-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yaml
75 lines (71 loc) · 2.48 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
services:
traefik:
image: traefik
restart: unless-stopped
command:
#- "--log.level=DEBUG"
#- "--accesslog=true"
- "--api.insecure=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.defaultRule=Host(`{{ index .Labels \"com.docker.compose.service\" }}.$DOMAINNAME`)"
- "--providers.file.filename=/etc/traefik/traefik_config.yml"
- "--entrypoints.http.address=:443"
- "--entrypoints.http.http3=true"
- "--entrypoints.http.http.tls.certResolver=letsencrypt"
- "--entrypoints.http.http.middlewares=hsts@file,compression@file"
- "--certificatesResolvers.letsencrypt.acme.email=$ACMEMAIL"
- "--certificatesResolvers.letsencrypt.acme.storage=acme.json"
- "--certificatesResolvers.letsencrypt.acme.dnsChallenge.provider=desec"
networks:
- traefik
ports:
- 443:443
- 443:443/udp
- 9080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik_config.yml:/etc/traefik/traefik_config.yml
- ./acme.json:/acme.json
environment:
- DESEC_TOKEN
- DOMAINNAME
- GARMIN_BASIC_PW
labels:
- "com.centurylinklabs.watchtower.monitor-only=true"
auth:
image: ghcr.io/stefanschoof/traefik-forward-auth:2
restart: unless-stopped
networks:
- traefik
environment:
# - LOG_LEVEL=debug
- PROVIDERS_GOOGLE_CLIENT_ID
- PROVIDERS_GOOGLE_CLIENT_SECRET
- SECRET
- COOKIE_DOMAIN=$DOMAINNAME
- AUTH_HOST=auth.$DOMAINNAME
- LIFETIME=2592000 # 30 days
- WHITELIST
command:
# manifest json will be downloaded in default without cookie.
# Since this is not private, disable auth for it
- "--rule.manifest.action=allow"
- "--rule.manifest.rule=Path(`/manifest.json`) || Path(`/icon.png`) || PathPrefix(`/meta`) || PathPrefix(`/ico`)"
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.auth.forwardauth.address=http://auth:4181"
- "traefik.http.middlewares.auth.forwardauth.authResponseHeaders=X-Forwarded-User"
- "traefik.http.services.auth.loadbalancer.server.port=4181"
- "com.centurylinklabs.watchtower.monitor-only=true"
test:
image: containous/whoami
restart: unless-stopped
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.services.test.loadbalancer.server.port=80"
- "traefik.http.routers.test.middlewares=auth"
networks:
traefik:
name: traefik