-
Notifications
You must be signed in to change notification settings - Fork 9
/
docker-compose.yaml
50 lines (48 loc) · 2.57 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
services:
traefik-forward-auth:
build:
context: traefik-forward-auth
args:
REPO: ${TRAEFIK_FORWARD_AUTH_REPO}
VERSION: ${TRAEFIK_FORWARD_AUTH_VERSION}
STEP_CA_ENABLED: ${TRAEFIK_FORWARD_AUTH_STEP_CA_ENABLED}
STEP_CA_ENDPOINT: ${TRAEFIK_FORWARD_AUTH_STEP_CA_ENDPOINT}
STEP_CA_FINGERPRINT: ${TRAEFIK_FORWARD_AUTH_STEP_CA_FINGERPRINT}
STEP_CA_ZERO_CERTS: ${TRAEFIK_FORWARD_AUTH_STEP_CA_ZERO_CERTS}
container_name: traefik-forward-auth
security_opt:
- no-new-privileges:true
environment:
- SECRET=${TRAEFIK_FORWARD_AUTH_SECRET}
- LOG_LEVEL=${TRAEFIK_FORWARD_AUTH_LOG_LEVEL}
- AUTH_HOST=${TRAEFIK_FORWARD_AUTH_HOST}${TRAEFIK_FORWARD_AUTH_HTTPS_PORT}
- COOKIE_DOMAIN=${TRAEFIK_FORWARD_AUTH_COOKIE_DOMAIN}
- DEFAULT_PROVIDER=${TRAEFIK_FORWARD_AUTH_DEFAULT_PROVIDER}
- PROVIDERS_GENERIC_OAUTH_AUTH_URL=${TRAEFIK_FORWARD_AUTH_PROVIDERS_GENERIC_OAUTH_AUTH_URL}
- PROVIDERS_GENERIC_OAUTH_TOKEN_URL=${TRAEFIK_FORWARD_AUTH_PROVIDERS_GENERIC_OAUTH_TOKEN_URL}
- PROVIDERS_GENERIC_OAUTH_USER_URL=${TRAEFIK_FORWARD_AUTH_PROVIDERS_GENERIC_OAUTH_USER_URL}
- PROVIDERS_GENERIC_OAUTH_CLIENT_ID=${TRAEFIK_FORWARD_AUTH_PROVIDERS_GENERIC_OAUTH_CLIENT_ID}
- PROVIDERS_GENERIC_OAUTH_CLIENT_SECRET=${TRAEFIK_FORWARD_AUTH_PROVIDERS_GENERIC_OAUTH_CLIENT_SECRET}
- PROVIDERS_GENERIC_OAUTH_SCOPE=${TRAEFIK_FORWARD_AUTH_PROVIDERS_GENERIC_OAUTH_SCOPE}
- PROVIDERS_GOOGLE_CLIENT_ID=${TRAEFIK_FORWARD_AUTH_PROVIDERS_GOOGLE_CLIENT_ID}
- PROVIDERS_GOOGLE_CLIENT_SECRET=${TRAEFIK_FORWARD_AUTH_PROVIDERS_GOOGLE_CLIENT_SECRET}
- LIFETIME=${TRAEFIK_FORWARD_AUTH_COOKIE_LIFETIME}
- LOGOUT_REDIRECT=${TRAEFIK_FORWARD_AUTH_LOGOUT_REDIRECT}
command:
- "--rule.http-options-requests.action=allow"
- "--rule.http-options-requests.rule=Method(`OPTIONS`)"
labels:
- "traefik.enable=true"
- "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4181"
- "traefik.http.middlewares.traefik-forward-auth.forwardAuth.address=http://127.0.0.1:4181"
- "traefik.http.middlewares.traefik-forward-auth.forwardAuth.authResponseHeaders=X-Forwarded-User"
- "traefik.http.routers.traefik-forward-auth.rule=Host(`${TRAEFIK_FORWARD_AUTH_HOST}`)"
- "traefik.http.routers.traefik-forward-auth.entrypoints=websecure"
- "traefik.http.routers.traefik-forward-auth.tls=true"
- "traefik.http.routers.traefik-forward-auth.middlewares=traefik-forward-auth"
ports:
- 127.0.0.1:4181:4181
restart: unless-stopped
volumes:
data:
config: