129 lines
4 KiB
YAML
129 lines
4 KiB
YAML
networks:
|
|
net:
|
|
|
|
secrets:
|
|
jwt:
|
|
file: ./docker/secrets/not_secure
|
|
session:
|
|
file: ./docker/secrets/not_secure
|
|
storage:
|
|
file: ./docker/secrets/not_secure
|
|
|
|
services:
|
|
traefik:
|
|
image: traefik:2.10
|
|
container_name: traefik
|
|
restart: unless-stopped
|
|
command:
|
|
- '--api=true'
|
|
- '--api.dashboard=true'
|
|
- '--api.insecure=false'
|
|
- '--pilot.dashboard=false'
|
|
- '--global.sendAnonymousUsage=false'
|
|
- '--global.checkNewVersion=false'
|
|
- '--providers.docker=true'
|
|
- '--providers.docker.exposedByDefault=false'
|
|
- '--entryPoints.http=true'
|
|
- '--entryPoints.http.address=:80/tcp'
|
|
- '--entryPoints.http.http.redirections.entryPoint.to=https'
|
|
- '--entryPoints.http.http.redirections.entryPoint.scheme=https'
|
|
- '--entryPoints.http.forwardedHeaders.trustedIPs=172.23.0.0/16'
|
|
- '--entryPoints.http.proxyProtocol.trustedIPs=172.23.0.0/16'
|
|
- '--entryPoints.http.forwardedHeaders.insecure=false'
|
|
- '--entryPoints.http.proxyProtocol.insecure=false'
|
|
- '--entryPoints.https=true'
|
|
- '--entryPoints.https.address=:443/tcp'
|
|
- '--entryPoints.https.forwardedHeaders.trustedIPs=172.23.0.0/16'
|
|
- '--entryPoints.https.proxyProtocol.trustedIPs=172.23.0.0/16'
|
|
- '--entryPoints.https.forwardedHeaders.insecure=false'
|
|
- '--entryPoints.https.proxyProtocol.insecure=false'
|
|
environment:
|
|
- TZ=Europe/Berlin
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
ports:
|
|
- '80:80'
|
|
- '443:443'
|
|
labels:
|
|
- 'traefik.enable=true'
|
|
- 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fcafe.test/auth%2F'
|
|
- 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
|
|
- 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
|
|
- 'traefik.http.routers.api.rule=Host(`proxy.cafe.test`)'
|
|
- 'traefik.http.routers.api.entryPoints=https'
|
|
- 'traefik.http.routers.api.tls=true'
|
|
- 'traefik.http.routers.api.service=api@internal'
|
|
networks:
|
|
- net
|
|
|
|
authelia:
|
|
image: authelia/authelia:latest
|
|
container_name: authelia
|
|
secrets:
|
|
- jwt
|
|
- session
|
|
- storage
|
|
environment:
|
|
- TZ=Europe/Berlin
|
|
- AUTHELIA_JWT_SECRET_FILE=/run/secrets/jwt
|
|
- AUTHELIA_SESSION_SECRET_FILE=/run/secrets/session
|
|
- AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/storage
|
|
labels:
|
|
- 'traefik.enable=true'
|
|
- 'traefik.http.routers.authelia.rule=Host(`cafe.test`) && PathPrefix(`/auth`)'
|
|
- 'traefik.http.routers.authelia.entryPoints=https'
|
|
- 'traefik.http.routers.authelia.tls=true'
|
|
volumes:
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- ./docker/authelia:/config
|
|
healthcheck:
|
|
disable: true
|
|
expose:
|
|
- 9091
|
|
networks:
|
|
- net
|
|
|
|
cafe-frontend:
|
|
build:
|
|
context: .
|
|
dockerfile_inline: |
|
|
FROM node:18
|
|
container_name: cafe-frontend
|
|
entrypoint: yarn run serve
|
|
working_dir: /app
|
|
labels:
|
|
- 'traefik.enable=true'
|
|
- 'traefik.http.routers.frontend.rule=Host(`cafe.test`)'
|
|
- 'traefik.http.routers.frontend.entryPoints=https'
|
|
- 'traefik.http.routers.frontend.tls=true'
|
|
- 'traefik.http.routers.frontend.middlewares=authelia@docker'
|
|
ports:
|
|
- '8080:8080'
|
|
networks:
|
|
- net
|
|
volumes:
|
|
- ./web:/app/
|
|
|
|
cafe-backend:
|
|
build:
|
|
context: .
|
|
dockerfile: docker/Dockerfile.dev
|
|
args:
|
|
- GOLANG_VERSION=${GOLANG_VERSION}
|
|
container_name: cafe-backend
|
|
command: air -c .air.toml
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
labels:
|
|
- 'traefik.enable=true'
|
|
- 'traefik.http.routers.backend.rule=Host(`cafe.test`) && PathPrefix(`/api`)'
|
|
- 'traefik.http.routers.backend.entryPoints=https'
|
|
- 'traefik.http.routers.backend.tls=true'
|
|
- 'traefik.http.routers.backend.middlewares=authelia@docker'
|
|
expose:
|
|
- 8080
|
|
networks:
|
|
- net
|
|
volumes:
|
|
- ./:/app/
|