-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
171 lines (163 loc) · 5.38 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
secrets:
AUTHELIA_JWT_SECRET:
file: ${PWD}/config/authelia/secrets/AUTHELIA_JWT_SECRET
AUTHELIA_SESSION_SECRET:
file: ${PWD}/config/authelia/secrets/AUTHELIA_SESSION_SECRET
AUTHELIA_STORAGE_PASSWORD:
file: ${PWD}/config/authelia/secrets/AUTHELIA_STORAGE_PASSWORD
AUTHELIA_STORAGE_ENCRYPTION_KEY:
file: ${PWD}/config/authelia/secrets/AUTHELIA_STORAGE_ENCRYPTION_KEY
LLDAP_JWT_SECRET:
file: ${PWD}/config/lldap/secrets/LLDAP_JWT_SECRET
LLDAP_PASSWORD:
file: ${PWD}/config/lldap/secrets/LLDAP_PASSWORD
LLDAP_STORAGE_PASSWORD:
file: ${PWD}/config/lldap/secrets/LLDAP_STORAGE_PASSWORD
services:
proxy:
image: 'jc21/nginx-proxy-manager:latest'
container_name: apperture-proxy
depends_on:
- authelia
restart: unless-stopped
ports:
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port2
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- nginx-proxy:/data
- nginx-certs:/etc/letsencrypt
- ${PWD}/config/authelia/snippets:/snippets:ro
networks:
apperture:
healthcheck:
test: ["CMD", "/bin/check-health"]
interval: 10s
timeout: 3s
whoami:
container_name: apperture-whoami
image: docker.io/traefik/whoami
restart: unless-stopped
networks:
apperture:
environment:
TZ: 'Europe/London'
authelia:
container_name: apperture-authelia
image: authelia/authelia
depends_on:
authelia-postgres:
condition: service_healthy
lldap:
condition: service_healthy
restart: unless-stopped
volumes:
- ${PWD}/config/authelia/config:/config
secrets: [AUTHELIA_JWT_SECRET,
AUTHELIA_SESSION_SECRET,
AUTHELIA_STORAGE_PASSWORD,
AUTHELIA_STORAGE_ENCRYPTION_KEY,
LLDAP_PASSWORD]
environment:
TZ: 'Europe/London'
# Secrets
AUTHELIA_JWT_SECRET_FILE: /run/secrets/AUTHELIA_JWT_SECRET
AUTHELIA_SESSION_SECRET_FILE: /run/secrets/AUTHELIA_SESSION_SECRET
AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /run/secrets/AUTHELIA_STORAGE_PASSWORD
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/AUTHELIA_STORAGE_ENCRYPTION_KEY
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE: /run/secrets/LLDAP_PASSWORD
# General
AUTHELIA_DEFAULT_REDIRECTION_URL: https://whoami.${URL}
AUTHELIA_SERVER_PATH: "authelia"
AUTHELIA_SERVER_BUFFERS_READ: 16384
AUTHELIA_SERVER_BUFFERS_WRITE: 16384
# Session
AUTHELIA_SESSION_EXPIRATION: 1h
AUTHELIA_SESSION_INACTIVITY: 20m
AUTHELIA_SESSION_REMEMBER_ME_DURATION: 12h
AUTHELIA_SESSION_DOMAIN: ${URL}
# Postgres
AUTHELIA_STORAGE_POSTGRES_HOST: apperture-authelia-postgres
AUTHELIA_STORAGE_POSTGRES_PORT: 5432
AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia
AUTHELIA_STORAGE_POSTGRES_USERNAME: authelia
# LDAP
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_URL: ldap://apperture-ldap:3890
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_BASE_DN: dc=example,dc=com
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_USERS_DN: ou=people
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_GROUPS_DN: ou=groups
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUP_NAME_ATTRIBUTE: cn
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER: cn=admin,ou=people,dc=example,dc=com
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERS_FILTER: (&({username_attribute}={input})(objectClass=person))
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUPS_FILTER: "(member={dn})"
# RULES
AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: one_factor
networks:
apperture:
authelia-postgres:
container_name: apperture-authelia-postgres
image: postgres
restart: unless-stopped
secrets: [AUTHELIA_STORAGE_PASSWORD]
environment:
POSTGRES_USER: authelia
POSTGRES_PASSWORD_FILE: /run/secrets/AUTHELIA_STORAGE_PASSWORD
POSTGRES_DB: authelia
networks:
apperture:
healthcheck:
test: ["CMD-SHELL", "pg_isready -U authelia"]
interval: 5s
timeout: 5s
retries: 5
lldap:
container_name: apperture-ldap
image: nitnelave/lldap:stable
restart: unless-stopped
ports:
- 3890:3890
depends_on:
lldap-postgres:
condition: service_healthy
secrets: [LLDAP_JWT_SECRET, LLDAP_PASSWORD, LLDAP_STORAGE_PASSWORD]
environment:
UID: 1000
GID: 1000
TZ: Europe/London
LLDAP_JWT_SECRET_FILE: /run/secrets/LLDAP_JWT_SECRET
LLDAP_LDAP_USER_PASS_FILE: /run/secrets/LLDAP_PASSWORD
LLDAP_LDAP_BASE_DN: dc=example,dc=com
# cn=admin,ou=people,dc=example,dc=com
LLDAP_DATABASE_URL: postgres://lldap:lldap@lldap-postgres/lldap
volumes:
- lldap-data:/data
networks:
apperture:
lldap-postgres:
container_name: apperture-lldap-postgres
image: postgres
restart: unless-stopped
secrets: [LLDAP_STORAGE_PASSWORD]
environment:
POSTGRES_USER: lldap
POSTGRES_PASSWORD: lldap
#POSTGRES_PASSWORD_FILE: /run/secrets/LLDAP_STORAGE_PASSWORD
POSTGRES_DB: lldap
volumes:
- lldap-postgres-data:/var/lib/postgresql/data
networks:
apperture:
healthcheck:
test: ["CMD-SHELL", "pg_isready -U lldap"]
interval: 5s
timeout: 5s
retries: 5
networks:
apperture:
volumes:
nginx-proxy:
nginx-certs:
lldap-data:
lldap-postgres-data: