networks: net: secrets: jwt: file: ./docker/secrets/not_secure session: file: ./docker/secrets/not_secure storage: file: ./docker/secrets/not_secure services: traefik: image: traefik:2.10 container_name: traefik restart: unless-stopped command: - '--api=true' - '--api.dashboard=true' - '--api.insecure=false' - '--pilot.dashboard=false' - '--global.sendAnonymousUsage=false' - '--global.checkNewVersion=false' - '--providers.docker=true' - '--providers.docker.exposedByDefault=false' - '--entryPoints.http=true' - '--entryPoints.http.address=:80/tcp' - '--entryPoints.http.http.redirections.entryPoint.to=https' - '--entryPoints.http.http.redirections.entryPoint.scheme=https' - '--entryPoints.http.forwardedHeaders.trustedIPs=172.23.0.0/16' - '--entryPoints.http.proxyProtocol.trustedIPs=172.23.0.0/16' - '--entryPoints.http.forwardedHeaders.insecure=false' - '--entryPoints.http.proxyProtocol.insecure=false' - '--entryPoints.https=true' - '--entryPoints.https.address=:443/tcp' - '--entryPoints.https.forwardedHeaders.trustedIPs=172.23.0.0/16' - '--entryPoints.https.proxyProtocol.trustedIPs=172.23.0.0/16' - '--entryPoints.https.forwardedHeaders.insecure=false' - '--entryPoints.https.proxyProtocol.insecure=false' environment: - TZ=Europe/Berlin volumes: - /var/run/docker.sock:/var/run/docker.sock ports: - '80:80' - '443:443' labels: - 'traefik.enable=true' - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fcafe.test/auth%2F' - 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true' - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' - 'traefik.http.routers.api.rule=Host(`proxy.cafe.test`)' - 'traefik.http.routers.api.entryPoints=https' - 'traefik.http.routers.api.tls=true' - 'traefik.http.routers.api.service=api@internal' networks: - net authelia: image: authelia/authelia:latest container_name: authelia secrets: - jwt - session - storage environment: - TZ=Europe/Berlin - AUTHELIA_JWT_SECRET_FILE=/run/secrets/jwt - AUTHELIA_SESSION_SECRET_FILE=/run/secrets/session - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/storage labels: - 'traefik.enable=true' - 'traefik.http.routers.authelia.rule=Host(`cafe.test`) && PathPrefix(`/auth`)' - 'traefik.http.routers.authelia.entryPoints=https' - 'traefik.http.routers.authelia.tls=true' volumes: - /etc/localtime:/etc/localtime:ro - ./docker/authelia:/config healthcheck: disable: true expose: - 9091 networks: - net cafe-frontend: build: context: . dockerfile_inline: | FROM node:18 container_name: cafe-frontend entrypoint: yarn run serve working_dir: /app labels: - 'traefik.enable=true' - 'traefik.http.routers.frontend.rule=Host(`cafe.test`)' - 'traefik.http.routers.frontend.entryPoints=https' - 'traefik.http.routers.frontend.tls=true' - 'traefik.http.routers.frontend.middlewares=authelia@docker' ports: - '8080:8080' networks: - net volumes: - ./frontend:/app/ cafe-backend: build: context: . dockerfile: docker/Dockerfile.dev args: - GOLANG_VERSION=${GOLANG_VERSION} container_name: cafe-backend command: air -c .air.toml environment: - PUID=1000 - PGID=1000 labels: - 'traefik.enable=true' - 'traefik.http.routers.backend.rule=Host(`cafe.test`) && PathPrefix(`/api`)' - 'traefik.http.routers.backend.entryPoints=https' - 'traefik.http.routers.backend.tls=true' - 'traefik.http.routers.backend.middlewares=authelia@docker' expose: - 8080 networks: - net volumes: - ./:/app/