elfateh/launchpad-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove deprecated deploy workflow, update README with new features and service URLs, delete unused alertmanager and prometheus configurations, refactor Authelia configuration for improved security and functionality, add Gitea and Beszel services, and enhance health checks across services.

Browse Source
This commit is contained in:
elfateh4
2025-12-02 03:16:38 +01:00
parent f818bd3eca
commit 58cc1b1e92
12 changed files with 279 additions and 618 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
docker-compose.yml
View File

@@ -12,11 +12,10 @@ volumes:
uptime_kuma_data:
umami_data:
pgadmin_data:
authelia_config:
authelia_db_data:
grafana_data:
prometheus_data:
alertmanager_data:
beszel_data:
gitea_data:
gitea_db_data:
########################
# Services
@@ -46,6 +45,9 @@ services:
environment:
TZ: "${TZ}"
command:
# Enable ping endpoint for health checks
- --ping=true
# Experimental plugins
- --experimental.plugins.traefik-umami-plugin.modulename=github.com/1cedsoda/traefik-umami-plugin
- --experimental.plugins.traefik-umami-plugin.version=v1.0.3
@@ -118,11 +120,17 @@ services:
- traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name
# Traefik dashboard (protected)
- traefik.http.routers.traefik.rule=Host(`traefik.gate.${DOMAIN}`)
- traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN_PREFIX}.${DOMAIN}`)
- traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.tls.certresolver=le
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.middlewares=authelia@docker,security-headers
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/ping"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
## ─────────────────────────────────────────────
## Authelia — authentication and authorization
@@ -133,17 +141,27 @@ services:
restart: unless-stopped
networks: [traefik_proxy]
volumes:
- authelia_config:/config
- ./authelia:/config
entrypoint: /bin/sh
command:
- -c
- |
eval "echo \"$(cat /config/configuration.template.yml)\"" > /config/configuration.yml
exec /app/entrypoint.sh
environment:
TZ: "${TZ}"
AUTHELIA_DB_PASSWORD: "${AUTHELIA_DB_PASSWORD}"
AUTHELIA_JWT_SECRET: "${AUTHELIA_JWT_SECRET}"
AUTHELIA_SESSION_SECRET: "${AUTHELIA_SESSION_SECRET}"
DOMAIN: "${DOMAIN}"
DOMAIN_PREFIX: "${DOMAIN_PREFIX}"
AUTHELIA_SESSION_SECRET: '${AUTHELIA_SESSION_SECRET}'
AUTHELIA_STORAGE_ENCRYPTION_KEY: '${AUTHELIA_STORAGE_ENCRYPTION_KEY}'
AUTHELIA_STORAGE_POSTGRES_PASSWORD: '${AUTHELIA_DB_PASSWORD}'
AUTHELIA_NOTIFIER_SMTP_PASSWORD: '${AUTHELIA_NOTIFIER_SMTP_PASSWORD}'
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET: '${AUTHELIA_JWT_SECRET}'
depends_on:
- authelia-db
labels:
- traefik.enable=true
- traefik.http.routers.authelia.rule=Host(`auth.gate.${DOMAIN}`)
- traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN_PREFIX}.${DOMAIN}`)
- traefik.http.routers.authelia.entrypoints=websecure
- traefik.http.routers.authelia.tls.certresolver=le
- traefik.http.services.authelia.loadbalancer.server.port=9091
@@ -162,6 +180,12 @@ services:
POSTGRES_PASSWORD: ${AUTHELIA_DB_PASSWORD}
volumes:
- authelia_db_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U authelia -d authelia"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
## ─────────────────────────────────────────────
## Portainer — Docker control plane
@@ -171,12 +195,13 @@ services:
container_name: portainer
restart: unless-stopped
networks: [traefik_proxy]
command: --host unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
labels:
