104 lines
3.4 KiB
YAML
104 lines
3.4 KiB
YAML
version: "3.3"
|
|
|
|
services:
|
|
# APPLICATIONS
|
|
app1:
|
|
image: tutum/hello-world
|
|
networks:
|
|
- bw-services
|
|
deploy:
|
|
placement:
|
|
constraints:
|
|
- "node.role==worker"
|
|
labels:
|
|
- bunkerweb.SERVER_NAME=app1.example.com
|
|
- bunkerweb.USE_REVERSE_PROXY=yes
|
|
- bunkerweb.REVERSE_PROXY_URL=/
|
|
- bunkerweb.REVERSE_PROXY_HOST=http://app1
|
|
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
|
|
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
|
|
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
|
|
- bunkerweb.REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
|
|
- bunkerweb.REVERSE_PROXY_URL_999=/authelia
|
|
- bunkerweb.REVERSE_PROXY_HOST_999=http://authelia:9091/api/verify
|
|
- bunkerweb.REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
|
|
|
|
app2:
|
|
image: tutum/hello-world
|
|
networks:
|
|
- bw-services
|
|
deploy:
|
|
placement:
|
|
constraints:
|
|
- "node.role==worker"
|
|
labels:
|
|
- bunkerweb.SERVER_NAME=app2.example.com
|
|
- bunkerweb.USE_REVERSE_PROXY=yes
|
|
- bunkerweb.REVERSE_PROXY_URL=/
|
|
- bunkerweb.REVERSE_PROXY_HOST=http://app2
|
|
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
|
|
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
|
|
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
|
|
- bunkerweb.REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
|
|
- bunkerweb.REVERSE_PROXY_URL_999=/authelia
|
|
- bunkerweb.REVERSE_PROXY_HOST_999=http://authelia:9091/api/verify
|
|
- bunkerweb.REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
|
|
|
|
# AUTHELIA
|
|
authelia:
|
|
image: authelia/authelia:4
|
|
networks:
|
|
- bw-services
|
|
configs:
|
|
- source: config_authelia_configuration
|
|
target: /config/configuration.yml
|
|
uid: "0"
|
|
gid: "0"
|
|
mode: 0444
|
|
- source: config_authelia_users_database
|
|
target: /config/users_database.yml
|
|
uid: "0"
|
|
gid: "0"
|
|
mode: 0444
|
|
healthcheck:
|
|
disable: true
|
|
environment:
|
|
- TZ=Europe/Paris
|
|
deploy:
|
|
placement:
|
|
constraints:
|
|
- "node.role==worker"
|
|
labels:
|
|
- bunkerweb.SERVER_NAME=auth.example.com
|
|
- bunkerweb.USE_REVERSE_PROXY=yes
|
|
- bunkerweb.REVERSE_PROXY_URL=/
|
|
- bunkerweb.REVERSE_PROXY_HOST=http://authelia:9091
|
|
- bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no
|
|
|
|
redis:
|
|
image: redis:7-alpine
|
|
networks:
|
|
- bw-services
|
|
volumes:
|
|
- redis:/data
|
|
environment:
|
|
- TZ=Europe/Paris
|
|
deploy:
|
|
placement:
|
|
constraints:
|
|
- "node.role==worker"
|
|
|
|
networks:
|
|
bw-services:
|
|
external: true
|
|
name: bw-services
|
|
|
|
volumes:
|
|
redis:
|
|
|
|
configs:
|
|
config_authelia_configuration:
|
|
file: ./authelia/configuration.yml
|
|
config_authelia_users_database:
|
|
file: ./authelia/users_database.yml
|