mirror of
https://github.com/Haxxnet/Compose-Examples
synced 2024-11-27 22:11:12 +00:00
Merge branch 'Haxxnet:main' into main
This commit is contained in:
commit
ecf933bfc3
|
@ -32,7 +32,7 @@ services:
|
|||
# - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads
|
||||
# - traefik.docker.network=proxy
|
||||
# # Part for optional traefik middlewares
|
||||
# - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file,basic-auth@file
|
||||
# - traefik.http.routers.CHANGEME.middlewares=authelia@file,local-ipwhitelist@file,basic-auth@file
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
|
|
11
README.md
11
README.md
|
@ -55,6 +55,9 @@ docker compose up
|
|||
- [Nginx Proxy Manager](examples/nginx-proxy-manager) - Nginx Proxy Manager is an easy way to accomplish reverse proxying hosts with SSL termination.
|
||||
- [Caddy](examples/caddy) - The Caddy web server is an extensible, cross-platform, open-source web server written in Go. Caddy obtains and renews TLS certificates for your sites automatically.
|
||||
|
||||
### Identity Providers / Single Sign On
|
||||
- [Authelia](examples/authelia) - Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by allowing, denying, or redirecting requests. Recommended to combine with [Traefik](examples/traefik).
|
||||
|
||||
### Virtual Private Network (VPN)
|
||||
- [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI.
|
||||
- [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
|
||||
|
@ -140,6 +143,7 @@ docker compose up
|
|||
- [Answer](examples/answer) - An open-source knowledge-based community software. You can use it quickly to build Q&A community for your products, customers, teams, and more.
|
||||
- [Obsidian-Gitsync-Perlite](https://github.com/l4rm4nd/Obsidian-Gitsync-Perlite) - Continuously sync Obsidian markdown notes from GitHub and publish it for the webs.
|
||||
- [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser.
|
||||
- [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking.
|
||||
|
||||
### Analytics
|
||||
- [Matomo](examples/matomo) - Matomo is the leading Free/Libre open analytics platform.
|
||||
|
@ -173,6 +177,7 @@ docker compose up
|
|||
- [Answer](examples/answer) - An open-source knowledge-based community software. You can use it quickly to build Q&A community for your products, customers, teams, and more.
|
||||
- [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser.
|
||||
- [Obsidian-Gitsync-Perlite](https://github.com/l4rm4nd/Obsidian-Gitsync-Perlite) - Continuously sync Obsidian markdown notes from GitHub and publish it for the webs.
|
||||
- [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking.
|
||||
|
||||
### Finance
|
||||
- [TRSync](examples/trsync) - Django web frontend for pytr to download all Trade Republic depot data.
|
||||
|
@ -190,3 +195,9 @@ docker compose up
|
|||
|
||||
## Star History
|
||||
[![Star History Chart](https://api.star-history.com/svg?repos=Haxxnet/Compose-Examples&type=Date)](https://star-history.com/#Haxxnet/Compose-Examples&Date)
|
||||
|
||||
## Join the community!
|
||||
|
||||
<a href="https://github.com/Haxxnet/Compose-Examples/graphs/contributors">
|
||||
<img src="https://contrib.rocks/image?repo=Haxxnet/Compose-Examples" />
|
||||
</a>
|
||||
|
|
9
examples/authelia/README.md
Normal file
9
examples/authelia/README.md
Normal file
|
@ -0,0 +1,9 @@
|
|||
# References
|
||||
|
||||
- https://github.com/authelia/authelia
|
||||
- https://www.youtube.com/watch?v=u6H-Qwf4nZA&t=1314s
|
||||
- https://docs.technotim.live/posts/authelia-traefik/
|
||||
|
||||
# Notes
|
||||
|
||||
You have to put the configuration files in the directory `config` to your Docker volume bind mount.
|
82
examples/authelia/config/configuration.yml
Normal file
82
examples/authelia/config/configuration.yml
Normal file
|
@ -0,0 +1,82 @@
|
|||
---
|
||||
###############################################################
|
||||
# Authelia configuration #
|
||||
###############################################################
|
||||
|
||||
server:
|
||||
host: 0.0.0.0
|
||||
port: 9091
|
||||
log:
|
||||
level: debug
|
||||
|
||||
theme: dark
|
||||
|
||||
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
|
||||
jwt_secret: a_very_important_secret
|
||||
default_redirection_url: https://auth.example.com # replace with your domain name
|
||||
totp:
|
||||
issuer: authelia.com
|
||||
|
||||
# duo_api:
|
||||
# hostname: api-123456789.example.com
|
||||
# integration_key: ABCDEF
|
||||
# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
|
||||
# secret_key: 1234567890abcdefghifjkl
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /config/users_database.yml
|
||||
password:
|
||||
algorithm: argon2id
|
||||
iterations: 1
|
||||
salt_length: 16
|
||||
parallelism: 8
|
||||
memory: 64
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
rules:
|
||||
# Rules applied to everyone
|
||||
# chose from bypass, one_factor and two_factor
|
||||
- domain: public.example.com
|
||||
policy: bypass
|
||||
- domain: subdomain1.example.com
|
||||
policy: one_factor
|
||||
- domain: subdomain2.example.com
|
||||
policy: two_factor
|
||||
|
||||
session:
|
||||
name: authelia_session
|
||||
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
|
||||
secret: unsecure_session_secret
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 300 # 5 minutes
|
||||
domain: example.com # Should match whatever your root protected domain is
|
||||
|
||||
redis:
|
||||
host: authelia-redis
|
||||
port: 6379
|
||||
# This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
|
||||
# password: authelia
|
||||
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 120
|
||||
ban_time: 300
|
||||
|
||||
storage:
|
||||
encryption_key: a_very_important_secret # Now required
|
||||
local:
|
||||
path: /config/db.sqlite3
|
||||
|
||||
notifier:
|
||||
# smtp:
|
||||
# username: test
|
||||
# # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
|
||||
# password: password
|
||||
# host: mail.example.com
|
||||
# port: 25
|
||||
# sender: admin@example.com
|
||||
filesystem:
|
||||
filename: /config/notifications.txt
|
||||
...
|
19
examples/authelia/config/users_database.yml
Normal file
19
examples/authelia/config/users_database.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
###############################################################
|
||||
# Users Database #
|
||||
###############################################################
|
||||
|
||||
# This file can be used if you do not have an LDAP set up.
|
||||
|
||||
# List of users
|
||||
users:
|
||||
yourUsername: # define here your username
|
||||
disabled: false
|
||||
displayname: "My Authelia User"
|
||||
# Password is authelia
|
||||
password: "$argon2id$v=19$m=65536,t=3,p=4$mTOaOa3MOexX7JQ02BdXzw$OzAxTnSPEnahQgIi+y4QPP5/xYIQ8uEWDYW+vlupeTM" # generate a secure hash with: $ docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'password'
|
||||
email: authelia@example.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
||||
...
|
39
examples/authelia/docker-compose.yml
Normal file
39
examples/authelia/docker-compose.yml
Normal file
|
@ -0,0 +1,39 @@
|
|||
version: '3.3'
|
||||
|
||||
services:
|
||||
authelia:
|
||||
image: authelia/authelia
|
||||
container_name: authelia
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/config:/config
|
||||
networks:
|
||||
- proxy
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
- 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)' # replace with your domain name
|
||||
- 'traefik.http.routers.authelia.entrypoints=https'
|
||||
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https://auth.example.com' # replace with your domain name
|
||||
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
|
||||
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length
|
||||
expose:
|
||||
- 9091
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- TZ=Europe/Berlin
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
container_name: authelia-redis
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/redis:/data
|
||||
networks:
|
||||
- proxy
|
||||
expose:
|
||||
- 6379
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- TZ=Europe/Berlin
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
|
@ -1413,7 +1413,7 @@
|
|||
{
|
||||
"targetBlank": true,
|
||||
"title": "Link",
|
||||
"url": "https://bitwarden.lrvt.de"
|
||||
"url": "https://example.com"
|
||||
}
|
||||
],
|
||||
"options": {
|
||||
|
@ -1795,7 +1795,7 @@
|
|||
{
|
||||
"targetBlank": true,
|
||||
"title": "Link",
|
||||
"url": "https://bitwarden.lrvt.de"
|
||||
"url": "https://example.com"
|
||||
}
|
||||
],
|
||||
"options": {
|
||||
|
|
3
examples/memos/README.md
Normal file
3
examples/memos/README.md
Normal file
|
@ -0,0 +1,3 @@
|
|||
# References
|
||||
|
||||
- https://github.com/usememos/memos
|
23
examples/memos/docker-compose.yml
Normal file
23
examples/memos/docker-compose.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
version: "3.0"
|
||||
|
||||
services:
|
||||
memos:
|
||||
image: neosmemo/memos:latest
|
||||
container_name: memos
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/memos/data:/var/opt/memos
|
||||
ports:
|
||||
- 5230:5230
|
||||
#networks:
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.http.routers.memos.rule=Host(`memosservice.example.com`)
|
||||
# - traefik.http.services.memos.loadbalancer.server.port=5230
|
||||
# - traefik.docker.network=proxy
|
||||
# # Part for optional traefik middlewares
|
||||
# - traefik.http.routers.memos.middlewares=local-ipwhitelist@file,basic-auth@file
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
# external: true
|
|
@ -78,6 +78,17 @@ http:
|
|||
stsPreload: true # HTTP-Strict-Transport-Security (HSTS)
|
||||
#contentSecurityPolicy: "block-all-mixed-content" # Content-Security-Policy (CSP)
|
||||
|
||||
# Authelia guard
|
||||
authelia:
|
||||
forwardauth:
|
||||
address: http://authelia:9091/api/verify?rd=https://auth.example.com/ # replace example.com with your domain name
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- Remote-User
|
||||
- Remote-Groups
|
||||
- Remote-Name
|
||||
- Remote-Email
|
||||
|
||||
# rate limiting
|
||||
rate-limit:
|
||||
rateLimit:
|
||||
|
|
Loading…
Reference in New Issue
Block a user