: bypass
- domain: "*.lan.ddnsgeek.com"
policy: two_factor
core/docker-compose.yml
+5
View File
@@ -17,6 +17,8 @@ services:
build:
context: ${PROJECT_ROOT}/core
env_file:
- ${PROJECT_ROOT}/secrets/stack-secrets.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
@@ -52,6 +54,7 @@ services:
restart: always
environment:
- COLLECTIONS=crowdsecurity/traefik
- CROWDSEC_LAPI_KEY=${CROWDSEC_LAPI_KEY}
volumes:
- ${PROJECT_ROOT}/core/crowdsec/logs:/logs:ro
- ${PROJECT_ROOT}/core/crowdsec/data:/var/lib/crowdsec/data
@@ -99,6 +102,8 @@ services:
restart: always
build:
context: ${PROJECT_ROOT}/core/authelia
env_file:
- ${PROJECT_ROOT}/secrets/stack-secrets.env
volumes:
- ${PROJECT_ROOT}/core/authelia:/config
networks:
core/traefik/dynamic.yml
+1 -1
View File
@@ -4,7 +4,7 @@ http:
plugin:
crowdsec-bouncer:
crowdsecMode: live
crowdsecLapiKey: HeneLa2mazFVzl5+DQRKOdchBuJxKdjrHsHBE/03Acs
crowdsecLapiKey: ${CROWDSEC_LAPI_KEY}
crowdsecLapiHost: crowdsec:8080
crowdsecLapiScheme: http