Set up authelia
This commit is contained in:
Colin Hebert
@@ -1,97 +1,28 @@
|
||||
name: authentication
|
||||
|
||||
services:
|
||||
postgresql:
|
||||
image: postgres:12-alpine
|
||||
authelia:
|
||||
image: authelia/authelia
|
||||
environment:
|
||||
- POSTGRES_USER=authentik
|
||||
- POSTGRES_DB=authentik
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_passwd
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
||||
start_period: 20s
|
||||
interval: 30s
|
||||
retries: 5
|
||||
timeout: 5s
|
||||
volumes:
|
||||
- database:/var/lib/postgresql/data
|
||||
secrets:
|
||||
- postgres_passwd
|
||||
restart: unless-stopped
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
command: --save 60 1 --loglevel warning
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
||||
start_period: 20s
|
||||
interval: 30s
|
||||
retries: 5
|
||||
timeout: 3s
|
||||
volumes:
|
||||
- redis:/data
|
||||
restart: unless-stopped
|
||||
|
||||
authentik:
|
||||
image: ghcr.io/goauthentik/server:2022.12.2
|
||||
command: server
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: authentik
|
||||
AUTHENTIK_POSTGRESQL__NAME: authentik
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/postgres_passwd
|
||||
AUTHENTIK_SECRET_KEY: file:///run/secrets/secret_key
|
||||
expose:
|
||||
- 9000
|
||||
NASCOMPOSE_TRAEFIK_DOMAINS: ${NASCOMPOSE_TRAEFIK_DOMAINS?}
|
||||
AUTHELIA_DEFAULT_REDIRECTION_URL: "" #Heimdall
|
||||
AUTHELIA_JWT_SECRET_FILE: /run/secret/jwt_secret
|
||||
networks:
|
||||
- default
|
||||
- traefik
|
||||
- macvlan
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- media:/media
|
||||
- custom-templates:/templates
|
||||
- config:/config
|
||||
secrets:
|
||||
- postgres_passwd
|
||||
- secret_key
|
||||
- jwt_secret
|
||||
labels:
|
||||
traefik.enable: true
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2022.12.2
|
||||
command: worker
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: authentik
|
||||
AUTHENTIK_POSTGRESQL__NAME: authentik
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/postgres_passwd
|
||||
AUTHENTIK_SECRET_KEY: file:///run/secrets/secret_key
|
||||
volumes:
|
||||
- media:/media
|
||||
- certs:/certs
|
||||
- custom-templates:/templates
|
||||
secrets:
|
||||
- postgres_passwd
|
||||
- secret_key
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
macvlan:
|
||||
external: true
|
||||
traefik:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
database:
|
||||
redis:
|
||||
media:
|
||||
certs:
|
||||
custom-templates:
|
||||
config:
|
||||
|
||||
secrets:
|
||||
postgres_passwd:
|
||||
file: ${NASCOMPOSE_SERVICES?}/secrets/authentik/postgres_passwd
|
||||
secret_key:
|
||||
file: ${NASCOMPOSE_SERVICES?}/secrets/authentik/secret_key
|
||||
jwt_secret:
|
||||
file: ${NASCOMPOSE_SERVICES?}/secrets/authelia/jwt_secret
|
||||
|
||||
Reference in New Issue
Block a user