mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
85 lines
3.2 KiB
YAML
85 lines
3.2 KiB
YAML
version: '3.4'
|
|
|
|
services:
|
|
|
|
mybunker:
|
|
image: bunkerity/bunkerweb:1.4.2
|
|
ports:
|
|
- 80:8080
|
|
- 443:8443
|
|
# ⚠️ read this if you use local folders for volumes ⚠️
|
|
# bunkerweb runs as an unprivileged user with UID/GID 101
|
|
# don't forget to edit the permissions of the files and folders accordingly
|
|
# example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
|
|
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
|
|
# more info at https://docs.bunkerweb.io
|
|
volumes:
|
|
- bw_data:/data
|
|
environment:
|
|
- MULTISITE=yes
|
|
- SERVER_NAME=auth.example.com app1.example.com app2.example.com # replace with your domains
|
|
- SERVE_FILES=no
|
|
- DISABLE_DEFAULT_SERVER=yes
|
|
- AUTO_LETS_ENCRYPT=yes
|
|
- USE_CLIENT_CACHE=yes
|
|
- USE_GZIP=yes
|
|
- USE_REVERSE_PROXY=yes
|
|
# Proxy to auth_request URI
|
|
- REVERSE_PROXY_URL_999=/authelia
|
|
- REVERSE_PROXY_HOST_999=http://authelia:9091/api/verify
|
|
- REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
|
|
# Authelia
|
|
- auth.example.com_REVERSE_PROXY_URL=/
|
|
- auth.example.com_REVERSE_PROXY_HOST=http://authelia:9091
|
|
- auth.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
|
# Applications
|
|
- app1.example.com_REVERSE_PROXY_URL=/
|
|
- app1.example.com_REVERSE_PROXY_HOST=http://app1:3000
|
|
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
|
|
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
|
|
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
|
|
- app1.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
|
|
- app2.example.com_REVERSE_PROXY_URL=/
|
|
- app2.example.com_REVERSE_PROXY_HOST=http://app2
|
|
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
|
|
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
|
|
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
|
|
- app2.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
|
|
|
|
# APPLICATIONS
|
|
app1:
|
|
image: node
|
|
working_dir: /home/node/app
|
|
volumes:
|
|
- ./js-app:/home/node/app
|
|
environment:
|
|
- NODE_ENV=production
|
|
command: bash -c "npm install express && node index.js"
|
|
app2:
|
|
image: tutum/hello-world
|
|
|
|
# AUTHELIA
|
|
authelia:
|
|
image: authelia/authelia
|
|
container_name: authelia
|
|
volumes:
|
|
- ./authelia:/config
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
disable: true
|
|
environment:
|
|
- TZ=Europe/Paris
|
|
|
|
redis:
|
|
image: redis:alpine
|
|
container_name: redis
|
|
volumes:
|
|
- ./redis:/data
|
|
expose:
|
|
- 6379
|
|
restart: unless-stopped
|
|
environment:
|
|
- TZ=Europe/Paris
|
|
|
|
volumes:
|
|
bw_data:
|