121 lines
3.6 KiB
YAML
121 lines
3.6 KiB
YAML
---
|
|
version: '3.2'
|
|
|
|
services:
|
|
postgresql:
|
|
image: postgres:12
|
|
restart: unless-stopped
|
|
volumes:
|
|
- database:/var/lib/postgresql/data
|
|
networks:
|
|
- internal
|
|
environment:
|
|
- POSTGRES_PASSWORD=${PG_PASS:-thisisnotagoodpassword}
|
|
- POSTGRES_USER=${PG_USER:-authentik}
|
|
- POSTGRES_DB=${PG_DB:-authentik}
|
|
env_file:
|
|
- .env
|
|
redis:
|
|
image: redis
|
|
networks:
|
|
- internal
|
|
server:
|
|
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.5}
|
|
restart: unless-stopped
|
|
command: server
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: redis
|
|
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
|
# WORKERS: 2
|
|
volumes:
|
|
- ./media:/media
|
|
- ./custom-templates:/templates
|
|
- geoip:/geoip
|
|
networks:
|
|
- internal
|
|
labels:
|
|
traefik.enable: 'true'
|
|
traefik.docker.network: internal
|
|
traefik.http.routers.app-router.rule: PathPrefix(`/`)
|
|
traefik.http.routers.app-router.service: app-service
|
|
traefik.http.routers.app-router.tls: 'true'
|
|
traefik.http.services.app-service.loadbalancer.healthcheck.path: /-/health/live/
|
|
traefik.http.services.app-service.loadbalancer.server.port: '8000'
|
|
env_file:
|
|
- .env
|
|
worker:
|
|
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.5}
|
|
restart: unless-stopped
|
|
command: worker
|
|
networks:
|
|
- internal
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: redis
|
|
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
|
volumes:
|
|
- ./backups:/backups
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./custom-templates:/templates
|
|
- geoip:/geoip
|
|
env_file:
|
|
- .env
|
|
static:
|
|
image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.4.5}
|
|
restart: unless-stopped
|
|
networks:
|
|
- internal
|
|
labels:
|
|
traefik.enable: 'true'
|
|
traefik.docker.network: internal
|
|
traefik.http.routers.static-router.rule: PathPrefix(`/static`, `/if`, `/media`, `/robots.txt`, `/favicon.ico`)
|
|
traefik.http.routers.static-router.tls: 'true'
|
|
traefik.http.routers.static-router.service: static-service
|
|
traefik.http.services.static-service.loadbalancer.healthcheck.path: /
|
|
traefik.http.services.static-service.loadbalancer.healthcheck.interval: 30s
|
|
traefik.http.services.static-service.loadbalancer.server.port: '80'
|
|
volumes:
|
|
- ./media:/usr/share/nginx/html/media
|
|
traefik:
|
|
image: traefik:2.3
|
|
restart: unless-stopped
|
|
command:
|
|
- "--log.format=json"
|
|
- "--api.insecure=true"
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--entrypoints.http.address=:80"
|
|
- "--entrypoints.https.address=:443"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
ports:
|
|
- "0.0.0.0:443:443"
|
|
- "127.0.0.1:8080:8080"
|
|
networks:
|
|
- internal
|
|
geoipupdate:
|
|
image: "maxmindinc/geoipupdate:latest"
|
|
volumes:
|
|
- "geoip:/usr/share/GeoIP"
|
|
environment:
|
|
GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
|
|
GEOIPUPDATE_FREQUENCY: "8"
|
|
env_file:
|
|
- .env
|
|
|
|
volumes:
|
|
database:
|
|
driver: local
|
|
geoip:
|
|
driver: local
|
|
|
|
networks:
|
|
internal: {}
|