-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathdocker-compose.yml
125 lines (111 loc) · 4.04 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
version: '3.7'
services:
traefik:
container_name: traefik
build: ./build/traefik/
restart: unless-stopped
networks:
dmz:
ipv4_address: ${DOCKER_TRAEFIK_IP}
web:
volumes:
#- traefik-conf:/etc/traefik
- ./config/traefik/toml:/etc/traefik/toml
- ./config/traefik/traefik.toml:/etc/traefik/traefik.toml
- traefik-acme:/etc/acme
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
labels:
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.http.middlewares.traefik-redirect.redirectregex.regex=^https://([^/]+)/(|dashboard)$$"
- "traefik.http.middlewares.traefik-redirect.redirectregex.replacement=https://$${1}/dashboard/"
- "traefik.http.middlewares.traefik-redirect.redirectregex.permanent=true"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.middlewares=traefik-redirect@docker,chain-oauth@file"
- "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAINNAME}`)"
- "traefik.http.routers.dashboard.tls.certResolver=tls"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
portainer:
container_name: portainer
image: portainer/portainer:1.24.2-alpine
command: -H unix:///var/run/docker.sock --admin-password '${PORTAINER_PASSWORD_HASH}'
restart: unless-stopped
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer-data:/data
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
labels:
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.routers.portainer.middlewares=chain-oauth@file"
- "traefik.http.routers.portainer.rule=Host(`portainer.${DOMAINNAME}`)"
- "traefik.http.routers.portainer.tls.certResolver=tls"
- "traefik.http.routers.portainer.service=portainer@docker"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
authelia:
container_name: authelia
image: authelia/authelia:4.37.5
volumes:
- ./config/authelia:/config
networks:
- web
restart: unless-stopped
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
labels:
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia.web:9091/api/verify?rd=https://authelia.${DOMAINNAME}"
- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups"
- "traefik.http.routers.authelia.rule=Host(`authelia.${DOMAINNAME}`)"
- "traefik.http.routers.authelia.service=authelia@docker"
- "traefik.http.routers.authelia.entrypoints=websecure"
- "traefik.http.routers.authelia.tls.certresolver=tls"
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
heimdall:
container_name: heimdall
image: lscr.io/linuxserver/heimdall
restart: unless-stopped
networks:
- web
volumes:
- ./config/heimdall:/config
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
labels:
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.http.routers.heimdall.entrypoints=websecure"
- "traefik.http.routers.heimdall.middlewares=chain-oauth@file"
- "traefik.http.routers.heimdall.rule=Host(`heimdall.${DOMAINNAME}`)"
- "traefik.http.routers.heimdall.tls.certResolver=tls"
- "traefik.http.routers.heimdall.service=heimdall@docker"
- "traefik.http.services.heimdall.loadbalancer.server.port=80"
networks:
web:
external: true
dmz:
external: true
volumes:
traefik-conf:
name: traefik-conf
traefik-acme:
name: traefik-acme
portainer-data:
name: portainer-data