feat: enhance docker-compose.override.yml with Traefik labels and update env.prod.template for consistency
This commit is contained in:
parent
edc0b4c30d
commit
bbf3f08be5
2 changed files with 26 additions and 6 deletions
|
|
@ -34,6 +34,26 @@ services:
|
||||||
- geoip:/geoip
|
- geoip:/geoip
|
||||||
networks:
|
networks:
|
||||||
- backend
|
- backend
|
||||||
|
- dokploy-network
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.docker.network=dokploy-network"
|
||||||
|
|
||||||
|
- "traefik.http.services.sso-server.loadbalancer.server.port=9443" # set port the container listenes to
|
||||||
|
- "traefik.http.services.sso-server.loadbalancer.server.scheme=https"
|
||||||
|
|
||||||
|
- "traefik.http.routers.sso-server-web.rule=Host(`${PUBLIC_DOMAIN}`)"
|
||||||
|
- "traefik.http.routers.sso-server-web.entrypoints=web"
|
||||||
|
- "traefik.http.routers.sso-server-web.service=sso-server"
|
||||||
|
- "traefik.http.routers.sso-server-web.middlewares=redirect-to-https@file"
|
||||||
|
|
||||||
|
- "traefik.http.routers.sso-server-websecure.entrypoints=websecure"
|
||||||
|
- "traefik.http.routers.sso-server-websecure.rule=Host(`${PUBLIC_DOMAIN}`)" # change hostname!
|
||||||
|
- "traefik.http.routers.sso-server-websecure.tls=true"
|
||||||
|
- "traefik.http.routers.sso-server-websecure.tls.certresolver=hetzner"
|
||||||
|
- "traefik.http.routers.sso-server-websecure.tls.domains[0].main=${TLS_DOMAIN}"
|
||||||
|
- "traefik.http.routers.sso-server-websecure.middlewares=secHeaders@file, hsts-header@file"
|
||||||
|
- "traefik.http.routers.sso-server-websecure.service=sso-server"
|
||||||
|
|
||||||
worker:
|
worker:
|
||||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:?AUTHENTIK_TAG is not configured}
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:?AUTHENTIK_TAG is not configured}
|
||||||
|
|
@ -57,4 +77,6 @@ volumes:
|
||||||
driver: local
|
driver: local
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
backend:
|
backend:
|
||||||
|
dokploy-network:
|
||||||
|
external: true
|
||||||
|
|
@ -1,10 +1,11 @@
|
||||||
# SETTINGS from env.template
|
# SETTINGS from env.template
|
||||||
# Misc configuration
|
# Misc configuration
|
||||||
PUBLIC_DOMAIN=sso.s1q.dev
|
|
||||||
COMPOSE_PROJECT_NAME=sso-s1q-dev
|
COMPOSE_PROJECT_NAME=sso-s1q-dev
|
||||||
|
PUBLIC_DOMAIN=sso.s1q.dev
|
||||||
|
TLS_DOMAIN=*.s1q.dev
|
||||||
|
|
||||||
# Server Versions
|
# Server Versions
|
||||||
AUTHENTIK_TAG=2025.6.4
|
AUTHENTIK_TAG=2025.4.2
|
||||||
POSTGRES_TAG=16.9-alpine
|
POSTGRES_TAG=16.9-alpine
|
||||||
REDIS_TAG=8.0-alpine
|
REDIS_TAG=8.0-alpine
|
||||||
|
|
||||||
|
|
@ -29,9 +30,6 @@ AUTHENTIK_EMAIL__FROM=sso@s1q.dev
|
||||||
# COMPOSE_PORT_HTTP=80
|
# COMPOSE_PORT_HTTP=80
|
||||||
# COMPOSE_PORT_HTTPS=443
|
# COMPOSE_PORT_HTTPS=443
|
||||||
|
|
||||||
# Liste settings
|
|
||||||
AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS="172.18.0.0/16"
|
|
||||||
|
|
||||||
|
|
||||||
# MaxMind GeoIP
|
# MaxMind GeoIP
|
||||||
GEOIPUPDATE_ACCOUNT_ID=1093308
|
GEOIPUPDATE_ACCOUNT_ID=1093308
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue