Fixes for Authentik
This commit is contained in:
@@ -12,11 +12,8 @@ services:
|
|||||||
- ./media:/media
|
- ./media:/media
|
||||||
- ./custom-templates:/templates
|
- ./custom-templates:/templates
|
||||||
networks:
|
networks:
|
||||||
- webapp
|
- mgmt
|
||||||
- db
|
- db
|
||||||
# ports:
|
|
||||||
# - "${COMPOSE_PORT_HTTP:-9000}:9000"
|
|
||||||
# - "${COMPOSE_PORT_HTTPS:-9443}:9443"
|
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.$SUBDOMAIN.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
|
- traefik.http.routers.$SUBDOMAIN.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
|
||||||
@@ -32,28 +29,21 @@ services:
|
|||||||
- traefik.http.middlewares.$SUBDOMAIN.headers.STSIncludeSubdomains=true
|
- traefik.http.middlewares.$SUBDOMAIN.headers.STSIncludeSubdomains=true
|
||||||
- traefik.http.middlewares.$SUBDOMAIN.headers.STSPreload=true
|
- traefik.http.middlewares.$SUBDOMAIN.headers.STSPreload=true
|
||||||
- traefik.http.middlewares.$SUBDOMAIN.headers.frameDeny=true
|
- traefik.http.middlewares.$SUBDOMAIN.headers.frameDeny=true
|
||||||
# - traefik.http.routers.$SUBDOMAIN.middlewares=$SUBDOMAIN@docker
|
- traefik.http.routers.$SUBDOMAIN.middlewares=$SUBDOMAIN@docker
|
||||||
- traefik.http.routers.$SUBDOMAIN.service=$SUBDOMAIN
|
- traefik.http.routers.$SUBDOMAIN.service=$SUBDOMAIN
|
||||||
- traefik.http.services.$SUBDOMAIN.loadbalancer.server.port=9000
|
- traefik.http.services.$SUBDOMAIN.loadbalancer.server.port=9000
|
||||||
- traefik.docker.network=webapp
|
- traefik.docker.network=mgmt
|
||||||
- "traefik.http.routers.authentik-output-rtr.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.${DOMAIN_NAME}`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
|
||||||
|
|
||||||
# ForwardAuth middleware definition
|
# ForwardAuth middleware definition
|
||||||
- "traefik.http.middlewares.authentik-forwardauth.forwardauth.address=http://authentik-server-1:9000/outpost.goauthentik.io/auth/traefik"
|
- "traefik.http.middlewares.authentik-forwardauth.forwardauth.address=http://authentik-server-1:9000/outpost.goauthentik.io/auth/traefik"
|
||||||
- "traefik.http.middlewares.authentik-forwardauth.forwardauth.trustForwardHeader=true"
|
- "traefik.http.middlewares.authentik-forwardauth.forwardauth.trustForwardHeader=true"
|
||||||
- "traefik.http.middlewares.authentik-forwardauth.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
|
- "traefik.http.middlewares.authentik-forwardauth.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
|
||||||
# Outpost router for /outpost.goauthentik.io paths
|
# Outpost router for /outpost.goauthentik.io paths
|
||||||
- "traefik.http.routers.$SUBDOMAIN-outpost.rule=Host(`authentik.jojops.com`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
- "traefik.http.routers.authentik-outpost.rule=Host(`authentik.jojops.com`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
||||||
# - "traefik.http.routers.authentik-outpost.entrypoints=websecure"
|
|
||||||
# - "traefik.http.routers.authentik-outpost.tls=true"
|
|
||||||
- traefik.http.routers.$SUBDOMAIN.priority=15
|
|
||||||
# - "traefik.http.routers.authentik-outpost.service=authentik-svc"
|
|
||||||
- "traefik.http.routers.authentik-outpost.rule=HostRegexp(`{$SUBDOMAIN:[a-z0-9-]+}.$DOMAIN_NAME`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
- "traefik.http.routers.authentik-outpost.rule=HostRegexp(`{$SUBDOMAIN:[a-z0-9-]+}.$DOMAIN_NAME`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
||||||
- "traefik.http.routers.authentik-outpost.entrypoints=websecure"
|
- "traefik.http.routers.authentik-outpost.entrypoints=websecure"
|
||||||
- "traefik.http.routers.authentik-outpost.tls=true"
|
- "traefik.http.routers.authentik-outpost.tls=true"
|
||||||
- "traefik.http.routers.authentik-outpost.priority=15"
|
- "traefik.http.routers.authentik-outpost.priority=15"
|
||||||
- "traefik.http.routers.authentik-outpost.service=authentik"
|
- "traefik.http.routers.authentik-outpost.service=authentik"
|
||||||
|
|
||||||
worker:
|
worker:
|
||||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG}
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@@ -67,12 +57,12 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- db
|
- db
|
||||||
volumes:
|
volumes:
|
||||||
# - /var/run/docker.sock:/var/run/docker.sock
|
# - /var/run/docker.sock:/var/run/docker.sock # Optional, only if using external outposts
|
||||||
- ./media:/media
|
- ./media:/media
|
||||||
- ./certs:/certs
|
- ./certs:/certs
|
||||||
- ./custom-templates:/templates
|
- ./custom-templates:/templates
|
||||||
networks:
|
networks:
|
||||||
webapp:
|
mgmt:
|
||||||
external: true
|
external: true
|
||||||
db:
|
db:
|
||||||
external: true
|
external: true
|
||||||
|
|||||||
Reference in New Issue
Block a user