Compare commits
11 Commits
caddy-dock
...
e951edffaf
| Author | SHA1 | Date | |
|---|---|---|---|
|
e951edffaf | ||
|
|
2e67562d95 | ||
|
|
78688d8bf5 | ||
|
|
97a97f5028 | ||
|
|
f3bbf41add | ||
|
|
ceb05e3644 | ||
|
|
6040bcba8e | ||
|
|
9f394b4b97 | ||
|
|
6d353fcd69 | ||
|
|
b94f8d6557 | ||
|
|
8a07851ab8 |
@@ -6,7 +6,19 @@ server:
|
||||
|
||||
# Security https://www.authelia.com/configuration/security/access-control/
|
||||
access_control:
|
||||
networks:
|
||||
- name: 'internal'
|
||||
networks:
|
||||
- '192.168.1.0/24'
|
||||
- '172.16.0.0/12'
|
||||
rules:
|
||||
- domain: 'gitea.tremendousturtle.tools'
|
||||
policy: bypass
|
||||
networks:
|
||||
- 'internal'
|
||||
resources:
|
||||
- '^/api([/?].*)?$'
|
||||
- '^/v2([/?].*)?$'
|
||||
- domain: '*.tremendousturtle.tools'
|
||||
policy: two_factor
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ services:
|
||||
volumes:
|
||||
- redis:/data
|
||||
app:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.2}
|
||||
image: ghcr.io/goauthentik/server:2024.12.2
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
@@ -42,6 +42,8 @@ services:
|
||||
networks:
|
||||
- proxy-net
|
||||
- default
|
||||
extra_hosts:
|
||||
- "host.docker.internal:host-gateway"
|
||||
volumes:
|
||||
- ./data/media:/media
|
||||
- ./config/custom-templates:/templates
|
||||
@@ -50,6 +52,9 @@ services:
|
||||
ports:
|
||||
- "${COMPOSE_PORT_HTTP:-9000}:9000"
|
||||
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
|
||||
expose:
|
||||
- "9000"
|
||||
- "9443"
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
|
||||
@@ -74,6 +74,46 @@
|
||||
import ttt-proxy {args[1]} {args[2]}
|
||||
}
|
||||
}
|
||||
(authentik) {
|
||||
{args[0]}.tremendousturtle.tools {
|
||||
import ttt-log {args[0]}
|
||||
import tls
|
||||
reverse_proxy authentik-app-1:9000 {
|
||||
header_up X-Real-IP {http.request.header.CF-Connecting-IP}
|
||||
header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
|
||||
}
|
||||
}
|
||||
}
|
||||
(redirect) {
|
||||
{args[0]}.tremendousturtle.tools {
|
||||
import tls
|
||||
redir https://{args[1]}.tremendousturtle.tools{uri}
|
||||
}
|
||||
}
|
||||
(authentik-forward) {
|
||||
{args[0]}.tremendousturtle.tools {
|
||||
import ttt-log {args[0]}
|
||||
import tls
|
||||
route {
|
||||
# always forward outpost path to actual outpost
|
||||
reverse_proxy /outpost.goauthentik.io/* http://authentik-app-1:9000
|
||||
|
||||
# forward authentication to outpost
|
||||
forward_auth http://authentik-app-1:9000 {
|
||||
uri /outpost.goauthentik.io/auth/caddy
|
||||
|
||||
# capitalization of the headers is important, otherwise they will be empty
|
||||
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
|
||||
|
||||
# optional, in this config trust all private ranges, should probably be set to the outposts IP
|
||||
trusted_proxies private_ranges
|
||||
}
|
||||
|
||||
# actual site configuration below, for example
|
||||
reverse_proxy {args[1]}:{args[2]}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Web Config
|
||||
tremendousturtle.tools {
|
||||
@@ -93,7 +133,7 @@ authentik.tremendousturtle.tools {
|
||||
|
||||
# Define code.tremendousturtle.tools
|
||||
# Locally hosted non-docker apps (proxies to 192.168.1.234 instead of localhost)
|
||||
import ttt-app-local code 8020
|
||||
#import ttt-app-local code 8020
|
||||
import ttt-app-local pihole 1080
|
||||
import ttt-app-local sonarr 8989
|
||||
import ttt-app-local radarr 7878
|
||||
@@ -101,11 +141,11 @@ import ttt-app-local prowlarr 9696
|
||||
import ttt-app-local cockpit 9090
|
||||
