2025-02-24 08:58:42 +00:00
10 changed files with 5 additions and 217 deletions
--- a/0_skeleton/docker-compose.yml
+++ b/0_skeleton/docker-compose.yml
@ -32,7 +32,7 @@ services:
    #  - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads    
    #  - traefik.docker.network=proxy
    #  # Part for optional traefik middlewares
-    #  - traefik.http.routers.CHANGEME.middlewares=authelia@file,local-ipwhitelist@file,basic-auth@file
+    #  - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file,basic-auth@file
 #networks:
 #  proxy:
--- a/README.md
+++ b/README.md
@ -55,9 +55,6 @@ docker compose up
 - [Nginx Proxy Manager](examples/nginx-proxy-manager) - Nginx Proxy Manager is an easy way to accomplish reverse proxying hosts with SSL termination.
 - [Caddy](examples/caddy) - The Caddy web server is an extensible, cross-platform, open-source web server written in Go. Caddy obtains and renews TLS certificates for your sites automatically.
 ### Identity Providers / Single Sign On
 - [Authelia](examples/authelia) - Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by allowing, denying, or redirecting requests. Recommended to combine with [Traefik](examples/traefik).
 ### Virtual Private Network (VPN)
 - [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI.
 - [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
@ -143,7 +140,6 @@ docker compose up
 - [Answer](examples/answer) - An open-source knowledge-based community software. You can use it quickly to build Q&A community for your products, customers, teams, and more.
 - [Obsidian-Gitsync-Perlite](https://github.com/l4rm4nd/Obsidian-Gitsync-Perlite) - Continuously sync Obsidian markdown notes from GitHub and publish it for the webs.
 - [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser.
 - [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking.
 ### Analytics
 - [Matomo](examples/matomo) - Matomo is the leading Free/Libre open analytics platform.
@ -177,7 +173,6 @@ docker compose up
 - [Answer](examples/answer) - An open-source knowledge-based community software. You can use it quickly to build Q&A community for your products, customers, teams, and more.
 - [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser.
 - [Obsidian-Gitsync-Perlite](https://github.com/l4rm4nd/Obsidian-Gitsync-Perlite) - Continuously sync Obsidian markdown notes from GitHub and publish it for the webs.
 - [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking.
 ### Finance
 - [TRSync](examples/trsync) - Django web frontend for pytr to download all Trade Republic depot data.
@ -195,9 +190,3 @@ docker compose up
 ## Star History
 [![Star History Chart](https://api.star-history.com/svg?repos=Haxxnet/Compose-Examples&type=Date)](https://star-history.com/#Haxxnet/Compose-Examples&Date)
 ## Join the community!
 <a href="https://github.com/Haxxnet/Compose-Examples/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=Haxxnet/Compose-Examples" />
 </a>
--- a/examples/authelia/README.md
+++ b/examples/authelia/README.md
@ -1,24 +0,0 @@
 # References
 - https://github.com/authelia/authelia
 - https://www.youtube.com/watch?v=u6H-Qwf4nZA&t=1314s
 - https://docs.technotim.live/posts/authelia-traefik/
 # Notes
 You have to put the configuration files from the directory `config` here to your Docker volume bind mount.
 The do the following:
 1. Adjust the configuration.yml to your needs. Especially replace exmaple.com with your own domain name. Add all your to be protected subdomains to the access_control area. Replace all secrets with your secure strings (may use `openssl rand -base64 35` to generate a secure, random string).
 2. Adjust users_database.yml and add your user accounts. You can create new password hashes via `docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password 'ExamplePassword'`
 3. Adjust your Traefik dynamic configuration and add authelia as middleaware. See [here](../traefik/fileConfig.yml) for an example configuration file.
 4. Finally, add authelia as middleware for each container to protect. I recommend using labels. Note that authelia should always be listed first.
 ````
    labels:
      - traefik.enable=true
      - traefik.http.routers.protected-service.middlewares=authelia@file,local-ipwhitelist@file
 ````
 Note: You can also use the docker provider `authelia@docker` instead of the file provider `authelia@file`.
