########################### NETWORKS # There is no need to create any networks outside this docker-compose file. networks: proxy: name: proxy driver: bridge socket_proxy: name: socket_proxy driver: bridge ########################### SECRETS #secrets: #authelia_jwt_secret: # file: $SECRETSDIR/authelia_jwt_secret #authelia_session_secret: # file: $SECRETSDIR/authelia_session_secret #authelia_storage_mysql_password: # file: $SECRETSDIR/authelia_storage_mysql_password #authelia_storage_encryption_key: # file: $SECRETSDIR/authelia_storage_encryption_key #authelia_ldap_password: # file: $SECRETSDIR/authelia_ldap_password # authelia_notifier_smtp_password: # file: $DOCKERDIR/secrets/authelia_notifier_smtp_password # authelia_duo_api_secret_key: # file: $DOCKERDIR/secrets/authelia_duo_api_secret_key # Docker Compose v2.20 or greater required to use "include" include: ########################### SERVICES - compose/dc-traefik.yml - compose/dc-socket-proxy.yml - compose/dc-crowdsec.yml - compose/dc-traefik-bouncer.yml # Portainer - WebUI for Containers # portainer: # container_name: gl-portainer # image: portainer/portainer-ce:latest # restart: unless-stopped # command: -H $DOCKER_ENDPOINT # Use Docker Socket Proxy instead for improved security # networks: # gl_proxy: # ipv4_address: $PORTAINER_IP0 # gl_socket_proxy: # ipv4_address: $PORTAINER_IP1 # security_opt: # - no-new-privileges:true # ports: # - "9000:9000" # volumes: # - $DOCKERDIR/appdata/portainer:/data # Change to local directory if you want to save/transfer config locally # environment: # - TZ=$TZ # labels: # - "traefik.enable=true" ## HTTP Routers # - "traefik.http.routers.portainer-rtr.entrypoints=https" # - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.local.$DOMAINNAME0`)" ## Middlewares #- "traefik.http.routers.portainer-rtr.middlewares=chain-authelia@file" # - "traefik.http.routers.portainer-rtr.middlewares=chain-no-auth@file" ## HTTP Services # - "traefik.http.routers.portainer-rtr.service=portainer-svc" # - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000" # Authelia (Lite) - Self-Hosted Single Sign-On and Two-Factor Authentication # authelia: # container_name: gl-authelia # Check this before upgrading: https://github.com/authelia/authelia/blob/master/BREAKING.md # image: authelia/authelia:latest # restart: always # networks: # gl_proxy: # ipv4_address: $AUTHELIA_IP # You can specify a static IP # default: # ports: # - "9091:9091" # volumes: # - $DOCKERDIR/appdata/authelia:/config # environment: # - TZ=$TZ # - AUTHELIA_JWT_SECRET_FILE=/run/secrets/authelia_jwt_secret # - AUTHELIA_SESSION_SECRET_FILE=/run/secrets/authelia_session_secret # - AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/run/secrets/authelia_storage_mysql_password # - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/authelia_storage_encryption_key # - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/run/secrets/authelia_ldap_password # - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/run/secrets/authelia_notifier_smtp_password # - AUTHELIA_DUO_API_SECRET_KEY_FILE=/run/secrets/authelia_duo_api_secret_key # secrets: # - authelia_jwt_secret # - authelia_session_secret # - authelia_storage_mysql_password # - authelia_storage_encryption_key # - authelia_ldap_password # - authelia_notifier_smtp_password # - authelia_duo_api_secret_key # labels: # - "traefik.enable=true" ## HTTP Routers # - "traefik.http.routers.authelia-rtr.entrypoints=https" # - "traefik.http.routers.authelia-rtr.rule=Host(`auth.local.$DOMAINNAME0`)" # - "traefik.http.routers.authelia-rtr.tls=true" ## Middlewares # - "traefik.http.routers.authelia-rtr.middlewares=chain-no-auth@file" #chain-authelia@file" ## HTTP Services # - "traefik.http.routers.authelia-rtr.service=authelia-svc" # - "traefik.http.services.authelia-svc.loadbalancer.server.port=9091"