|
||||
# Docker apps with same subdomain as docker compose project name
|
||||
import ttt-app frigate 8971
|
||||
#import ttt-app frigate 8971
|
||||
import ttt-app overseerr 5055
|
||||
import ttt-app openobserve 5080
|
||||
import ttt-app gitea 3000
|
||||
import ttt-app homepage 3000
|
||||
#import ttt-app gitea 3000
|
||||
#import ttt-app homepage 3000
|
||||
import ttt-app requestrr 4545
|
||||
|
||||
# Alternate configuration (different subdomain and docker compose project name)
|
||||
@@ -114,3 +154,11 @@ import ttt-app-alt trilium triliumnext-notes-app-1 8080
|
||||
import ttt-app-alt notes triliumnext-notes-app-1 8080
|
||||
import ttt-app-alt stash stashapp-app-1 9999
|
||||
import ttt-app-alt pihole1 192.168.1.116 80
|
||||
|
||||
# Authentik Configs
|
||||
import authentik homepage
|
||||
import redirect home homepage
|
||||
|
||||
import authentik frigate
|
||||
import authentik code
|
||||
import authentik gitea
|
||||
@@ -13,12 +13,10 @@ services:
|
||||
- "443:443"
|
||||
- "443:443/udp"
|
||||
- "2019:2019"
|
||||
configs:
|
||||
- source: caddyfile
|
||||
target: /etc/caddy/Caddyfile
|
||||
volumes:
|
||||
- ./data/site:/srv
|
||||
- ./data/logs:/logs
|
||||
- ./config:/etc/caddy
|
||||
- caddy_data:/data
|
||||
- caddy_config:/config
|
||||
|
||||
@@ -26,10 +24,6 @@ networks:
|
||||
proxy-net:
|
||||
external: true
|
||||
|
||||
configs:
|
||||
caddyfile:
|
||||
file: ./Caddyfile
|
||||
|
||||
volumes:
|
||||
caddy_data:
|
||||
caddy_config:
|
||||
|
||||
25
code-server/docker-compose.yml
Normal file
25
code-server/docker-compose.yml
Normal file
@@ -0,0 +1,25 @@
|
||||
name: code-server
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
DOCKER_USER: chris
|
||||
image: codercom/code-server:latest
|
||||
networks:
|
||||
- proxy-net
|
||||
ports:
|
||||
- "8020:8080"
|
||||
expose:
|
||||
- "8020"
|
||||
- "8080"
|
||||
restart: unless-stopped
|
||||
user: "1000:1000"
|
||||
volumes:
|
||||
- /home/chris/.local:/home/coder/.local
|
||||
- /home/chris/.config:/home/coder/.config
|
||||
- /docker:/docker
|
||||
- /code:/code
|
||||
- /home/chris:/home/coder/chris-home
|
||||
|
||||
networks:
|
||||
proxy-net:
|
||||
external: true
|
||||
@@ -4,7 +4,7 @@ auth:
|
||||
|
||||
proxy:
|
||||
header_map:
|
||||
user: Remote-User
|
||||
user: X-Forwarded-Preferred-Username
|
||||
|
||||
tls:
|
||||
enabled: false
|
||||
|
||||
@@ -2,7 +2,8 @@ name: frigate
|
||||
services:
|
||||
app:
|
||||
restart: unless-stopped
|
||||
image: ghcr.io/blakeblackshear/frigate:stable
|
||||
#image: ghcr.io/blakeblackshear/frigate:stable
|
||||
image: gitea.tremendousturtle.tools/chris/frigate:v0.14.1-web-admin-088ff992
|
||||
shm_size: "250mb"
|
||||
devices:
|
||||
- /dev/apex_0:/dev/apex_0 # Passes a PCIe Coral
|
||||
@@ -20,6 +21,7 @@ services:
|
||||
networks:
|
||||
- proxy-net
|
||||
ports:
|
||||
# - "8971:8971"
|
||||
- "8554:8554" # RTSP feeds
|
||||
- "8555:8555/tcp" # WebRTC over tcp
|
||||
- "8555:8555/udp" # WebRTC over udp
|
||||
|
||||
@@ -17,6 +17,9 @@ services:
|
||||
GITEA__database__USER: ${GITEA_DB_USER}
|
||||
GITEA__database__PASSWD__FILE: /run/secrets/postgres_pass
|
||||
GITEA__server__SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE: gitea --config={{.CustomConf}} serv key-{{.Key.ID}}
|
||||
GITEA__service__ENABLE_REVERSE_PROXY_AUTHENTICATION: true
|
||||
GITEA__service__ENABLE_REVERSE_PROXY_AUTO_REGISTRATION: true
|
||||
GITEA__service__ENABLE_REVERSE_PROXY_EMAIL: true
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- gitea
|
||||
|
||||
Reference in New Issue
Block a user