furyhawk/cloudy
1
0
Fork 0
mirror of https://github.com/furyhawk/cloudy.git synced 2026-05-22 16:06:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor authentik.yml and local_services.yml to rename services and add authentication middleware

Browse Source
This commit is contained in:
Teck Meng
2024-09-14 16:29:20 +08:00
parent df53a0535a
commit e9f517509d
2 changed files with 48 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
swarm/authentik.yml
+29 -8
View File
@@ -48,7 +48,7 @@ services:
- redis:/data - redis:/data
networks: networks:
- authentik - authentik
server: authentik-server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.1} image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.1}
restart: unless-stopped restart: unless-stopped
command: server command: server
@@ -70,9 +70,9 @@ services:
# ports: # ports:
# - "${COMPOSE_PORT_HTTP:-9000}:9000" # - "${COMPOSE_PORT_HTTP:-9000}:9000"
# - "${COMPOSE_PORT_HTTPS:-9443}:9443" # - "${COMPOSE_PORT_HTTPS:-9443}:9443"
depends_on: # depends_on:
- postgresql # - postgresql
- redis # - redis
networks: networks:
- authentik - authentik
- traefik-public - traefik-public
@@ -86,7 +86,7 @@ services:
- traefik.http.routers.authentik-rtr.tls.certresolver=le - traefik.http.routers.authentik-rtr.tls.certresolver=le
- traefik.http.routers.authentik-rtr.service=authentik-svc - traefik.http.routers.authentik-rtr.service=authentik-svc
- traefik.http.services.authentik-svc.loadbalancer.server.port=9000 - traefik.http.services.authentik-svc.loadbalancer.server.port=9000
worker: authentik-worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.1} image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.1}
restart: unless-stopped restart: unless-stopped
command: worker command: worker
@@ -111,9 +111,30 @@ services:
- /var/data/authentik/custom-templates:/templates - /var/data/authentik/custom-templates:/templates
# env_file: # env_file:
# - .env # - .env
depends_on: # depends_on:
- postgresql # - postgresql
- redis # - redis
networks: networks:
- authentik - authentik
# authentik-proxy:
# image: ghcr.io/goauthentik/proxy
# # ports:
# # - 9000:9000
# # - 9443:9443
# environment:
# AUTHENTIK_HOST: https://authentik.${DOMAIN}
# AUTHENTIK_INSECURE: "false"
# AUTHENTIK_TOKEN: token-generated-by-authentik
# # Starting with 2021.9, you can optionally set this too
# # when authentik_host for internal communication doesn't match the public URL
# # AUTHENTIK_HOST_BROWSER: https://external-domain.tld
# labels:
# traefik.enable: true
# traefik.port: 9000
# traefik.http.routers.authentik.rule: Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)
# # `authentik-proxy` refers to the service name in the compose file.
# traefik.http.middlewares.authentik.forwardauth.address: http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik
# traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
# traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
# restart: unless-stopped
swarm/traefik/local_services.yml
+19
View File
@@ -3,6 +3,25 @@ http:
pvetransport: pvetransport:
insecureSkipVerify: true insecureSkipVerify: true
middlewares:
authentik:
forwardAuth:
address: "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
- authorization
routers: routers:
local-traefik-public-https: local-traefik-public-https:
entryPoints: entryPoints: