From f15b36d23487e18e4aa77142e3ab51c945302d8d Mon Sep 17 00:00:00 2001 From: Colin Date: Sun, 7 Apr 2024 20:23:43 -0400 Subject: [PATCH] update --- stack.production.yml | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/stack.production.yml b/stack.production.yml index 04e478e..0a2fa6a 100644 --- a/stack.production.yml +++ b/stack.production.yml @@ -61,22 +61,32 @@ services: - node.hostname == ingress.nixc.us # - node.labels.mac-rack == true labels: - - "us.nixc.autodeploy=true" - 'traefik.enable=true' - - 'traefik.http.routers.authelia_authelia.tls=true' - - "traefik.http.services.authelia_authelia.loadbalancer.server.port=9091" - - 'traefik.http.routers.authelia_authelia.rule=Host(`login.nixc.us`)' - - 'traefik.http.routers.authelia_authelia.entrypoints=websecure' - - "traefik.http.routers.authelia_authelia.tls.certresolver=letsencryptresolver" - - "traefik.http.routers.authelia_authelia.service=authelia_authelia" - - "traefik.docker.network=traefik" + - 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)' + - 'traefik.http.routers.authelia.entryPoints=https' + - 'traefik.http.routers.authelia.tls=true' + - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia_authelia:9091/api/authz/forward-auth' + ## The following commented line is for configuring the Authelia URL in the proxy. We strongly suggest this is + ## configured in the Session Cookies section of the Authelia configuration. + # - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https%3A%2F%2Fauth.example.com%2F' + - 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true' + - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name' + # - "us.nixc.autodeploy=true" + # - 'traefik.enable=true' + # - 'traefik.http.routers.authelia_authelia.tls=true' + # - "traefik.http.services.authelia_authelia.loadbalancer.server.port=9091" + # - 'traefik.http.routers.authelia_authelia.rule=Host(`login.nixc.us`)' + # - 'traefik.http.routers.authelia_authelia.entrypoints=websecure' + # - "traefik.http.routers.authelia_authelia.tls.certresolver=letsencryptresolver" + # - "traefik.http.routers.authelia_authelia.service=authelia_authelia" + # - "traefik.docker.network=traefik" # # ## Authelia recommendations - - 'traefik.http.middlewares.authelia_authelia.forwardauth.address=http://authelia_authelia:9091/api/verify?rd=https://login.nixc.us/' - - 'traefik.http.middlewares.authelia_authelia.forwardauth.trustForwardHeader=true' - - 'traefik.http.middlewares.authelia_authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email' - - 'traefik.http.middlewares.authelia-basic.forwardauth.address=http://authelia_authelia:9091/api/verify?auth=basic' - - 'traefik.http.middlewares.authelia-basic.forwardauth.trustForwardHeader=true' - - 'traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email' + # - 'traefik.http.middlewares.authelia_authelia.forwardauth.address=http://authelia_authelia:9091/api/verify?rd=https://login.nixc.us/' + # - 'traefik.http.middlewares.authelia_authelia.forwardauth.trustForwardHeader=true' + # - 'traefik.http.middlewares.authelia_authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email' + # - 'traefik.http.middlewares.authelia-basic.forwardauth.address=http://authelia_authelia:9091/api/verify?auth=basic' + # - 'traefik.http.middlewares.authelia-basic.forwardauth.trustForwardHeader=true' + # - 'traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email' redis: image: git.nixc.us/nixius/authelia:production-redis # command: redis-server --appendonly yes