Compare commits
	
		
			No commits in common. "traefik3" and "traefik2" have entirely different histories.
		
	
	
		
	
		
							
								
								
									
										54
									
								
								.env
									
									
									
									
									
										Normal file
									
								
							
							
						
						|  | @ -0,0 +1,54 @@ | |||
| # .env (in ALL)   | ||||
| DOCKERDIR=/ssd/compose  # CHANGEME | ||||
| PUID=1100               # CHANGEME | ||||
| PGID=1100               # CHANGEME | ||||
| TZ=America/New_York | ||||
| DOMAIN=CHANGEME.net     # CHANGEME | ||||
| 
 | ||||
| 
 | ||||
| ################################################################   | ||||
| # PostgreSQL | ||||
| ################################################################   | ||||
| POSTGRES_DB=/run/secrets/authentik_postgresql_db | ||||
| POSTGRES_USER=/run/secrets/authentik_postgresql_user | ||||
| POSTGRES_PASSWORD=/run/secrets/authentik_postgresql_password | ||||
| 
 | ||||
| 
 | ||||
| ################################################################   | ||||
| # Authentik | ||||
| ################################################################   | ||||
| AUTHENTIK_REDIS__HOST=redis | ||||
| 
 | ||||
| AUTHENTIK_POSTGRESQL__HOST=postgresql | ||||
| AUTHENTIK_POSTGRESQL__NAME=$POSTGRES_DB | ||||
| AUTHENTIK_POSTGRESQL__USER=$POSTGRES_USER | ||||
| AUTHENTIK_POSTGRESQL__PASSWORD=$POSTGRES_PASSWORD | ||||
| 
 | ||||
| AUTHENTIK_ERROR_REPORTING__ENABLED: "false" | ||||
| AUTHENTIK_SECRET_KEY=/run/secrets/authentik_secret_key | ||||
| AUTHENTIK_COOKIE_DOMAIN=$DOMAIN | ||||
| # WORKERS=2 | ||||
| 
 | ||||
| # SMTP Host Emails are sent to | ||||
| AUTHENTIK_EMAIL__HOST=smtp.gmail.com | ||||
| AUTHENTIK_EMAIL__PORT=587 | ||||
| # Optionally authenticate (don't add quotation marks to your password) | ||||
| AUTHENTIK_EMAIL__USERNAME=CHANGEME@gmail.com | ||||
| AUTHENTIK_EMAIL__PASSWORD=/run/secrets/authelia_notifier_smtp_password | ||||
| # Use StartTLS | ||||
| AUTHENTIK_EMAIL__USE_TLS=false | ||||
| # Use SSL | ||||
| AUTHENTIK_EMAIL__USE_SSL=false | ||||
| AUTHENTIK_EMAIL__TIMEOUT=10 | ||||
| # Email address authentik will send from, should have a correct @domain | ||||
| AUTHENTIK_EMAIL__FROM=CHANGEME@gmail.com | ||||
| 
 | ||||
| 
 | ||||
| ################################################################   | ||||
| # GeoIP | ||||
| ################################################################   | ||||
| GEOIPUPDATE_ACCOUNT_ID=CHANGEME | ||||
| GEOIPUPDATE_LICENSE_KEY=CHANGEME | ||||
| AUTHENTIK_AUTHENTIK__GEOIP=/geoip/GeoLite2-City.mmdb | ||||
| GEOIPUPDATE_EDITION_IDS=GeoLite2-City | ||||
| GEOIPUPDATE_FREQUENCY=8 | ||||
|  | @ -1,125 +0,0 @@ | |||
| # Traefik 3.x (YAML) | ||||
| # Updated 2024-June-04 | ||||
| 
 | ||||
| ################################################################ | ||||
| # Global configuration - https://doc.traefik.io/traefik/reference/static-configuration/file/ | ||||
| ################################################################ | ||||
| global: | ||||
|   checkNewVersion: false | ||||
|   sendAnonymousUsage: false | ||||
| 
 | ||||
| ################################################################ | ||||
| # Entrypoints - https://doc.traefik.io/traefik/routing/entrypoints/ | ||||
| ################################################################ | ||||
| entryPoints: | ||||
|   web: | ||||
|     address: ":80" | ||||
|     # Global HTTP to HTTPS redirection | ||||
|     http: | ||||
|       redirections: | ||||
|         entrypoint: | ||||
|           to: websecure | ||||
|           scheme: https | ||||
| 
 | ||||
|   websecure: | ||||
|     address: ":443" | ||||
|     http: | ||||
|       tls: | ||||
|         options: tls-opts@file | ||||
|         certResolver: le | ||||
|         domains: | ||||
|           - main: "domain.tld" | ||||
|             sans: | ||||
|               - "*.domain.tld" | ||||
|     forwardedHeaders: | ||||
|       trustedIPs: | ||||
|         # Cloudflare (https://www.cloudflare.com/ips-v4) | ||||
|         - "173.245.48.0/20" | ||||
|         - "103.21.244.0/22" | ||||
|         - "103.22.200.0/22" | ||||
|         - "103.31.4.0/22" | ||||
|         - "141.101.64.0/18" | ||||
|         - "108.162.192.0/18" | ||||
|         - "190.93.240.0/20" | ||||
|         - "188.114.96.0/20" | ||||
|         - "197.234.240.0/22" | ||||
|         - "198.41.128.0/17" | ||||
|         - "162.158.0.0/15" | ||||
|         - "104.16.0.0/13" | ||||
|         - "104.24.0.0/14" | ||||
|         - "172.64.0.0/13" | ||||
|         - "131.0.72.0/22" | ||||
|         # Local IPs | ||||
|         - "127.0.0.1/32" | ||||
|         - "10.0.0.0/8" | ||||
|         - "192.168.0.0/16" | ||||
|         - "172.16.0.0/12" | ||||
| 
 | ||||
| ################################################################ | ||||
| # Logs - https://doc.traefik.io/traefik/observability/logs/ | ||||
| ################################################################ | ||||
| log: | ||||
|   level: INFO # Options: DEBUG, PANIC, FATAL, ERROR (Default), WARN, and INFO | ||||
|   filePath: /logs/traefik-container.log # Default is to STDOUT | ||||
|   # format: json # Uses text format (common) by default | ||||
|   noColor: false # Recommended to be true when using common | ||||
|   maxSize: 100 # In megabytes | ||||
|   compress: true # gzip compression when rotating | ||||
| 
 | ||||
| ################################################################ | ||||
| # Access logs - https://doc.traefik.io/traefik/observability/access-logs/ | ||||
| ################################################################ | ||||
| accessLog: | ||||
|   addInternals: true  # things like ping@internal | ||||
|   filePath: /logs/traefik-access.log # In the Common Log Format (CLF) by default | ||||
|   bufferingSize: 100 # Number of log lines | ||||
|   fields: | ||||
|     names: | ||||
|       StartUTC: drop  # Write logs in Container Local Time instead of UTC | ||||
|   filters: | ||||
|     statusCodes: | ||||
|       - "204-299" | ||||
|       - "400-499" | ||||
|       - "500-599" | ||||
| 
 | ||||
| ################################################################ | ||||
| # API and Dashboard | ||||
| ################################################################ | ||||
| api: | ||||
|   dashboard: true | ||||
|   # Rely on api@internal and Traefik with Middleware to control access | ||||
|   # insecure: true | ||||
| 
 | ||||
| ################################################################ | ||||
| # Providers - https://doc.traefik.io/traefik/providers/docker/ | ||||
| ################################################################ | ||||
| providers: | ||||
|   docker: | ||||
|     #endpoint: "unix:///var/run/docker.sock" # Comment if using socket-proxy | ||||
|     endpoint: "tcp://socket-proxy:2375" # Uncomment if using socket proxy | ||||
|     exposedByDefault: false | ||||
|     network: traefik  # network to use for connections to all containers | ||||
|     # defaultRule: TODO | ||||
| 
 | ||||
|   # Enable auto loading of newly created rules by watching a directory | ||||
|   file: | ||||
|   # Apps, LoadBalancers, TLS Options, Middlewares, Middleware Chains | ||||
|     directory: /rules | ||||
|     watch: true | ||||
| 
 | ||||
| ################################################################ | ||||
| # Let's Encrypt (ACME) | ||||
| ################################################################ | ||||
| certificatesResolvers: | ||||
|   le: | ||||
|     acme: | ||||
|       email: "CHANGEME@gmail.com" | ||||
|       storage: "/data/acme.json" | ||||
|       #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # Comment out when going prod | ||||
|       dnsChallenge: | ||||
|         provider: cloudflare | ||||
|         #delayBeforeCheck: 30 # Default is 2m0s.  This changes the delay (in seconds) | ||||
|         # Custom DNS server resolution | ||||
|         resolvers: | ||||
|           - "1.1.1.1:53" | ||||
|           - "8.8.8.8:53" | ||||
|  | @ -1,8 +0,0 @@ | |||
| http: | ||||
|   middlewares: | ||||
|     chain-no-auth: | ||||
|       chain: | ||||
|         middlewares: | ||||
|           - middlewares-rate-limit | ||||
|           - middlewares-secure-headers | ||||