--- a/examples/authelia/config/configuration.yml
+++ b/examples/authelia/config/configuration.yml
@ -1,82 +0,0 @@
 ---
 ###############################################################
 #                   Authelia configuration                    #
 ###############################################################
 server:
  host: 0.0.0.0
  port: 9091
 log:
  level: debug
 theme: dark
 # This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
 jwt_secret: a_very_important_secret
 default_redirection_url: https://auth.example.com # replace with your domain name
 totp:
  issuer: authelia.com
 # duo_api:
 #  hostname: api-123456789.example.com
 #  integration_key: ABCDEF
 #  # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
 #  secret_key: 1234567890abcdefghifjkl
 authentication_backend:
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      salt_length: 16
      parallelism: 8
      memory: 64
 access_control:
  default_policy: deny
  rules:
    # Rules applied to everyone
    # chose from bypass, one_factor and two_factor
    - domain: public.example.com
      policy: bypass
    - domain: subdomain1.example.com
      policy: one_factor
    - domain: subdomain2.example.com
      policy: two_factor
 session:
  name: authelia_session
  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
  secret: unsecure_session_secret
  expiration: 3600  # 1 hour
  inactivity: 300  # 5 minutes
  domain: example.com  # Should match whatever your root protected domain is
  redis:
    host: authelia-redis
    port: 6379
    # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
    # password: authelia
 regulation:
  max_retries: 3
  find_time: 120
  ban_time: 300
 storage:
  encryption_key: a_very_important_secret # Now required
  local:
    path: /config/db.sqlite3
 notifier:
  # smtp:
  #   username: test
  #   # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
  #   password: password
  #   host: mail.example.com
  #   port: 25
  #   sender: admin@example.com
  filesystem:
    filename: /config/notifications.txt
 ...
--- a/examples/authelia/config/users_database.yml
+++ b/examples/authelia/config/users_database.yml
@ -1,19 +0,0 @@
 ---
 ###############################################################
 #                         Users Database                      #
 ###############################################################
 # This file can be used if you do not have an LDAP set up.
 # List of users
 users:
  yourUsername:  # define here your username
    disabled: false
    displayname: "My Authelia User"
    # Password is authelia
    password: "$argon2id$v=19$m=65536,t=3,p=4$mTOaOa3MOexX7JQ02BdXzw$OzAxTnSPEnahQgIi+y4QPP5/xYIQ8uEWDYW+vlupeTM"  # generate a secure hash with: $ docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'password'
    email: authelia@example.com
    groups:
      - admins
      - dev
 ...
--- a/examples/authelia/docker-compose.yml
+++ b/examples/authelia/docker-compose.yml
@ -1,39 +0,0 @@
 version: '3.3'
 services:
  authelia:
    image: authelia/authelia
    container_name: authelia
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/config:/config
    networks:
      - proxy
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)'  # replace with your domain name
      - 'traefik.http.routers.authelia.entrypoints=https'
      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com'  # replace with your domain name
      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'  # yamllint disable-line rule:line-length
    expose:
      - 9091
    restart: unless-stopped
    environment:
      - TZ=Europe/Berlin
  redis:
    image: redis:alpine
    container_name: authelia-redis
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/redis:/data
    networks:
      - proxy
    expose:
      - 6379
    restart: unless-stopped
    environment:
      - TZ=Europe/Berlin
 networks:
   proxy:
      external: true
--- a/examples/grafana-monitoring/Grafana_Dashboard_Template.json
+++ b/examples/grafana-monitoring/Grafana_Dashboard_Template.json
@ -1413,7 +1413,7 @@
        {
          "targetBlank": true,
          "title": "Link",
-          "url": "https://example.com"
+          "url": "https://bitwarden.lrvt.de"
        }
      ],
      "options": {
@ -1795,7 +1795,7 @@
        {
          "targetBlank": true,
          "title": "Link",
-          "url": "https://example.com"
+          "url": "https://bitwarden.lrvt.de"
        }
      ],
      "options": {
--- a/examples/memos/README.md
+++ b/examples/memos/README.md
@ -1,3 +0,0 @@
 # References
 - https://github.com/usememos/memos
--- a/examples/memos/docker-compose.yml
+++ b/examples/memos/docker-compose.yml
@ -1,23 +0,0 @@
 version: "3.0"
 services:
  memos:
    image: neosmemo/memos:latest
    container_name: memos
    volumes:
      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/memos/data:/var/opt/memos
    ports:
      - 5230:5230
    #networks:
    #  - proxy
    #labels:
    #  - traefik.enable=true
    #  - traefik.http.routers.memos.rule=Host(`memosservice.example.com`)
    #  - traefik.http.services.memos.loadbalancer.server.port=5230
    #  - traefik.docker.network=proxy
    #  # Part for optional traefik middlewares
    #  - traefik.http.routers.memos.middlewares=local-ipwhitelist@file,basic-auth@file
 #networks:
 #  proxy:
 #    external: true
--- a/examples/traefik/fileConfig.yml
+++ b/examples/traefik/fileConfig.yml
@ -78,17 +78,6 @@ http:
        stsPreload: true # HTTP-Strict-Transport-Security (HSTS)
        #contentSecurityPolicy: "block-all-mixed-content" # Content-Security-Policy (CSP)
    # Authelia guard
    authelia:
      forwardauth:
        address: http://authelia:9091/api/verify?rd=https://auth.example.com/  # replace example.com with your domain name
        trustForwardHeader: true
        authResponseHeaders:
          - Remote-User
          - Remote-Groups
          - Remote-Name
          - Remote-Email
    # rate limiting
    rate-limit:
      rateLimit:
		`@ -1,3 +0,0 @@`
			`# References`

			`- https://github.com/usememos/memos`