beatz174-bit
31 lines
1.3 KiB
YAML
31 lines
1.3 KiB
YAML
services:
|
|
authelia:
|
|
profiles: ["core","all","authelia"]
|
|
image: authelia/authelia
|
|
restart: always
|
|
build:
|
|
context: ${PROJECT_ROOT}/core/authelia
|
|
# env_file:
|
|
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
|
# environment:
|
|
# - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:${AUTHELIA_JWT_SECRET}
|
|
# - AUTHELIA_SESSION_SECRET:${AUTHELIA_SESSION_SECRET}
|
|
# - AUTHELIA_STORAGE_ENCRYPTION_KEY:${AUTHELIA_STORAGE_ENCRYPTION_KEY}
|
|
volumes:
|
|
- ${PROJECT_ROOT}/core/authelia:/config
|
|
networks:
|
|
# - reverse_proxy
|
|
- traefik
|
|
container_name: authelia
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.authelia.rule=Host(`auth.lan.ddnsgeek.com`)
|
|
- traefik.http.routers.authelia.entrypoints=websecure
|
|
- traefik.http.routers.authelia.tls=true
|
|
- traefik.http.routers.authelia.tls.certresolver=myresolver
|
|
- io.portainer.accesscontrol.public
|
|
- traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/
|
|
- traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
|
|
- traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups
|
|
- traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize=2097152
|