- traefik.enable=true
- traefik.http.routers.portainer.rule=Host(`portainer.gate.${DOMAIN}`)
- traefik.http.routers.portainer.rule=Host(`portainer.${DOMAIN_PREFIX}.${DOMAIN}`)
- traefik.http.routers.portainer.entrypoints=websecure
- traefik.http.routers.portainer.tls.certresolver=le
- traefik.http.routers.portainer.middlewares=security-headers
@@ -194,7 +219,7 @@ services:
networks: [traefik_proxy]
labels:
- traefik.enable=true
- traefik.http.routers.kuma.rule=Host(`uptime.gate.${DOMAIN}`)
- traefik.http.routers.kuma.rule=Host(`uptime.${DOMAIN_PREFIX}.${DOMAIN}`)
- traefik.http.routers.kuma.entrypoints=websecure
- traefik.http.routers.kuma.tls.certresolver=le
- traefik.http.routers.kuma.middlewares=security-headers
@@ -216,11 +241,17 @@ services:
- umami-db
labels:
- traefik.enable=true
- traefik.http.routers.umami.rule=Host(`umami.gate.${DOMAIN}`)
- traefik.http.routers.umami.rule=Host(`umami.${DOMAIN_PREFIX}.${DOMAIN}`)
- traefik.http.routers.umami.entrypoints=websecure
- traefik.http.routers.umami.tls.certresolver=le
- traefik.http.routers.umami.middlewares=security-headers
- traefik.http.services.umami.loadbalancer.server.port=3000
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
## ─────────────────────────────────────────────
## Umami Database — PostgreSQL
@@ -236,6 +267,12 @@ services:
POSTGRES_PASSWORD: ${UMAMI_DB_PASS}
volumes:
- umami_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${UMAMI_DB_USER} -d ${UMAMI_DB_NAME}"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
# ─────────────────────────────────────────────
# pgAdmin — PostgreSQL administration
@@ -250,88 +287,113 @@ services:
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
PGADMIN_CONFIG_SERVER_MODE: 'True'
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
# Fix CSRF issues behind reverse proxy
PGADMIN_CONFIG_WTF_CSRF_CHECK_DEFAULT: 'False'
PGADMIN_CONFIG_WTF_CSRF_TIME_LIMIT: 'None'
PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION: 'False'
# Trust proxy headers
PGADMIN_CONFIG_PROXY_X_HOST_COUNT: '1'
PGADMIN_CONFIG_PROXY_X_PREFIX_COUNT: '1'
volumes:
- pgadmin_data:/var/lib/pgadmin
labels:
- traefik.enable=true
- traefik.http.routers.pgadmin.rule=Host(`pgadmin.gate.${DOMAIN}`)
- traefik.http.routers.pgadmin.rule=Host(`pgadmin.${DOMAIN_PREFIX}.${DOMAIN}`)
- traefik.http.routers.pgadmin.entrypoints=websecure
- traefik.http.routers.pgadmin.tls.certresolver=le
- traefik.http.routers.pgadmin.middlewares=security-headers
- traefik.http.services.pgadmin.loadbalancer.server.port=80
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:80"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
## ─────────────────────────────────────────────
## Prometheus — monitoring
## Beszel Hub — lightweight server monitoring
## ─────────────────────────────────────────────
prometheus:
image: prom/prometheus:latest
container_name: prometheus
beszel:
image: henrygd/beszel:latest
container_name: beszel
restart: unless-stopped
networks: [traefik_proxy]
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
- ./rules.yml:/etc/prometheus/rules.yml
- prometheus_data:/prometheus
- /var/run/docker.sock:/var/run/docker.sock:ro
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=200h'
- '--web.enable-lifecycle'
- beszel_data:/beszel_data
labels:
- traefik.enable=true
- traefik.http.routers.prometheus.rule=Host(`prometheus.gate.${DOMAIN}`)
- traefik.http.routers.prometheus.entrypoints=websecure
- traefik.http.routers.prometheus.tls.certresolver=le
- traefik.http.routers.prometheus.middlewares=authelia@docker,security-headers
- traefik.http.services.prometheus.loadbalancer.server.port=9090
- traefik.http.routers.beszel.rule=Host(`beszel.${DOMAIN_PREFIX}.${DOMAIN}`)
- traefik.http.routers.beszel.entrypoints=websecure
- traefik.http.routers.beszel.tls.certresolver=le
- traefik.http.routers.beszel.middlewares=security-headers
- traefik.http.services.beszel.loadbalancer.server.port=8090
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8090"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
## ─────────────────────────────────────────────
## Grafana — visualization
## Gitea — self-hosted Git service
## ─────────────────────────────────────────────
grafana:
image: grafana/grafana:latest
container_name: grafana
gitea:
image: docker.gitea.com/gitea:latest
container_name: gitea
restart: unless-stopped
networks: [traefik_proxy]
environment:
GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD}
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=gitea-db:5432
- GITEA__database__NAME=${GITEA_DB_NAME}
- GITEA__database__USER=${GITEA_DB_USER}
- GITEA__database__PASSWD=${GITEA_DB_PASSWORD}
- GITEA__server__DOMAIN=git.${DOMAIN_PREFIX}.${DOMAIN}
- GITEA__server__SSH_DOMAIN=git.${DOMAIN_PREFIX}.${DOMAIN}
- GITEA__server__ROOT_URL=https://git.${DOMAIN_PREFIX}.${DOMAIN}/
- GITEA__server__SSH_PORT=222
- GITEA__server__SSH_LISTEN_PORT=22
- GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY}
- GITEA__security__INTERNAL_TOKEN=${GITEA_INTERNAL_TOKEN}
volumes:
- grafana_data:/var/lib/grafana
- gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "222:22"
depends_on:
- gitea-db
labels:
- traefik.enable=true
- traefik.http.routers.grafana.rule=Host(`grafana.gate.${DOMAIN}`)
- traefik.http.routers.grafana.entrypoints=websecure
- traefik.http.routers.grafana.tls.certresolver=le
- traefik.http.routers.grafana.middlewares=authelia@docker,security-headers
- traefik.http.services.grafana.loadbalancer.server.port=3000
- traefik.http.routers.gitea.rule=Host(`git.${DOMAIN_PREFIX}.${DOMAIN}`)
- traefik.http.routers.gitea.entrypoints=websecure
- traefik.http.routers.gitea.tls.certresolver=le
- traefik.http.routers.gitea.middlewares=security-headers
- traefik.http.services.gitea.loadbalancer.server.port=3000
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/api/healthz"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
## ─────────────────────────────────────────────
## Alertmanager — alert handling
## Gitea Database — PostgreSQL
## ─────────────────────────────────────────────
alertmanager:
image: prom/alertmanager:latest
container_name: alertmanager
gitea-db:
image: postgres:15-alpine
container_name: gitea-db
restart: unless-stopped
networks: [traefik_proxy]
environment:
POSTGRES_DB: ${GITEA_DB_NAME}
POSTGRES_USER: ${GITEA_DB_USER}
POSTGRES_PASSWORD: ${GITEA_DB_PASSWORD}
volumes:
- ./alertmanager.yml:/etc/alertmanager/alertmanager.yml
- alertmanager_data:/alertmanager
command:
- '--config.file=/etc/alertmanager/alertmanager.yml'
- '--storage.path=/alertmanager'
labels:
- traefik.enable=true
- traefik.http.routers.alertmanager.rule=Host(`alertmanager.gate.${DOMAIN}`)
- traefik.http.routers.alertmanager.entrypoints=websecure
- traefik.http.routers.alertmanager.tls.certresolver=le
- traefik.http.routers.alertmanager.middlewares=authelia@docker,security-headers
- traefik.http.services.alertmanager.loadbalancer.server.port=9093
- gitea_db_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${GITEA_DB_USER} -d ${GITEA_DB_NAME}"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s