|           - middlewares-compress | ||||
|  | @ -1,30 +0,0 @@ | |||
| ################################################################ | ||||
| # Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml) | ||||
| # 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs | ||||
| # https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/ | ||||
| # | ||||
| # Dynamic configuration | ||||
| ################################################################ | ||||
| http: | ||||
|   middlewares: | ||||
|     ################################################################ | ||||
|     # Forward Authentication - OAUTH / 2FA | ||||
|     ################################################################ | ||||
|     # | ||||
|     # https://github.com/goauthentik/authentik/issues/2366 | ||||
|     forwardAuth-authentik: | ||||
|       forwardAuth: | ||||
|         address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik" | ||||
|         trustForwardHeader: true | ||||
|         authResponseHeaders: | ||||
|           - X-authentik-username | ||||
|           - X-authentik-groups | ||||
|           - X-authentik-email | ||||
|           - X-authentik-name | ||||
|           - X-authentik-uid | ||||
|           - X-authentik-jwt | ||||
|           - X-authentik-meta-jwks | ||||
|           - X-authentik-meta-outpost | ||||
|           - X-authentik-meta-provider | ||||
|           - X-authentik-meta-app | ||||
|           - X-authentik-meta-version | ||||
|  | @ -1,18 +0,0 @@ | |||
| ################################################################ | ||||
| # Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml) | ||||
| # 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs | ||||
| # https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/ | ||||
| # | ||||
| # Dynamic configuration | ||||
| ################################################################ | ||||
| http: | ||||
|   middlewares: | ||||
|     # Prevent too large of a body | ||||
|     # https://stackoverflow.com/questions/49717670/how-to-config-upload-body-size-restriction-in-traefik | ||||
|     middlewares-buffering: | ||||
|       buffering: | ||||
|         maxRequestBodyBytes: 10485760 | ||||
|         memRequestBodyBytes: 2097152 | ||||
|         maxResponseBodyBytes: 10485760 | ||||
|         memResponseBodyBytes: 2097152 | ||||
|         retryExpression: "IsNetworkError() && Attempts() <= 2" | ||||
|  | @ -1,15 +0,0 @@ | |||
| ################################################################ | ||||
| # Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml) | ||||
| # 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs | ||||
| # https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/ | ||||
| # | ||||
| # Dynamic configuration | ||||
| ################################################################ | ||||
| http: | ||||
|   middlewares: | ||||
|     # Compress to save bandwidth | ||||
|     middlewares-compress: | ||||
|       compress: {} | ||||
| 
 | ||||
| ----------------------- | ||||
|  middlewares-https-redirectscheme.yaml | ||||
|  | @ -1,15 +0,0 @@ | |||
| ################################################################ | ||||
| # Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml) | ||||
| # 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs | ||||
| # https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/ | ||||
| # | ||||
| # Dynamic configuration | ||||
| ################################################################ | ||||
| http: | ||||
|   middlewares: | ||||
|     # Middleware for Redirection | ||||
|     # This can be used instead of global redirection | ||||
|     middlewares-https-redirectscheme: | ||||
|       redirectScheme: | ||||
|         scheme: https | ||||
|         permanent: true | ||||
|  | @ -1,14 +0,0 @@ | |||
| ################################################################ | ||||
| # Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml) | ||||
| # 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs | ||||
| # https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/ | ||||
| # | ||||
| # Dynamic configuration | ||||
