62 lines
2.8 KiB
YAML
62 lines
2.8 KiB
YAML
|
|
# See: https://www.reddit.com/r/unRAID/comments/pbic8g/how_to_add_environment_variables_to_authelia/
|
|
|
|
version: "3.7"
|
|
services:
|
|
authelia:
|
|
image: authelia/authelia:4.36
|
|
#container_name: authelia
|
|
command:
|
|
- authelia
|
|
- "--config=/config/configuration.yml"
|
|
- "--config=/config/configuration.${APP_AUTHELIA_BACKEND:-ldap}.yml"
|
|
|
|
volumes:
|
|
- $app_dir_conf:/config
|
|
#networks:
|
|
# - default
|
|
labels:
|
|
#- 'traefik.enable=true'
|
|
#- 'traefik.http.routers.authelia.rule=Host(`authelia.example.com`)'
|
|
#- 'traefik.http.routers.authelia.entrypoints=https'
|
|
#- 'traefik.http.routers.authelia.tls=true'
|
|
#- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
|
|
#- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.example.com' # yamllint disable-line rule:line-length
|
|
#
|
|
- 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.trustForwardHeader=true'
|
|
- 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.address=http://authelia:9091/api/verify?rd=https://${app_fqdn}'
|
|
- 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length
|
|
healthcheck:
|
|
disable: true
|
|
environment:
|
|
|
|
|
|
# Direct password insertion
|
|
- AUTHELIA_JWT_SECRET=jwt_54648798798sdfgksdfjgklsdfjglksdfjg
|
|
- AUTHELIA_SESSION_SECRET=session_4565798dfghsdfkgjhsdfjkghsdkfjghdf
|
|
- AUTHELIA_STORAGE_ENCRYPTION_KEY=sto_789453645867asdjhgfiuklasdhgukasdfhgiuadfhgiluadfrhg
|
|
|
|
|
|
# MISC
|
|
#- AUTHELIA_DEFAULT_REDICTION_URL=${app_fqdn}
|
|
- AUTHELIA_DEFAULT_REDIRECTION_URL=https://${app_fqdn}
|
|
- AUTHELIA_SESSION_DOMAIN=${app_domain}
|
|
#- AUTHELIA_AUTHENTIFICATION_BACKEND_PASSWORD_RESET_CUSTOM_URL=https://users.auth.${app_domain}
|
|
|
|
# LDAP configuration
|
|
# DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP=true
|
|
# DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP_URL=ldap://ldap
|
|
# DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP_BASE_DN=DC=barbu-it,DC=com
|
|
# DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP_USER=CN=admin,DC=barbu-it,DC=com
|
|
# DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP_PASSWORD=JarWucact1DoocAcKods
|
|
|
|
|
|
# # Secret management
|
|
# - AUTHELIA_JWT_SECRET_FILE=/config/secret_jwt
|
|
# - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/config/secret_storage
|
|
# - AUTHELIA_SESSION_SECRET_FILE=/config/secret_session
|
|
# - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/config/secret_ldap
|
|
# - AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/config/secret_mysql
|
|
# - AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE=/config/secret_postgresql
|
|
# - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/config/secret_smtp
|