Compare commits
2 commits
8181de3f12
...
34deb92194
| Author | SHA1 | Date | |
|---|---|---|---|
| 34deb92194 | |||
| 37dc3b82d9 |
5 changed files with 120 additions and 6 deletions
90
auth/docker-compose.yml
Normal file
90
auth/docker-compose.yml
Normal file
|
|
@ -0,0 +1,90 @@
|
|||
services:
|
||||
|
||||
authentik-server:
|
||||
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
- AUTHENTIK_REDIS__HOST=redis
|
||||
- AUTHENTIK_POSTGRESQL__HOST=postgresql
|
||||
- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
|
||||
- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
|
||||
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
|
||||
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
|
||||
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
|
||||
volumes:
|
||||
- ${VOLUMES_PATH}/auth/media:/media
|
||||
- ${VOLUMES_PATH}/auth/custom-templates:/templates
|
||||
depends_on:
|
||||
postgresql:
|
||||
condition: service_healthy
|
||||
redis:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- web
|
||||
- auth
|
||||
|
||||
authentik-worker:
|
||||
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
environment:
|
||||
- AUTHENTIK_REDIS__HOST=redis
|
||||
- AUTHENTIK_POSTGRESQL__HOST=postgresql
|
||||
- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
|
||||
- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
|
||||
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
|
||||
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
|
||||
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
|
||||
user: root
|
||||
volumes:
|
||||
# - /var/run/docker.sock:/var/run/docker.sock
|
||||
- ${VOLUMES_PATH}/auth/media:/media
|
||||
- ${VOLUMES_PATH}/auth/certs:/certs
|
||||
- ${VOLUMES_PATH}/auth/custom-templates:/templates
|
||||
depends_on:
|
||||
postgresql:
|
||||
condition: service_healthy
|
||||
redis:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- auth
|
||||
|
||||
postgresql:
|
||||
image: postgres:${POSTGRES_VERSION}
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
||||
start_period: 20s
|
||||
interval: 30s
|
||||
retries: 5
|
||||
timeout: 5s
|
||||
volumes:
|
||||
- ${VOLUMES_PATH}/auth/postgres/:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||
- POSTGRES_USER=${POSTGRES_USER}
|
||||
- POSTGRES_DB=${POSTGRES_DB}
|
||||
networks:
|
||||
- auth
|
||||
|
||||
redis:
|
||||
image: redis:${REDIS_VERSION}
|
||||
command: --save 60 1 --loglevel warning
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
||||
start_period: 20s
|
||||
interval: 30s
|
||||
retries: 5
|
||||
timeout: 3s
|
||||
volumes:
|
||||
- ${VOLUMES_PATH}/auth/redis:/data
|
||||
networks:
|
||||
- auth
|
||||
|
||||
|
||||
networks:
|
||||
auth:
|
||||
web:
|
||||
external: true
|
||||
|
|
@ -60,6 +60,9 @@ services:
|
|||
- USERMAP_GID=1000
|
||||
- PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/scripts/removePdfPassword.py
|
||||
- PAPERLESS_OCR_USER_ARGS=${USER_ARGS_JSON}
|
||||
- PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
|
||||
- PAPERLESS_SOCIALACCOUNT_PROVIDERS=${PAPERLESS_SOCIALACCOUNT_PROVIDERS}
|
||||
- PAPERLESS_CSRF_TRUSTED_ORIGINS=https://paperless.home.florianzirker.de,https://auth.home.florianzirker.de
|
||||
labels:
|
||||
- "docker.group=paperless"
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,15 @@
|
|||
output stdout
|
||||
format console
|
||||
}
|
||||
debug
|
||||
}
|
||||
|
||||
(proxy-auth) {
|
||||
reverse_proxy /outpost.goauthentik.io/* http://authentik-server:9000
|
||||
forward_auth http://authentik-server:9000 {
|
||||
uri /outpost.goauthentik.io/auth/caddy
|
||||
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
|
||||
trusted_proxies private_ranges
|
||||
}
|
||||
}
|
||||
|
||||
*.{$DOMAIN} {
|
||||
|
|
@ -22,7 +30,10 @@
|
|||
|
||||
@whoami host whoami.{$DOMAIN}
|
||||
handle @whoami {
|
||||
reverse_proxy whoami:80
|
||||
route {
|
||||
import proxy-auth
|
||||
reverse_proxy whoami:80
|
||||
}
|
||||
}
|
||||
|
||||
@dashboard host dashboard.{$DOMAIN}
|
||||
|
|
@ -38,7 +49,10 @@
|
|||
|
||||
@zigbee2mqtt host zigbee2mqtt.{$DOMAIN}
|
||||
handle @zigbee2mqtt {
|
||||
reverse_proxy zigbee2mqtt:8080
|
||||
route {
|
||||
import proxy-auth
|
||||
reverse_proxy zigbee2mqtt:8080
|
||||
}
|
||||
}
|
||||
|
||||
@jellyfin host jellyfin.{$DOMAIN}
|
||||
|
|
@ -63,7 +77,15 @@
|
|||
|
||||
@torrent host torrent.{$DOMAIN}
|
||||
handle @torrent {
|
||||
reverse_proxy transmission:9091
|
||||
route {
|
||||
import proxy-auth
|
||||
reverse_proxy transmission:9091
|
||||
}
|
||||
}
|
||||
|
||||
@auth host auth.{$DOMAIN}
|
||||
handle @auth {
|
||||
reverse_proxy authentik-server:9000
|
||||
}
|
||||
|
||||
# Fallback unhandled (sub)domains
|
||||
|
|
|
|||
|
|
@ -37,6 +37,4 @@ services:
|
|||
networks:
|
||||
web:
|
||||
external: true
|
||||
dockersocket:
|
||||
external: true
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ function up {
|
|||
}
|
||||
|
||||
up proxy;
|
||||
up auth;
|
||||
up monitoring;
|
||||
up smartHome;
|
||||
up dashboard;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue