version: "3.7" ########################### NETWORKS # There is no need to create any networks outside this docker-compose file. # You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please. # Docker Compose version 3.5 or higher required to define networks this way. networks: gl_proxy: name: gl_proxy driver: bridge ipam: config: - subnet: $GL_PROXY_SUBNET - gateway: $GL_PROXY_GATEWAY default: driver: bridge gl_socket_proxy: name: gl_socket_proxy driver: bridge ipam: config: - subnet: $GL_SOCKET_PROXY_SUBNET - gateway: $GL_SOCKET_PROXY_GATEWAY ########################### SECRETS secrets: authelia_jwt_secret: file: $SECRETSDIR/authelia_jwt_secret authelia_session_secret: file: $SECRETSDIR/authelia_session_secret # authelia_storage_mysql_password: # file: $DOCKERDIR/secrets/authelia_storage_mysql_password # authelia_notifier_smtp_password: # file: $DOCKERDIR/secrets/authelia_notifier_smtp_password # authelia_duo_api_secret_key: # file: $DOCKERDIR/secrets/authelia_duo_api_secret_key ########################### SERVICES services: # Authelia (Lite) - Self-Hosted Single Sign-On and Two-Factor Authentication authelia: container_name: gl-authelia # Check this before upgrading: https://github.com/authelia/authelia/blob/master/BREAKING.md image: authelia/authelia:latest restart: always networks: gl_proxy: ipv4_address: $AUTHELIA_IP # You can specify a static IP default: # ports: # - "9091:9091" volumes: - $DOCKERDIR/appdata/authelia:/config environment: - TZ=$TZ - AUTHELIA_JWT_SECRET_FILE=/run/secrets/authelia_jwt_secret - AUTHELIA_SESSION_SECRET_FILE=/run/secrets/authelia_session_secret # - AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/run/secrets/authelia_storage_mysql_password # - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/run/secrets/authelia_notifier_smtp_password # - AUTHELIA_DUO_API_SECRET_KEY_FILE=/run/secrets/authelia_duo_api_secret_key secrets: - authelia_jwt_secret - authelia_session_secret # - authelia_storage_mysql_password # - authelia_notifier_smtp_password # - authelia_duo_api_secret_key labels: - "traefik.enable=true" ## HTTP Routers - "traefik.http.routers.authelia-rtr.entrypoints=https" - "traefik.http.routers.authelia-rtr.rule=Host(`auth.$DOMAINNAME0`)" - "traefik.http.routers.authelia-rtr.tls=true" ## Middlewares - "traefik.http.routers.authelia-rtr.middlewares=chain-no-auth@file" #chain-authelia@file" ## HTTP Services - "traefik.http.routers.authelia-rtr.service=authelia-svc" - "traefik.http.services.authelia-svc.loadbalancer.server.port=9091"