Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
bunkerweb/examples/authelia/docker-compose.yml

115 lines
3.7 KiB
YAML
Raw Blame History

services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.0-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
- "443:8443/tcp"
- "443:8443/udp" # for QUIC
environment:
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
restart: "unless-stopped"
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.0-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb
volumes:
- bw-data:/data
environment:
BUNKERWEB_INSTANCES: "bunkerweb"
SERVER_NAME: "auth.example.com app1.example.com app2.example.com" # replace with your domains
MULTISITE: "yes"
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
SERVE_FILES: "no"
DISABLE_DEFAULT_SERVER: "yes"
# AUTO_LETS_ENCRYPT: "yes"
GENERATE_SELF_SIGNED_SSL: "yes"
USE_CLIENT_CACHE: "yes"
USE_GZIP: "yes"
USE_REVERSE_PROXY: "yes"
# Proxy to auth_request URI
REVERSE_PROXY_URL_999: "/authelia"
REVERSE_PROXY_HOST_999: "http://authelia:9091/api/verify"
REVERSE_PROXY_HEADERS_999: "X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length \"\""
# Authelia
auth.example.com_REVERSE_PROXY_URL: "/"
auth.example.com_REVERSE_PROXY_HOST: "http://authelia:9091"
auth.example.com_REVERSE_PROXY_INTERCEPT_ERRORS: "no"
auth.example.com_CUSTOM_CONF_MODSEC_remove-false-positives: |
SecRule REQUEST_FILENAME "/" "id:1000000,ctl:ruleRemoveByTag=attack-lfi,nolog"
# Applications
app1.example.com_REVERSE_PROXY_URL: "/"
app1.example.com_REVERSE_PROXY_HOST: "http://app1:8080"
app1.example.com_REVERSE_PROXY_AUTH_REQUEST: "/authelia"
app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL: "https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri"
app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET: "$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email"
app1.example.com_REVERSE_PROXY_HEADERS: "Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email"
app2.example.com_REVERSE_PROXY_URL: "/"
app2.example.com_REVERSE_PROXY_HOST: "http://app2:8080"
app2.example.com_REVERSE_PROXY_AUTH_REQUEST: "/authelia"
app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL: "https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri"
app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET: "$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email"
app2.example.com_REVERSE_PROXY_HEADERS: "Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email"
restart: "unless-stopped"
networks:
- bw-universe
# APPLICATIONS
app1:
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: nginxdemos/nginx-hello
networks:
- bw-services
# AUTHELIA
authelia:
image: authelia/authelia:4
container_name: authelia
volumes:
- ./authelia:/config
environment:
TZ: "Europe/Paris"
restart: "unless-stopped"
healthcheck:
disable: true
networks:
- authelia-redis
- bw-services
redis:
image: redis:7-alpine
container_name: redis
expose:
- "6379:6379"
volumes:
- redis-data:/data
environment:
TZ: "Europe/Paris"
restart: "unless-stopped"
networks:
- authelia-redis
volumes:
bw-data:
redis-data:
networks:
bw-universe:
name: bw-universe
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
name: bw-services
authelia-redis:
name: authelia-redis
Reference in a new issue View git blame Copy permalink