| ################################################################ | ||||
| http: | ||||
|   middlewares: | ||||
|     # DDoS Prevention | ||||
|     middlewares-rate-limit: | ||||
|       rateLimit: | ||||
|         average: 100 | ||||
|         burst: 50 | ||||
|  | @ -1,38 +0,0 @@ | |||
| ################################################################ | ||||
| # Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml) | ||||
| # 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs | ||||
| # https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/ | ||||
| # | ||||
| # Dynamic configuration | ||||
| ################################################################ | ||||
| http: | ||||
|   middlewares: | ||||
|     ################################################################ | ||||
|     # Good Basic Security Practices | ||||
|     ################################################################ | ||||
|     middlewares-secure-headers: | ||||
|       headers: | ||||
|         accessControlAllowMethods: | ||||
|           - GET | ||||
|           - OPTIONS | ||||
|           - PUT | ||||
|         accessControlMaxAge: 100 | ||||
|         hostsProxyHeaders: | ||||
|           - "X-Forwarded-Host" | ||||
|         stsSeconds: 63072000 | ||||
|         stsIncludeSubdomains: true | ||||
|         stsPreload: true | ||||
|         forceSTSHeader: true | ||||
|         customFrameOptionsValue: "allow-from https:{{env "DOMAINNAME"}}" #CSP takes care of this but may be needed for organizr. | ||||
|         # customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | ||||
|         contentTypeNosniff: true | ||||
|         browserXssFilter: true | ||||
|         # sslForceHost: true # add sslHost to all of the services | ||||
|         # sslHost: "{{env "DOMAINNAME"}}" | ||||
|         referrerPolicy: "same-origin" | ||||
|         permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=()" | ||||
|         customResponseHeaders: | ||||
|           X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex," | ||||
|           server: "" | ||||
|           # https://community.traefik.io/t/how-to-make-websockets-work-with-traefik-2-0-setting-up-rancher/1732 | ||||
|           # X-Forwarded-Proto: "https" | ||||
|  | @ -1,35 +0,0 @@ | |||
| ################################################################ | ||||
| # TLS Options (https://jellyfin.org/docs/general/networking/traefik2.html#traefik-providertoml) | ||||
| # toml -> yml | ||||
| # 2024 updates to cipherSuites from (https://www.smarthomebeginner.com/traefik-v3-docker-compose-guide-2024/) | ||||
| # | ||||
| # Set secure options by disabling insecure older TLS/SSL versions | ||||
| # and insecure ciphers. SNIStrict disabled leaves TLS1.0 open. | ||||
| # If you have problems with older clients, you can may need to relax | ||||
| # these minimums. This configuration will give you an A+ SSL security | ||||
| # score supporting TLS1.2 and TLS1.3 | ||||
| # | ||||
| # Dynamic configuration | ||||
| # https://doc.traefik.io/traefik/https/tls/ | ||||
| ################################################################ | ||||
| tls: | ||||
|   options: | ||||
|     tls-opts: | ||||
|       sniStrict: true | ||||
|       minVersion: VersionTLS12 | ||||
|       cipherSuites: | ||||
|         - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ||||
|         - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ||||
|         - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ||||
|         - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ||||
|         - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 | ||||
|         - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 | ||||
|         - TLS_AES_128_GCM_SHA256 | ||||
|         - TLS_AES_256_GCM_SHA384 | ||||
|         - TLS_CHACHA20_POLY1305_SHA256 | ||||
|         - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507 | ||||
|       curvePreferences: | ||||
|         - secp521r1 # CurveP521 | ||||
|         - secp384r1 # CurveP384 | ||||
|     mintls13: | ||||
|       minVersion: VersionTLS13 | ||||
							
								
								
									
										179
									
								
								docker-compose.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						|  | @ -0,0 +1,179 @@ | |||
| version: "3.9" | ||||
| 
 | ||||
| ############################################################### | ||||
| # Services | ||||
| ############################################################### | ||||
| services: | ||||
| 
 | ||||
|   postgresql: | ||||
|     image: postgres:12-alpine | ||||
|     container_name: authentik_postgres | ||||
|     restart: unless-stopped | ||||
|     healthcheck: | ||||
|       test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] | ||||
|       start_period: 20s | ||||
|       interval: 30s | ||||
|       retries: 5 | ||||
|       timeout: 5s | ||||
|     networks: | ||||
|       - traefik | ||||
|     volumes: | ||||
|       - "$DOCKERDIR/apps/authentik/postgresql/data:/var/lib/postgresql/data" | ||||
|     environment: | ||||
|       - POSTGRES_DB | ||||
|       - POSTGRES_USER | ||||
|       - POSTGRES_PASSWORD | ||||
|     secrets: | ||||
|       - authentik_postgresql_db | ||||
|       - authentik_postgresql_user | ||||
|       - authentik_postgresql_password | ||||
| 
 | ||||
| 
 | ||||
|   redis: | ||||
|     image: redis:alpine | ||||
|     container_name: authentik_redis | ||||
|     restart: unless-stopped | ||||
|     healthcheck: | ||||
|       test: ["CMD-SHELL", "redis-cli ping | grep PONG"] | ||||
|       start_period: 20s | ||||
|       interval: 30s | ||||
|       retries: 5 | ||||
|       timeout: 3s | ||||
|     networks: | ||||
|       - traefik | ||||
| 
 | ||||
| 
 | ||||
|   # Use the embedded outpost (2021.8.1+) instead of the seperate Forward Auth / Proxy Provider container | ||||
|   authentik_server: | ||||
|     image: ghcr.io/goauthentik/server:latest | ||||
|     container_name: authentik_server | ||||
|     restart: unless-stopped | ||||
|     command: server | ||||
|     networks: | ||||
|       - traefik | ||||
|     volumes: | ||||
|       - "$DOCKERDIR/apps/authentik/media:/media" | ||||
|       - "$DOCKERDIR/apps/authentik/custom-templates:/templates" | ||||
|       - "$DOCKERDIR/apps/authentik/geoip/data:/geoip" | ||||
|     environment: | ||||
|       - AUTHENTIK_REDIS__HOST | ||||
|       - AUTHENTIK_POSTGRESQL__HOST | ||||
|       - AUTHENTIK_POSTGRESQL__NAME | ||||
|       - AUTHENTIK_POSTGRESQL__USER | ||||
|       - AUTHENTIK_POSTGRESQL__PASSWORD | ||||
|       - AUTHENTIK_EMAIL__PASSWORD | ||||
|       - AUTHENTIK_ERROR_REPORTING__ENABLED | ||||
|       - AUTHENTIK_SECRET_KEY | ||||
|       - AUTHENTIK_COOKIE_DOMAIN | ||||
|       # - WORKERS | ||||
|     secrets: | ||||
|       - authentik_postgresql_db | ||||
|       - authentik_postgresql_user | ||||
|       - authentik_postgresql_password | ||||
|       - authelia_notifier_smtp_password | ||||
|       - authentik_secret_key | ||||
|     labels: | ||||
|       - "traefik.enable=true" | ||||
|       ## HTTP Routers | ||||
|       - "traefik.http.routers.authentik-rtr.rule=Host(`authentik.$DOMAIN`)" | ||||
|       - "traefik.http.routers.authentik-rtr.entrypoints=websecure" | ||||
|       - "traefik.http.routers.authentik-rtr.tls=true" | ||||
|       - "traefik.http.routers.authentik-rtr.tls.certresolver=le" | ||||
|       ## Individual Application forwardAuth regex (catch any subdomain using individual application forwardAuth)   | ||||
|       - "traefik.http.routers.authentik-rtr-outpost.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.$DOMAIN`) && PathPrefix(`/outpost.goauthentik.io/`)" | ||||
|       - "traefik.http.routers.authentik-rtr-outpost.entrypoints=websecure" | ||||
|       - "traefik.http.routers.authentik-rtr-outpost.tls=true" | ||||
|       - "traefik.http.routers.authentik-rtr-outpost.tls.certresolver=le" | ||||
|       ## HTTP Services | ||||
|       - "traefik.http.routers.authentik-rtr.service=authentik-svc" | ||||
|       - "traefik.http.services.authentik-svc.loadBalancer.server.port=9000" | ||||
| 
 | ||||
| 
 | ||||
|   authentik_worker: | ||||
|     image: ghcr.io/goauthentik/server:latest | ||||
|     container_name: authentik_worker | ||||
|     restart: unless-stopped | ||||
|     command: worker | ||||
|     networks: | ||||
|       - traefik | ||||
|     volumes: | ||||
|       - "$DOCKERDIR/apps/authentik/media:/media" | ||||
|       - "$DOCKERDIR/apps/authentik/custom-templates:/templates" | ||||
|       - "$DOCKERDIR/apps/authentik/geoip/data:/geoip" | ||||
|     environment: | ||||
|       - AUTHENTIK_REDIS__HOST | ||||
|       - AUTHENTIK_POSTGRESQL__HOST | ||||
|       - AUTHENTIK_POSTGRESQL__NAME | ||||
|       - AUTHENTIK_POSTGRESQL__USER | ||||
|       - AUTHENTIK_POSTGRESQL__PASSWORD | ||||
|       - AUTHENTIK_EMAIL__PASSWORD | ||||
|       - AUTHENTIK_ERROR_REPORTING__ENABLED | ||||
|       - AUTHENTIK_SECRET_KEY | ||||
|       - AUTHENTIK_COOKIE_DOMAIN | ||||
|     secrets: | ||||
|       - authentik_postgresql_db | ||||
|       - authentik_postgresql_user | ||||
|       - authentik_postgresql_password | ||||
|       - authelia_notifier_smtp_password | ||||
|       - authentik_secret_key | ||||
|      | ||||
| 
 | ||||
|   geoipupdate: | ||||
|     image: maxmindinc/geoipupdate:latest | ||||
|     container_name: geoipupdate | ||||
|     restart: unless-stopped | ||||
|     volumes: | ||||
|       - "$DOCKERDIR/apps/authentik/geoip/data:/usr/share/GeoIP" | ||||
|     environment: | ||||
|       - GEOIPUPDATE_EDITION_IDS | ||||
|       - GEOIPUPDATE_FREQUENCY | ||||
|       - GEOIPUPDATE_ACCOUNT_ID | ||||
|       - GEOIPUPDATE_LICENSE_KEY | ||||
| 
 | ||||
| 
 | ||||
|   whoami-test: | ||||
|     image: traefik/whoami | ||||
|     container_name: whoami-test | ||||
|     restart: unless-stopped | ||||
|     security_opt: | ||||
|       - no-new-privileges:true | ||||
|     networks: | ||||
|       - traefik | ||||
|     environment: | ||||
|       - TZ | ||||
|     labels: | ||||
|       - "traefik.enable=true" | ||||
|       ## HTTP Routers | ||||
|       - "traefik.http.routers.whoami-test-rtr.rule=Host(`whoami-test.$DOMAIN`)" | ||||
|       - "traefik.http.routers.whoami-test-rtr.entrypoints=websecure" | ||||
|       - "traefik.http.routers.whoami-test-rtr.tls=true" | ||||
|       - "traefik.http.routers.whoami-test-rtr.tls.certresolver=le" | ||||
