-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
116 lines (116 loc) · 4.73 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
version: '2'
networks:
wapps:
external: true
services:
authelia:
environment:
- "TZ=${TZ}"
image: "authelia/authelia"
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.http.routers.authelia-http.entryPoints=http"
- "traefik.http.routers.authelia-http.middlewares=wapps"
- "traefik.http.routers.authelia-http.rule=Host(`${AUTHELIA_HOST}`)"
- "traefik.http.routers.authelia-https.entryPoints=https"
- "traefik.http.routers.authelia-https.rule=Host(`${AUTHELIA_HOST}`)"
- "traefik.http.routers.authelia-https.tls.certResolver=wapps"
networks:
- "wapps"
restart: "always"
volumes:
- "./authelia:/config"
redis:
image: redis:alpine
volumes:
- redis_data:/data
networks:
- wapps
restart: unless-stopped
environment:
- TZ=${TZ}
portainer:
command: "--logo ${LOGO} --templates ${CATALOGUE}"
image: "portainer/portainer-ce"
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.http.routers.portainer-http.entrypoints=http"
- "traefik.http.routers.portainer-http.middlewares=wapps-mgmt"
- "traefik.http.routers.portainer-http.rule=Host(`${PORTAINER_HOST}`)"
- "traefik.http.routers.portainer-https.entrypoints=https"
- "traefik.http.routers.portainer-https.middlewares=wapps-mgmt"
- "traefik.http.routers.portainer-https.rule=Host(`${PORTAINER_HOST}`)"
- "traefik.http.routers.portainer-https.tls.certResolver=wapps"
- "traefik.http.routers.portainer-https-mgmt.entrypoints=https-mgmt"
- "traefik.http.routers.portainer-https-mgmt.rule=Host(`${PORTAINER_HOST}`)"
- "traefik.http.routers.portainer-https-mgmt.tls.certResolver=wapps"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
networks:
- "wapps"
restart: "always"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "portainer_data:/data"
traefik:
command:
- "--api.insecure=true"
- "--certificatesResolvers.wapps.acme.dnsChallenge.provider=${DNS_PROVIDER}"
- "--certificatesResolvers.wapps.acme.email=${EMAIL}"
- "--certificatesResolvers.wapps.acme.storage=/wapps/acme.json"
- "--entryPoints.http.address=:80"
- "--entryPoints.https.address=:443"
- "--entryPoints.https-mgmt.address=:${HTTPS_MGMT_PORT}"
- "--providers.docker"
- "--providers.file.directory=/wappster/traefik"
- "--providers.file.watch=true"
- "--serversTransport.insecureSkipVerify=true"
env_file: ".env"
image: "traefik"
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.http.middlewares.wapps-mgmt.redirectregex.permanent=true"
- "traefik.http.middlewares.wapps-mgmt.redirectregex.regex=^http(s?)://(.*)/(.*)"
- "traefik.http.middlewares.wapps-mgmt.redirectregex.replacement=https://$${2}:${HTTPS_MGMT_PORT}/$${3}"
- "traefik.http.middlewares.wapps.redirectscheme.permanent=true"
- "traefik.http.middlewares.wapps.redirectscheme.scheme=https"
- "traefik.http.middlewares.sso.forwardauth.address=http://authelia:9091/api/verify?rd=https://${AUTHELIA_HOST}/"
- "traefik.http.middlewares.sso.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.sso.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email"
- "traefik.http.routers.traefik-http.entrypoints=http"
- "traefik.http.routers.traefik-http.middlewares=wapps-mgmt"
- "traefik.http.routers.traefik-http.rule=Host(`${TRAEFIK_HOST}`)"
- "traefik.http.routers.traefik-https.entrypoints=https"
- "traefik.http.routers.traefik-https.middlewares=wapps-mgmt"
- "traefik.http.routers.traefik-https.rule=Host(`${TRAEFIK_HOST}`)"
- "traefik.http.routers.traefik-https.tls.certResolver=wapps"
- "traefik.http.routers.traefik-https-mgmt.entrypoints=https-mgmt"
- "traefik.http.routers.traefik-https-mgmt.rule=Host(`${TRAEFIK_HOST}`)"
- "traefik.http.routers.traefik-https-mgmt.middlewares=sso"
- "traefik.http.routers.traefik-https-mgmt.tls.certResolver=wapps"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
networks:
- "wapps"
ports:
- "${IP}:80:80"
- "${IP}:443:443"
- "${IP}:4443:4443"
restart: "always"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "traefik_acme:/wapps"
- "${TRAEFIK_CONF_DIR}:/wappster/traefik"
watchtower:
command: "--label-enable"
env_file: ".env"
image: "containrrr/watchtower"
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
- "wapps"
restart: "always"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
volumes:
redis_data:
portainer_data:
traefik_acme: