Update deploy workflow branch and add Authelia configuration and user database

docker-compose.yml

@@ -12,6 +12,8 @@ volumes:
   uptime_kuma_data:
   umami_data:
   pgadmin_data:
+  authelia_config:
+  authelia_db_data:
 
 ########################
 # Services
@@ -102,28 +104,60 @@ services:
       - traefik.http.middlewares.security-headers.headers.browserXssFilter=true
       - traefik.http.middlewares.security-headers.headers.contentTypeNosniff=true
       - traefik.http.middlewares.security-headers.headers.referrerPolicy=no-referrer-when-downgrade
-      - traefik.http.middlewares.security-headers.headers.frameDeny=true
 
-      # Basic Auth middleware
-      - traefik.http.middlewares.basic-auth.basicauth.users=${BASIC_AUTH_USERS}
+      # # Basic Auth middleware
+      # - traefik.http.middlewares.basic-auth.basicauth.users=${BASIC_AUTH_USERS}
 
-      # Umami Analytics middleware (commented out until real website ID is available)
-      # - traefik.http.middlewares.umami-analytics.plugin.traefik-umami-plugin.umamiHost=umami:3000
-      # - traefik.http.middlewares.umami-analytics.plugin.traefik-umami-plugin.websiteId=${UMAMI_WEBSITE_ID}
-      # - traefik.http.middlewares.umami-analytics.plugin.traefik-umami-plugin.forwardPath=umami
-      # - traefik.http.middlewares.umami-analytics.plugin.traefik-umami-plugin.scriptInjection=true
-      # - traefik.http.middlewares.umami-analytics.plugin.traefik-umami-plugin.scriptInjectionMode=tag
-      # - traefik.http.middlewares.umami-analytics.plugin.traefik-umami-plugin.autoTrack=true
-      # - traefik.http.middlewares.umami-analytics.plugin.traefik-umami-plugin.doNotTrack=false
-      # - traefik.http.middlewares.umami-analytics.plugin.traefik-umami-plugin.cache=false
-      # - traefik.http.middlewares.umami-analytics.plugin.traefik-umami-plugin.serverSideTracking=false
+      # Authelia middleware
+      - traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth
+      - traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true
+      - traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name
 
       # Traefik dashboard (protected)
       - traefik.http.routers.traefik.rule=Host(`traefik.gate.${DOMAIN}`)
       - traefik.http.routers.traefik.entrypoints=websecure
       - traefik.http.routers.traefik.tls.certresolver=le
       - traefik.http.routers.traefik.service=api@internal
-      - traefik.http.routers.traefik.middlewares=basic-auth,security-headers
+      - traefik.http.routers.traefik.middlewares=authelia@docker,security-headers
+
+  ## ─────────────────────────────────────────────
+  ## Authelia — authentication and authorization
+  ## ─────────────────────────────────────────────
+  authelia:
+    image: authelia/authelia:latest
+    container_name: authelia
+    restart: unless-stopped
+    networks: [traefik_proxy]
+    volumes:
+      - authelia_config:/config
+    environment:
+      TZ: "${TZ}"
+      AUTHELIA_DB_PASSWORD: "${AUTHELIA_DB_PASSWORD}"
+      AUTHELIA_JWT_SECRET: "${AUTHELIA_JWT_SECRET}"
+      AUTHELIA_SESSION_SECRET: "${AUTHELIA_SESSION_SECRET}"
+    depends_on:
+      - authelia-db
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.authelia.rule=Host(`auth.gate.${DOMAIN}`)
+      - traefik.http.routers.authelia.entrypoints=websecure
+      - traefik.http.routers.authelia.tls.certresolver=le
+      - traefik.http.services.authelia.loadbalancer.server.port=9091
+
+  ## ─────────────────────────────────────────────
+  ## Authelia Database — PostgreSQL
+  ## ─────────────────────────────────────────────
+  authelia-db:
+    image: postgres:15-alpine
+    container_name: authelia-db
+    restart: unless-stopped
+    networks: [traefik_proxy]
+    environment:
+      POSTGRES_DB: authelia
+      POSTGRES_USER: authelia
+      POSTGRES_PASSWORD: ${AUTHELIA_DB_PASSWORD}
+    volumes:
+      - authelia_db_data:/var/lib/postgresql/data
 
   ## ─────────────────────────────────────────────
   ## Portainer — Docker control plane