Set authentication on all services

2023-01-07 14:50:10 +01:00
parent 4f60680307
commit 1308488a22
7 changed files with 40 additions and 18 deletions
--- a/bootstrap.docker-compose.yml
+++ b/bootstrap.docker-compose.yml
@@ -71,6 +71,7 @@ services:
      traefik.enable: true
      traefik.http.services.portainer.loadbalancer.server.port: 9443
      traefik.http.services.portainer.loadbalancer.server.scheme: https
+      traefik.http.routers.portainer.middlewares: authentik@file

 networks:
  macvlan:
--- a/collectors.docker-compose.yml
+++ b/collectors.docker-compose.yml
@@ -16,6 +16,7 @@ services:
    restart: unless-stopped
    labels:
      traefik.enable: true
+      traefik.http.routers.mylar.middlewares: authentik@file

  lazylibrarian:
    image: linuxserver/lazylibrarian
@@ -32,6 +33,7 @@ services:
    restart: unless-stopped
    labels:
      traefik.enable: true
+      traefik.http.routers.lazylibrarian.middlewares: authentik@file

  sonarr:
    image: linuxserver/sonarr
@@ -47,6 +49,7 @@ services:
    restart: unless-stopped
    labels:
      traefik.enable: true
+      traefik.http.routers.sonarr.middlewares: authentik@file

  radarr:
    image: linuxserver/radarr
@@ -62,6 +65,7 @@ services:
    restart: unless-stopped
    labels:
      traefik.enable: true
+      traefik.http.routers.radarr.middlewares: authentik@file

  bazarr:
    image: linuxserver/bazarr
@@ -76,6 +80,7 @@ services:
    restart: unless-stopped
    labels:
      traefik.enable: true
+      traefik.http.routers.bazarr.middlewares: authentik@file

  ombi:
    image: linuxserver/ombi
@@ -90,6 +95,7 @@ services:
    restart: unless-stopped
    labels:
      traefik.enable: true
+      traefik.http.routers.ombi.middlewares: authentik@file

 networks:
  traefik:
--- a/docker/configs/traefik/dynamic/authentik.yml
+++ b/docker/configs/traefik/dynamic/authentik.yml
@@ -1,18 +1,27 @@
 http:
-    middlewares:
-        authentik:
-            forwardAuth:
-                address: http://authentik:9000/outpost.goauthentik.io/auth/traefik
-                trustForwardHeader: true
-                authResponseHeaders:
-                    - X-authentik-username
-                    - X-authentik-groups
-                    - X-authentik-email
-                    - X-authentik-name
-                    - X-authentik-uid
-                    - X-authentik-jwt
-                    - X-authentik-meta-jwks
-                    - X-authentik-meta-outpost
-                    - X-authentik-meta-provider
-                    - X-authentik-meta-app
-                    - X-authentik-meta-version
+  middlewares:
+    authentik:
+      forwardAuth:
+        address: http://authentik:9000/outpost.goauthentik.io/auth/traefik
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
+          - X-authentik-jwt
+          - X-authentik-meta-jwks
+          - X-authentik-meta-outpost
+          - X-authentik-meta-provider
+          - X-authentik-meta-app
+          - X-authentik-meta-version
+          - Authorization
+
+  routers:
+      middlewares:
+        - authentik@file
+    general-auth:
+      rule: PathPrefix(`/outpost.goauthentik.io/`)
+      service: authentik-authentication@docker
+      priority: 1000
--- a/docker/configs/traefik/dynamic/hsts.yml
+++ b/docker/configs/traefik/dynamic/hsts.yml
@@ -6,4 +6,4 @@ http:
        browserXssFilter: true
        stsSeconds: 31536000 # 1 year
        stsPreload: true
-        stsIncludeSubdomains: true
+        stsIncludeSubdomains: true
--- a/downloads.docker-compose.yml
+++ b/downloads.docker-compose.yml
@@ -18,6 +18,7 @@ services:
    restart: unless-stopped
    labels:
      traefik.enable: true
+      traefik.http.routers.prowlarr.middlewares: authentik@file

  flaresolverr:
    image: ngosang/flaresolverr:3.0.0.beta3 #TODO: Move to a stable version!
@@ -56,6 +57,7 @@ services:
    labels:
      traefik.enable: true
      traefik.http.services.transmission.loadbalancer.server.port: 9091
+      traefik.http.routers.transmission.middlewares: authentik@file

  youtube-dl:
    image: alexta69/metube
@@ -75,6 +77,7 @@ services:
    restart: unless-stopped
    labels:
      traefik.enable: true
+      traefik.http.routers.youtube-dl.middlewares: authentik@file

 # TODO:
 # NZBGet
--- a/media.docker-compose.yml
+++ b/media.docker-compose.yml
@@ -39,6 +39,7 @@ services:
    restart: unless-stopped
    labels:
      traefik.enable: true
+      traefik.http.routers.plaxt.middlewares: authentik@file

  # TODO:
  # Calibre-web
--- a/utilities.docker-compose.yml
+++ b/utilities.docker-compose.yml
@@ -24,6 +24,7 @@ services:
    restart: unless-stopped
    labels:
      traefik.enable: true
+      traefik.http.routers.smokeping.middlewares: authentik@file

  duckdns:
    image: linuxserver/duckdns
@@ -46,6 +47,7 @@ services:
    restart: unless-stopped
    labels:
      traefik.enable: true
+      traefik.http.routers.heimdall.middlewares: authentik@file

 networks:
  docker: