server-setup/Docker/traefik & grafana & authelia/docker-compose.yml

version: "3.9"

networks:
  proxy:
    external: true
  metrics:
    external: false
  authelia:
    external: false

secrets:
  jwt:
    file: ./secrets/authelia_jwt
  session:
    file: ./secrets/authelia_session
  storage:
    file: ./secrets/authelia_storage
  smtp:
    file: ./secrets/authelia_smtp
  hetzner:
    file: ./secrets/hetzner_key

volumes:
  redis:

services:
  authelia:
    image: authelia/authelia:latest
    container_name: authelia
    restart: always
    secrets:
      - jwt
      - session
      - storage
      - smtp
    environment:
      - TZ=Europe/Berlin
      - AUTHELIA_JWT_SECRET_FILE=/run/secrets/jwt
      - AUTHELIA_SESSION_SECRET_FILE=/run/secrets/session
      - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/run/secrets/smtp
      - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/storage
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./authelia:/config
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.authelia.entrypoints=websecure"
    healthcheck:
      disable: true
    expose:
      - 9091
    networks:
      - proxy
      - authelia

  authelia-redis:
    image: redis:alpine
    container_name: authelia-redis
    restart: always
    environment:
      - TZ=Europe/Berlin
    volumes:
      - redis:/data
    expose:
      - 6379
    networks:
      - authelia

  traefik:
    image: traefik:2.9
    container_name: traefik
    restart: always
    secrets:
      - hetzner
    environment:
      - TZ=Europe/Berlin
      - HETZNER_API_KEY_FILE=/run/secrets/hetzner
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/static.yaml:/etc/traefik/traefik.yaml
      - ./traefik/dynamic.yaml:/dynamic.yaml
      - ./secrets/acme.json:/acme.json
    ports:
      - "80:80"
      - "443:443"
      - "127.0.0.1:8080:8080"
    networks:
      - proxy
      - metrics

  prometheus:
    image: prom/prometheus:latest
    container_name: prometheus
    restart: always
    volumes:
      - "./prometheus:/etc/prometheus"
    expose:
      - 9090
    networks:
      - metrics

  grafana:
    image: grafana/grafana:latest
    container_name: grafana
    restart: always
    user: "1000"
    environment:
      - GF_SECURITY_ADMIN_USER=admin
      - GF_LOG_LEVEL=error
      - GF_SERVER_ROOT_URL=https://metrics.tp.example.de
      - GF_AUTH_ANONYMOUS_ENABLED=true
      - GF_AUTH_ANONYMOUS_ORG_ROLE=Editor
      - GF_LIVE_ALLOWED_ORIGINS=*
    volumes:
      - ./grafana:/var/lib/grafana
    ports:
      - "127.0.0.1:3000:3000"
    networks:
      - metrics
Update Traefik config 2022-12-04 09:35:12 +01:00			`version: "3.9"`

			`networks:`
			`proxy:`
			`external: true`
			`metrics:`
			`external: false`
			`authelia:`
			`external: false`

			`secrets:`
			`jwt:`
			`file: ./secrets/authelia_jwt`
			`session:`
			`file: ./secrets/authelia_session`
			`storage:`
			`file: ./secrets/authelia_storage`
			`smtp:`
			`file: ./secrets/authelia_smtp`
			`hetzner:`
			`file: ./secrets/hetzner_key`

			`volumes:`
			`redis:`

			`services:`
			`authelia:`
			`image: authelia/authelia:latest`
			`container_name: authelia`
			`restart: always`
			`secrets:`
			`- jwt`
			`- session`
			`- storage`
			`- smtp`
			`environment:`
			`- TZ=Europe/Berlin`
			`- AUTHELIA_JWT_SECRET_FILE=/run/secrets/jwt`
			`- AUTHELIA_SESSION_SECRET_FILE=/run/secrets/session`
			`- AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/run/secrets/smtp`
			`- AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/storage`
			`volumes:`
			`- /etc/localtime:/etc/localtime:ro`
			`- ./authelia:/config`
			`labels:`
			`- "traefik.enable=true"`
			`- "traefik.http.routers.authelia.entrypoints=websecure"`
			`healthcheck:`
			`disable: true`
			`expose:`
			`- 9091`
			`networks:`
			`- proxy`
			`- authelia`

			`authelia-redis:`
			`image: redis:alpine`
			`container_name: authelia-redis`
			`restart: always`
			`environment:`
			`- TZ=Europe/Berlin`
			`volumes:`
			`- redis:/data`
			`expose:`
			`- 6379`
			`networks:`
			`- authelia`

			`traefik:`
			`image: traefik:2.9`
			`container_name: traefik`
			`restart: always`
			`secrets:`
			`- hetzner`
			`environment:`
			`- TZ=Europe/Berlin`
			`- HETZNER_API_KEY_FILE=/run/secrets/hetzner`
			`volumes:`
			`- /etc/localtime:/etc/localtime:ro`
			`- /var/run/docker.sock:/var/run/docker.sock:ro`
			`- ./traefik/static.yaml:/etc/traefik/traefik.yaml`
			`- ./traefik/dynamic.yaml:/dynamic.yaml`
			`- ./secrets/acme.json:/acme.json`
			`ports:`
			`- "80:80"`
			`- "443:443"`
			`- "127.0.0.1:8080:8080"`
			`networks:`
			`- proxy`
			`- metrics`

			`prometheus:`
			`image: prom/prometheus:latest`
			`container_name: prometheus`
			`restart: always`
			`volumes:`
			`- "./prometheus:/etc/prometheus"`
			`expose:`
Update docker-compose.yml 2022-12-04 09:40:59 +01:00			`- 9090`
Update Traefik config 2022-12-04 09:35:12 +01:00			`networks:`
			`- metrics`

			`grafana:`
			`image: grafana/grafana:latest`
			`container_name: grafana`
			`restart: always`
			`user: "1000"`
			`environment:`
Update docker-compose.yml 2022-12-04 09:40:59 +01:00			`- GF_SECURITY_ADMIN_USER=admin`
Update Traefik config 2022-12-04 09:35:12 +01:00			`- GF_LOG_LEVEL=error`
Update docker-compose.yml 2022-12-04 09:40:59 +01:00			`- GF_SERVER_ROOT_URL=https://metrics.tp.example.de`
Update Traefik config 2022-12-04 09:35:12 +01:00			`- GF_AUTH_ANONYMOUS_ENABLED=true`
			`- GF_AUTH_ANONYMOUS_ORG_ROLE=Editor`
			`- GF_LIVE_ALLOWED_ORIGINS=*`
			`volumes:`
			`- ./grafana:/var/lib/grafana`
			`ports:`
			`- "127.0.0.1:3000:3000"`
			`networks:`
			`- metrics`