From 1308488a2278ccc4c8d802304cbf9ed4e72c538c Mon Sep 17 00:00:00 2001 From: Colin Hebert Date: Sat, 7 Jan 2023 14:50:10 +0100 Subject: [PATCH] Set authentication on all services --- bootstrap.docker-compose.yml | 1 + collectors.docker-compose.yml | 6 +++ docker/configs/traefik/dynamic/authentik.yml | 43 ++++++++++++-------- docker/configs/traefik/dynamic/hsts.yml | 2 +- downloads.docker-compose.yml | 3 ++ media.docker-compose.yml | 1 + utilities.docker-compose.yml | 2 + 7 files changed, 40 insertions(+), 18 deletions(-) diff --git a/bootstrap.docker-compose.yml b/bootstrap.docker-compose.yml index ba45790..6c36a16 100644 --- a/bootstrap.docker-compose.yml +++ b/bootstrap.docker-compose.yml @@ -71,6 +71,7 @@ services: traefik.enable: true traefik.http.services.portainer.loadbalancer.server.port: 9443 traefik.http.services.portainer.loadbalancer.server.scheme: https + traefik.http.routers.portainer.middlewares: authentik@file networks: macvlan: diff --git a/collectors.docker-compose.yml b/collectors.docker-compose.yml index 99fd815..15db597 100644 --- a/collectors.docker-compose.yml +++ b/collectors.docker-compose.yml @@ -16,6 +16,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.mylar.middlewares: authentik@file lazylibrarian: image: linuxserver/lazylibrarian @@ -32,6 +33,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.lazylibrarian.middlewares: authentik@file sonarr: image: linuxserver/sonarr @@ -47,6 +49,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.sonarr.middlewares: authentik@file radarr: image: linuxserver/radarr @@ -62,6 +65,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.radarr.middlewares: authentik@file bazarr: image: linuxserver/bazarr @@ -76,6 +80,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.bazarr.middlewares: authentik@file ombi: image: linuxserver/ombi @@ -90,6 +95,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.ombi.middlewares: authentik@file networks: traefik: diff --git a/docker/configs/traefik/dynamic/authentik.yml b/docker/configs/traefik/dynamic/authentik.yml index 6ff0621..ff0dc74 100644 --- a/docker/configs/traefik/dynamic/authentik.yml +++ b/docker/configs/traefik/dynamic/authentik.yml @@ -1,18 +1,27 @@ http: - middlewares: - authentik: - forwardAuth: - address: http://authentik:9000/outpost.goauthentik.io/auth/traefik - trustForwardHeader: true - authResponseHeaders: - - X-authentik-username - - X-authentik-groups - - X-authentik-email - - X-authentik-name - - X-authentik-uid - - X-authentik-jwt - - X-authentik-meta-jwks - - X-authentik-meta-outpost - - X-authentik-meta-provider - - X-authentik-meta-app - - X-authentik-meta-version + middlewares: + authentik: + forwardAuth: + address: http://authentik:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version + - Authorization + + routers: + middlewares: + - authentik@file + general-auth: + rule: PathPrefix(`/outpost.goauthentik.io/`) + service: authentik-authentication@docker + priority: 1000 diff --git a/docker/configs/traefik/dynamic/hsts.yml b/docker/configs/traefik/dynamic/hsts.yml index afafc09..8ed0ea2 100644 --- a/docker/configs/traefik/dynamic/hsts.yml +++ b/docker/configs/traefik/dynamic/hsts.yml @@ -6,4 +6,4 @@ http: browserXssFilter: true stsSeconds: 31536000 # 1 year stsPreload: true - stsIncludeSubdomains: true \ No newline at end of file + stsIncludeSubdomains: true diff --git a/downloads.docker-compose.yml b/downloads.docker-compose.yml index 9909908..77baa9b 100644 --- a/downloads.docker-compose.yml +++ b/downloads.docker-compose.yml @@ -18,6 +18,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.prowlarr.middlewares: authentik@file flaresolverr: image: ngosang/flaresolverr:3.0.0.beta3 #TODO: Move to a stable version! @@ -56,6 +57,7 @@ services: labels: traefik.enable: true traefik.http.services.transmission.loadbalancer.server.port: 9091 + traefik.http.routers.transmission.middlewares: authentik@file youtube-dl: image: alexta69/metube @@ -75,6 +77,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.youtube-dl.middlewares: authentik@file # TODO: # NZBGet diff --git a/media.docker-compose.yml b/media.docker-compose.yml index 6d6b3ee..5b50855 100644 --- a/media.docker-compose.yml +++ b/media.docker-compose.yml @@ -39,6 +39,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.plaxt.middlewares: authentik@file # TODO: # Calibre-web diff --git a/utilities.docker-compose.yml b/utilities.docker-compose.yml index 4ce7983..eca3440 100644 --- a/utilities.docker-compose.yml +++ b/utilities.docker-compose.yml @@ -24,6 +24,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.smokeping.middlewares: authentik@file duckdns: image: linuxserver/duckdns @@ -46,6 +47,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.heimdall.middlewares: authentik@file networks: docker: