From 3c829b593290bb832a1e7830c28b873784a430f9 Mon Sep 17 00:00:00 2001
From: L4RM4ND <21357789+l4rm4nd@users.noreply.github.com>
Date: Wed, 1 Mar 2023 22:17:49 +0100
Subject: [PATCH 1/5] add memos
---
README.md | 8 ++++++++
examples/memos/README.md | 3 +++
examples/memos/docker-compose.yml | 23 +++++++++++++++++++++++
3 files changed, 34 insertions(+)
create mode 100644 examples/memos/README.md
create mode 100644 examples/memos/docker-compose.yml
diff --git a/README.md b/README.md
index 82aa4e1..34b9f3a 100644
--- a/README.md
+++ b/README.md
@@ -140,6 +140,7 @@ docker compose up
- [Answer](examples/answer) - An open-source knowledge-based community software. You can use it quickly to build Q&A community for your products, customers, teams, and more.
- [Obsidian-Gitsync-Perlite](https://github.com/l4rm4nd/Obsidian-Gitsync-Perlite) - Continuously sync Obsidian markdown notes from GitHub and publish it for the webs.
- [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser.
+- [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking.
### Analytics
- [Matomo](examples/matomo) - Matomo is the leading Free/Libre open analytics platform.
@@ -173,6 +174,7 @@ docker compose up
- [Answer](examples/answer) - An open-source knowledge-based community software. You can use it quickly to build Q&A community for your products, customers, teams, and more.
- [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser.
- [Obsidian-Gitsync-Perlite](https://github.com/l4rm4nd/Obsidian-Gitsync-Perlite) - Continuously sync Obsidian markdown notes from GitHub and publish it for the webs.
+- [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking.
### Finance
- [TRSync](examples/trsync) - Django web frontend for pytr to download all Trade Republic depot data.
@@ -190,3 +192,9 @@ docker compose up
## Star History
[](https://star-history.com/#Haxxnet/Compose-Examples&Date)
+
+## Join the community!
+
+
+ 
+
\ No newline at end of file
diff --git a/examples/memos/README.md b/examples/memos/README.md
new file mode 100644
index 0000000..fecb061
--- /dev/null
+++ b/examples/memos/README.md
@@ -0,0 +1,3 @@
+# References
+
+- https://github.com/usememos/memos
diff --git a/examples/memos/docker-compose.yml b/examples/memos/docker-compose.yml
new file mode 100644
index 0000000..82c4cc6
--- /dev/null
+++ b/examples/memos/docker-compose.yml
@@ -0,0 +1,23 @@
+version: "3.0"
+
+services:
+ memos:
+ image: neosmemo/memos:latest
+ container_name: memos
+ volumes:
+ - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/memos/data:/var/opt/memos
+ ports:
+ - 5230:5230
+ #networks:
+ # - proxy
+ #labels:
+ # - traefik.enable=true
+ # - traefik.http.routers.memos.rule=Host(`memosservice.example.com`)
+ # - traefik.http.services.memos.loadbalancer.server.port=5230
+ # - traefik.docker.network=proxy
+ # # Part for optional traefik middlewares
+ # - traefik.http.routers.memos.middlewares=local-ipwhitelist@file,basic-auth@file
+
+#networks:
+# proxy:
+# external: true
\ No newline at end of file
From 1db8400e79aa03e46cf4cda4746365bff08ccad8 Mon Sep 17 00:00:00 2001
From: L4RM4ND <21357789+l4rm4nd@users.noreply.github.com>
Date: Thu, 2 Mar 2023 00:35:18 +0100
Subject: [PATCH 2/5] add authelia
---
examples/grafana-monitoring/Grafana_Dashboard_Template.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/examples/grafana-monitoring/Grafana_Dashboard_Template.json b/examples/grafana-monitoring/Grafana_Dashboard_Template.json
index 7f28a65..ed0f7d7 100644
--- a/examples/grafana-monitoring/Grafana_Dashboard_Template.json
+++ b/examples/grafana-monitoring/Grafana_Dashboard_Template.json
@@ -1413,7 +1413,7 @@
{
"targetBlank": true,
"title": "Link",
- "url": "https://bitwarden.lrvt.de"
+ "url": "https://example.com"
}
],
"options": {
@@ -1795,7 +1795,7 @@
{
"targetBlank": true,
"title": "Link",
- "url": "https://bitwarden.lrvt.de"
+ "url": "https://example.com"
}
],
"options": {
From c37f78182c52511838181cda1f4ae2c17164df91 Mon Sep 17 00:00:00 2001
From: L4RM4ND <21357789+l4rm4nd@users.noreply.github.com>
Date: Thu, 2 Mar 2023 00:37:37 +0100
Subject: [PATCH 3/5] add authelia
---
examples/authelia/README.md | 9 +++
examples/authelia/config/configuration.yml | 82 +++++++++++++++++++++
examples/authelia/config/users_database.yml | 19 +++++
examples/authelia/docker-compose.yml | 39 ++++++++++
examples/traefik/fileConfig.yml | 15 +++-
5 files changed, 162 insertions(+), 2 deletions(-)
create mode 100644 examples/authelia/README.md
create mode 100644 examples/authelia/config/configuration.yml
create mode 100644 examples/authelia/config/users_database.yml
create mode 100644 examples/authelia/docker-compose.yml
diff --git a/examples/authelia/README.md b/examples/authelia/README.md
new file mode 100644
index 0000000..b2d73c2
--- /dev/null
+++ b/examples/authelia/README.md
@@ -0,0 +1,9 @@
+# References
+
+- https://github.com/authelia/authelia
+- https://www.youtube.com/watch?v=u6H-Qwf4nZA&t=1314s
+- https://docs.technotim.live/posts/authelia-traefik/
+
+# Notes
+
+You have to put the configuration files in the directory `config` to your Docker volume bind mount.
diff --git a/examples/authelia/config/configuration.yml b/examples/authelia/config/configuration.yml
new file mode 100644
index 0000000..d5b084b
--- /dev/null
+++ b/examples/authelia/config/configuration.yml
@@ -0,0 +1,82 @@
+---
+###############################################################
+# Authelia configuration #
+###############################################################
+
+server:
+ host: 0.0.0.0
+ port: 9091
+log:
+ level: debug
+
+theme: dark
+
+# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
+jwt_secret: a_very_important_secret
+default_redirection_url: https://auth.example.com # replace with your domain name
+totp:
+ issuer: authelia.com
+
+# duo_api:
+# hostname: api-123456789.example.com
+# integration_key: ABCDEF
+# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
+# secret_key: 1234567890abcdefghifjkl
+
+authentication_backend:
+ file:
+ path: /config/users_database.yml
+ password:
+ algorithm: argon2id
+ iterations: 1
+ salt_length: 16
+ parallelism: 8
+ memory: 64
+
+access_control:
+ default_policy: deny
+ rules:
+ # Rules applied to everyone
+ # chose from bypass, one_factor and two_factor
+ - domain: public.example.com
+ policy: bypass
+ - domain: subdomain1.example.com
+ policy: one_factor
+ - domain: subdomain2.example.com
+ policy: two_factor
+
+session:
+ name: authelia_session
+ # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
+ secret: unsecure_session_secret
+ expiration: 3600 # 1 hour
+ inactivity: 300 # 5 minutes
+ domain: example.com # Should match whatever your root protected domain is
+
+ redis:
+ host: authelia-redis
+ port: 6379
+ # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
+ # password: authelia
+
+regulation:
+ max_retries: 3
+ find_time: 120
+ ban_time: 300
+
+storage:
+ encryption_key: a_very_important_secret # Now required
+ local:
+ path: /config/db.sqlite3
+
+notifier:
+ # smtp:
+ # username: test
+ # # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
+ # password: password
+ # host: mail.example.com
+ # port: 25
+ # sender: admin@example.com
+ filesystem:
+ filename: /config/notifications.txt
+...
diff --git a/examples/authelia/config/users_database.yml b/examples/authelia/config/users_database.yml
new file mode 100644
index 0000000..835e5f8
--- /dev/null
+++ b/examples/authelia/config/users_database.yml
@@ -0,0 +1,19 @@
+---
+###############################################################
+# Users Database #
+###############################################################
+
+# This file can be used if you do not have an LDAP set up.
+
+# List of users
+users:
+ yourUsername: # define here your username
+ disabled: false
+ displayname: "My Authelia User"
+ # Password is authelia
+ password: "$argon2id$v=19$m=65536,t=3,p=4$mTOaOa3MOexX7JQ02BdXzw$OzAxTnSPEnahQgIi+y4QPP5/xYIQ8uEWDYW+vlupeTM" # generate a secure hash with: $ docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'password'
+ email: authelia@example.com
+ groups:
+ - admins
+ - dev
+...
diff --git a/examples/authelia/docker-compose.yml b/examples/authelia/docker-compose.yml
new file mode 100644
index 0000000..3789102
--- /dev/null
+++ b/examples/authelia/docker-compose.yml
@@ -0,0 +1,39 @@
+version: '3.3'
+
+services:
+ authelia:
+ image: authelia/authelia
+ container_name: authelia
+ volumes:
+ - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/config:/config
+ networks:
+ - proxy
+ labels:
+ - 'traefik.enable=true'
+ - 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)' # replace with your domain name
+ - 'traefik.http.routers.authelia.entrypoints=https'
+ - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https://auth.example.com' # replace with your domain name
+ - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
+ - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length
+ expose:
+ - 9091
+ restart: unless-stopped
+ environment:
+ - TZ=Europe/Berlin
+
+ redis:
+ image: redis:alpine
+ container_name: authelia-redis
+ volumes:
+ - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/redis:/data
+ networks:
+ - proxy
+ expose:
+ - 6379
+ restart: unless-stopped
+ environment:
+ - TZ=Europe/Berlin
+
+networks:
+ proxy:
+ external: true
diff --git a/examples/traefik/fileConfig.yml b/examples/traefik/fileConfig.yml
index 4d4345a..8c4bed6 100644
--- a/examples/traefik/fileConfig.yml
+++ b/examples/traefik/fileConfig.yml
@@ -44,7 +44,7 @@ http:
# Only Allow Local networks
local-ipwhitelist:
ipWhiteList:
- sourceRange:
+ sourceRange:
- 127.0.0.1/32 # localhost
- 10.0.0.0/8 # private class A
- 172.16.0.0/12 # private class B
@@ -77,7 +77,18 @@ http:
stsSeconds: 63072000 # HTTP-Strict-Transport-Security (HSTS)
stsPreload: true # HTTP-Strict-Transport-Security (HSTS)
#contentSecurityPolicy: "block-all-mixed-content" # Content-Security-Policy (CSP)
-
+
+ # Authelia guard
+ authelia:
+ forwardauth:
+ address: http://authelia:9091/api/verify?rd=https://auth.example.com/ # replace example.com with your domain name
+ trustForwardHeader: true
+ authResponseHeaders:
+ - Remote-User
+ - Remote-Groups
+ - Remote-Name
+ - Remote-Email
+
# rate limiting
rate-limit:
rateLimit:
From 822fa7196065baddc567802782946abd42712f9b Mon Sep 17 00:00:00 2001
From: L4RM4ND <21357789+l4rm4nd@users.noreply.github.com>
Date: Thu, 2 Mar 2023 00:40:00 +0100
Subject: [PATCH 4/5] add authelia
---
0_skeleton/docker-compose.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/0_skeleton/docker-compose.yml b/0_skeleton/docker-compose.yml
index bf8e87b..c7a1112 100644
--- a/0_skeleton/docker-compose.yml
+++ b/0_skeleton/docker-compose.yml
@@ -32,7 +32,7 @@ services:
# - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads
# - traefik.docker.network=proxy
# # Part for optional traefik middlewares
- # - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file,basic-auth@file
+ # - traefik.http.routers.CHANGEME.middlewares=authelia@file,local-ipwhitelist@file,basic-auth@file
#networks:
# proxy:
From 95204b1c29876a848c2a094cf2e8bd7607ec437f Mon Sep 17 00:00:00 2001
From: LRVT <21357789+l4rm4nd@users.noreply.github.com>
Date: Thu, 2 Mar 2023 01:39:28 +0100
Subject: [PATCH 5/5] Update README.md
add authelia
---
README.md | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 34b9f3a..f9614d4 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,9 @@ docker compose up
- [Nginx Proxy Manager](examples/nginx-proxy-manager) - Nginx Proxy Manager is an easy way to accomplish reverse proxying hosts with SSL termination.
- [Caddy](examples/caddy) - The Caddy web server is an extensible, cross-platform, open-source web server written in Go. Caddy obtains and renews TLS certificates for your sites automatically.
+### Identity Providers / Single Sign On
+- [Authelia](examples/authelia) - Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by allowing, denying, or redirecting requests. Recommended to combine with [Traefik](examples/traefik).
+
### Virtual Private Network (VPN)
- [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI.
- [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
@@ -197,4 +200,4 @@ docker compose up
-
\ No newline at end of file
+