Remove deprecated deploy workflow, update README with new features and service URLs, delete unused alertmanager and prometheus configurations, refactor Authelia configuration for improved security and functionality, add Gitea and Beszel services, and enhance health checks across services.

2025-12-02 03:16:38 +01:00
parent f818bd3eca
commit 58cc1b1e92
12 changed files with 279 additions and 618 deletions
--- a/README.md
+++ b/README.md
@@ -1,28 +1,35 @@
 # Launchpad Gateway

-A production-ready Traefik-based reverse proxy gateway with automatic SSL/TLS, analytics, monitoring, and container management.
+A production-ready Traefik-based reverse proxy gateway with automatic SSL/TLS, analytics, monitoring, authentication, and container management.

 ## 🚀 Features

 - **Automatic SSL/TLS** certificates via Let's Encrypt
 - **Reverse Proxy** with Traefik v3.1
+- **Authentication** with Authelia (2FA, password reset)
 - **Web Analytics** with Umami and PostgreSQL
 - **Container Management** via Portainer
 - **Uptime Monitoring** with Uptime Kuma
- **Security Headers** and Basic Authentication
+- **Server Monitoring** with Beszel
+- **Git Repository Hosting** with Gitea
+- **Security Headers** and Flexible Routing
 - **Flexible Domain Routing** (subdomains, paths, custom rules)

 ## 🏗️ Architecture

 ```
-Internet → Traefik (Port 80/443) → Internal Services (traefik_proxy network)
+Internet → Traefik (Port 80/443) → Authelia (Auth) → Internal Services (traefik_proxy network)
 ```

 ### Current Services
- **Traefik Dashboard**: `traefik.gate.${DOMAIN}` - Reverse proxy management
- **Portainer**: `portainer.gate.${DOMAIN}` - Docker container management
- **Uptime Kuma**: `uptime.gate.${DOMAIN}` - Service monitoring
- **Umami Analytics**: `umami.gate.${DOMAIN}` - Web analytics dashboard
+- **Traefik Dashboard**: `traefik.${DOMAIN_PREFIX}.${DOMAIN}` - Reverse proxy management
+- **Authelia**: `auth.${DOMAIN_PREFIX}.${DOMAIN}` - Authentication portal
+- **Portainer**: `portainer.${DOMAIN_PREFIX}.${DOMAIN}` - Docker container management
+- **Uptime Kuma**: `uptime.${DOMAIN_PREFIX}.${DOMAIN}` - Service monitoring
+- **Umami Analytics**: `umami.${DOMAIN_PREFIX}.${DOMAIN}` - Web analytics dashboard
+- **pgAdmin**: `pgadmin.${DOMAIN_PREFIX}.${DOMAIN}` - PostgreSQL administration
+- **Beszel**: `beszel.${DOMAIN_PREFIX}.${DOMAIN}` - Server monitoring
+- **Gitea**: `git.${DOMAIN_PREFIX}.${DOMAIN}` - Self-hosted Git service (SSH on port 222)

 ## 🛠️ Quick Start

@@ -49,19 +56,31 @@ Update `.env` with your settings:
 ```bash
 # Domain and timezone
 DOMAIN=your-domain.com
-TZ=Your/Timezone
+DOMAIN_PREFIX=test
+TZ=Africa/Cairo

 # Let's Encrypt email
 ACME_EMAIL=admin@your-domain.com

-# Basic auth (generate with: htpasswd -nB admin)
-BASIC_AUTH_USERS=admin:$$2y$$05$$your_hashed_password
-
 # Database credentials
 UMAMI_DB_USER=umami
 UMAMI_DB_PASS=your_secure_password
 UMAMI_DB_NAME=umami
 UMAMI_APP_SECRET=your_64_character_secret
+
+# Authelia secrets (generate with openssl rand -hex 32)
+AUTHELIA_DB_PASSWORD=your_secure_password
+AUTHELIA_JWT_SECRET=your_64_char_secret
+AUTHELIA_SESSION_SECRET=your_64_char_secret
+AUTHELIA_STORAGE_ENCRYPTION_KEY=your_64_char_secret
+AUTHELIA_NOTIFIER_SMTP_PASSWORD=your_smtp_password
+
+# Gitea secrets
+GITEA_DB_USER=gitea
+GITEA_DB_PASSWORD=your_secure_password
+GITEA_DB_NAME=gitea
+GITEA_SECRET_KEY=your_64_char_secret
+GITEA_INTERNAL_TOKEN=your_internal_token
 ```


@@ -71,10 +90,14 @@ docker compose up -d
 ```

 ### 4. Access Services
- **Traefik Dashboard**: `https://traefik.gate.your-domain.com`
- **Portainer**: `https://portainer.gate.your-domain.com`
- **Uptime Kuma**: `https://uptime.gate.your-domain.com`
- **Umami Analytics**: `https://umami.gate.your-domain.com`
+- **Traefik Dashboard**: `https://traefik.${DOMAIN_PREFIX}.${DOMAIN}`
+- **Authelia**: `https://auth.${DOMAIN_PREFIX}.${DOMAIN}`
+- **Portainer**: `https://portainer.${DOMAIN_PREFIX}.${DOMAIN}`
+- **Uptime Kuma**: `https://uptime.${DOMAIN_PREFIX}.${DOMAIN}`
+- **Umami Analytics**: `https://umami.${DOMAIN_PREFIX}.${DOMAIN}`
+- **pgAdmin**: `https://pgadmin.${DOMAIN_PREFIX}.${DOMAIN}`
+- **Beszel**: `https://beszel.${DOMAIN_PREFIX}.${DOMAIN}`
+- **Gitea**: `https://git.${DOMAIN_PREFIX}.${DOMAIN}` (SSH: port 222)

 ## 📋 Adding New Services

@@ -231,16 +254,15 @@ services:

 ### Available Middlewares
 - **`security-headers`**: HSTS, XSS protection, content type sniffing prevention
- **`basic-auth`**: HTTP Basic Authentication for admin interfaces
- **`umami-analytics`**: Automatic web analytics tracking
+- **`authelia`**: Authentication and authorization with 2FA support

 ### Usage Examples
 ```yaml
 # Public application with analytics
- traefik.http.routers.app.middlewares=umami-analytics,security-headers
+- traefik.http.routers.app.middlewares=security-headers

 # Admin interface with authentication
- traefik.http.routers.admin.middlewares=basic-auth,security-headers
+- traefik.http.routers.admin.middlewares=authelia@docker,security-headers

 # API endpoint (security headers only)
 - traefik.http.routers.api.middlewares=security-headers
@@ -274,6 +296,7 @@ services:

 ### Built-in Monitoring
 - **Uptime Kuma**: Service availability monitoring
+- **Beszel**: Server resource monitoring (CPU, RAM, disk, network)
 - **Traefik Dashboard**: Traffic and routing metrics
 - **Umami Analytics**: Web traffic analytics (privacy-focused)