Refactor Authelia configuration: remove unused files and update docker-compose to eliminate Authelia service
This commit is contained in:
Mohmmed Elfateh Sabry
@@ -14,7 +14,6 @@ volumes:
|
||||
traefik_logs:
|
||||
portainer_data:
|
||||
umami_db_data:
|
||||
authelia_data:
|
||||
prometheus_data:
|
||||
grafana_data:
|
||||
uptime_kuma_data:
|
||||
@@ -85,17 +84,12 @@ services:
|
||||
- traefik.http.middlewares.security-headers.headers.referrerPolicy=no-referrer-when-downgrade
|
||||
- traefik.http.middlewares.security-headers.headers.frameDeny=true
|
||||
|
||||
# Authelia ForwardAuth (reusable)
|
||||
- traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.gate.${DOMAIN}
|
||||
- traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
|
||||
- traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email
|
||||
|
||||
# Traefik dashboard (protected)
|
||||
- traefik.http.routers.traefik.rule=Host(`traefik.gate.${DOMAIN}`)
|
||||
- traefik.http.routers.traefik.entrypoints=websecure
|
||||
- traefik.http.routers.traefik.tls.certresolver=le
|
||||
- traefik.http.routers.traefik.service=api@internal
|
||||
- traefik.http.routers.traefik.middlewares=authelia,security-headers
|
||||
- traefik.http.routers.traefik.middlewares=security-headers
|
||||
|
||||
## ─────────────────────────────────────────────
|
||||
## Portainer — Docker control plane
|
||||
@@ -113,7 +107,7 @@ services:
|
||||
- traefik.http.routers.portainer.rule=Host(`portainer.gate.${DOMAIN}`)
|
||||
- traefik.http.routers.portainer.entrypoints=websecure
|
||||
- traefik.http.routers.portainer.tls.certresolver=le
|
||||
- traefik.http.routers.portainer.middlewares=authelia,security-headers
|
||||
- traefik.http.routers.portainer.middlewares=security-headers
|
||||
- traefik.http.services.portainer.loadbalancer.server.port=9000
|
||||
|
||||
## ─────────────────────────────────────────────
|
||||
@@ -148,41 +142,9 @@ services:
|
||||
- traefik.http.routers.umami.rule=Host(`umami.gate.${DOMAIN}`)
|
||||
- traefik.http.routers.umami.entrypoints=websecure
|
||||
- traefik.http.routers.umami.tls.certresolver=le
|
||||
- traefik.http.routers.umami.middlewares=authelia,security-headers
|
||||
- traefik.http.routers.umami.middlewares=security-headers
|
||||
- traefik.http.services.umami.loadbalancer.server.port=3000
|
||||
|
||||
## ─────────────────────────────────────────────
|
||||
## Authelia + Redis — SSO/MFA
|
||||
## ─────────────────────────────────────────────
|
||||
authelia:
|
||||
image: authelia/authelia:latest
|
||||
container_name: authelia
|
||||
restart: unless-stopped
|
||||
depends_on: [redis]
|
||||
environment:
|
||||
TZ: "${TZ}"
|
||||
volumes:
|
||||
# Mount entire config directory so individual file binds are not hidden by a named volume.
|
||||
# NOTE: The previous setup mounted a named volume at /config which masked the two file binds
|
||||
# causing Traefik -> Authelia timeouts (missing configuration). Persisted runtime files (db, notifications)
|
||||
# will live in this folder on the host; ensure db.sqlite3 is gitignored.
|
||||
- ./authelia:/config
|
||||
networks: [traefik_proxy, internal]
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.authelia.rule=Host(`auth.gate.${DOMAIN}`)
|
||||
- traefik.http.routers.authelia.entrypoints=websecure
|
||||
- traefik.http.routers.authelia.tls.certresolver=le
|
||||
- traefik.http.routers.authelia.middlewares=security-headers
|
||||
- traefik.http.routers.authelia.service=authelia-svc
|
||||
- traefik.http.services.authelia-svc.loadbalancer.server.port=9091
|
||||
|
||||
redis:
|
||||
image: redis:7-alpine
|
||||
container_name: authelia-redis
|
||||
restart: unless-stopped
|
||||
networks: [internal]
|
||||
|
||||
## ─────────────────────────────────────────────
|
||||
## Uptime Kuma — status page / checks
|
||||
## ─────────────────────────────────────────────
|
||||
@@ -198,7 +160,7 @@ services:
|
||||
- traefik.http.routers.kuma.rule=Host(`status.gate.${DOMAIN}`)
|
||||
- traefik.http.routers.kuma.entrypoints=websecure
|
||||
- traefik.http.routers.kuma.tls.certresolver=le
|
||||
- traefik.http.routers.kuma.middlewares=authelia,security-headers
|
||||
- traefik.http.routers.kuma.middlewares=security-headers
|
||||
- traefik.http.services.kuma.loadbalancer.server.port=3001
|
||||
|
||||
## ─────────────────────────────────────────────
|
||||
@@ -217,7 +179,7 @@ services:
|
||||
- traefik.http.routers.prom.rule=Host(`prometheus.gate.${DOMAIN}`)
|
||||
- traefik.http.routers.prom.entrypoints=websecure
|
||||
- traefik.http.routers.prom.tls.certresolver=le
|
||||
- traefik.http.routers.prom.middlewares=authelia,security-headers
|
||||
- traefik.http.routers.prom.middlewares=security-headers
|
||||
- traefik.http.services.prom.loadbalancer.server.port=9090
|
||||
|
||||
cadvisor:
|
||||
@@ -262,5 +224,5 @@ services:
|
||||
- traefik.http.routers.grafana.rule=Host(`grafana.gate.${DOMAIN}`)
|
||||
- traefik.http.routers.grafana.entrypoints=websecure
|
||||
- traefik.http.routers.grafana.tls.certresolver=le
|
||||
- traefik.http.routers.grafana.middlewares=authelia,security-headers
|
||||
- traefik.http.routers.grafana.middlewares=security-headers
|
||||
- traefik.http.services.grafana.loadbalancer.server.port=3000
|
||||
|
||||
Reference in New Issue
Block a user