|       ## Middlewares | ||||
|       - "traefik.http.routers.whoami-test-rtr.middlewares=middlewares-authentik@file" | ||||
| 
 | ||||
| 
 | ||||
| ############################################################### | ||||
| # Docker Secrets | ||||
| ############################################################### | ||||
| secrets: | ||||
|   # Authentik Postgres | ||||
|   authentik_postgresql_db: | ||||
|     file: $DOCKERDIR/secrets/authentik_postgresql_db | ||||
|   authentik_postgresql_user: | ||||
|     file: $DOCKERDIR/secrets/authentik_postgresql_user | ||||
|   authentik_postgresql_password: | ||||
|     file: $DOCKERDIR/secrets/authentik_postgresql_password | ||||
|   # Authentik | ||||
|   authentik_secret_key: | ||||
|     file: $DOCKERDIR/secrets/authentik_secret_key | ||||
|   # GMail Auth Account | ||||
|   authelia_notifier_smtp_password: | ||||
|     file: $DOCKERDIR/secrets/authelia_notifier_smtp_password | ||||
| 
 | ||||
| 
 | ||||
| ############################################################### | ||||
| # Networks | ||||
| ############################################################### | ||||
| networks: | ||||
|   traefik: | ||||
|     external: true | ||||
| Before Width: | Height: | Size: 123 KiB | 
| Before Width: | Height: | Size: 91 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/admin-interface-button.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 7.9 KiB | 
| Before Width: | Height: | Size: 76 KiB | 
| Before Width: | Height: | Size: 100 KiB | 
| Before Width: | Height: | Size: 106 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/akadmin-edit.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 26 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/akadmin-user-update.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 29 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/akadmin-user.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 79 KiB | 
| Before Width: | Height: | Size: 59 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-application-create.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 35 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-application-domain-settings.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 74 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-application-individual-create.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 36 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-application-individual-settings.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 57 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-domain-wide-application-and-provider.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 14 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-edit-outpost-individual-app.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 44 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-edit-outpost.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 42 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-individual-application-bound-to-provider.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 42 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-providers-create.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 30 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-providers-individual-provider-create.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 45 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-proxy-provider-creation-individual.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 62 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-proxy-provider-creation.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 90 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-proxy-provider-individual-not-bound.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 41 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-proxy-provider-not-assigned.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 20 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-proxy-provider.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 37 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-setup.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 325 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-stages-menu.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 50 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/authentik-users-create.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 43 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/backup-admin-creation.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 28 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/backup-admin-set-password.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 63 KiB | 
| Before Width: | Height: | Size: 100 KiB | 
| Before Width: | Height: | Size: 102 KiB | 
| Before Width: | Height: | Size: 113 KiB | 
| Before Width: | Height: | Size: 172 KiB | 
| Before Width: | Height: | Size: 152 KiB | 
| Before Width: | Height: | Size: 1.7 MiB | 
| Before Width: | Height: | Size: 174 KiB | 
| Before Width: | Height: | Size: 121 KiB | 
| Before Width: | Height: | Size: 63 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/edit-mfa-stage-button.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 27 KiB | 
| Before Width: | Height: | Size: 87 KiB | 
| Before Width: | Height: | Size: 70 KiB | 
| Before Width: | Height: | Size: 121 KiB | 
| Before Width: | Height: | Size: 79 KiB | 
| Before Width: | Height: | Size: 15 KiB | 
| Before Width: | Height: | Size: 556 KiB | 
| Before Width: | Height: | Size: 323 KiB | 
| Before Width: | Height: | Size: 41 KiB | 
| Before Width: | Height: | Size: 41 KiB | 
| Before Width: | Height: | Size: 156 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/forwardAuth-domain-redirect-screen.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 721 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/forwardAuth-domain-splash.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 826 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/forwardAuth-individual-splash.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 569 KiB | 
| Before Width: | Height: | Size: 88 KiB | 
| Before Width: | Height: | Size: 122 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/m-app.png
									
									
									
									
									
								
							
							
						
						| Before Width: | Height: | Size: 79 KiB | 
| Before Width: | Height: | Size: 140 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/m-pp.png
									
									
									
									
									
								
							
							
						
						| Before Width: | Height: | Size: 144 KiB | 
| Before Width: | Height: | Size: 52 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/mfa-remove-static-tokens.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 10 KiB | 
| Before Width: | Height: | Size: 147 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/mfa-settings-force.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 110 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/mfa-stage-default-settings.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 44 KiB | 
| Before Width: | Height: | Size: 110 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/mfa-webauthn-devices-shown.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 19 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/mfa-webauthn-pin.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 8.5 KiB | 
| Before Width: | Height: | Size: 51 KiB | 
| Before Width: | Height: | Size: 144 KiB | 
| Before Width: | Height: | Size: 108 KiB | 
| Before Width: | Height: | Size: 108 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/outpost-after-domain-update.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 57 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/outpost-after-individual-app.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 64 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/outpost-before-domain-update.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 58 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/outpost-before-individual-app.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 64 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/outpost-screen-with-both-providers.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 44 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/outpost-screen-with-domain-provider.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 45 KiB | 
| Before Width: | Height: | Size: 74 KiB | 
| Before Width: | Height: | Size: 139 KiB | 
| Before Width: | Height: | Size: 143 KiB | 
| Before Width: | Height: | Size: 127 KiB | 
| Before Width: | Height: | Size: 40 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/setup.png
									
									
									
									
									
								
							
							
						
						| Before Width: | Height: | Size: 280 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/token-create-on-key.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 14 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/token-setup-chrome-prompt.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 405 KiB | 
| Before Width: | Height: | Size: 71 KiB | 
| Before Width: | Height: | Size: 66 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/user-interface-button.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 25 KiB | 
							
								
								
									
										
											BIN
										
									
								
								images/user-mfa-screen-security-key.png
									
									
									
									
									
										Normal file
									
								
							
							
						
						| After Width: | Height: | Size: 16 KiB |