version: '3.3' services: authelia: image: authelia/authelia:4 volumes: - ./authelia:/config networks: - traefik-public deploy: labels: - 'traefik.enable=true' - 'traefik.http.routers.authelia.rule=Host(`auth.trustai.uk`)' - 'traefik.http.routers.authelia.entrypoints=web' - "traefik.http.services.authelia.loadbalancer.server.port=9091" # TLS - "traefik.http.routers.authelias.rule=Host(`auth.trustai.uk`)" - "traefik.http.routers.authelias.entrypoints=websecure" - "traefik.http.routers.authelias.tls.certresolver=myhttpchallenge" # Redirect - "traefik.http.routers.authelia.middlewares=https_redirect" - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" # Authelia - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.trustai.uk' - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' - "traefik.http.routers.authelia.service=authelia" redis: image: redis:6-alpine # volumes: # - ./redis:/data networks: - traefik-public traefik: # The official v2.0 Traefik docker image image: traefik:v2.2 # Enables the web UI and tells Traefik to listen to docker command: - "--api" - "--providers.docker=true" - "--providers.docker.swarmMode=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true" - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.myhttpchallenge.acme.email=wuhanstudio@qq.com" - "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json" ports: - target: 80 published: 80 mode: host - target: 443 published: 443 mode: host volumes: # So that Traefik can listen to the Docker events - ./letsencrypt:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock deploy: labels: - 'traefik.enable=true' - 'traefik.http.routers.api.rule=Host(`traefik.trustai.uk`)' - 'traefik.http.routers.api.entrypoints=web' - 'traefik.http.routers.api.service=api@internal' - 'traefik.http.services.traefik.loadbalancer.server.port=80' # TLS - "traefik.http.routers.apis.rule=Host(`traefik.trustai.uk`)" - "traefik.http.routers.apis.entrypoints=websecure" - "traefik.http.routers.apis.tls.certresolver=myhttpchallenge" # Redirect - "traefik.http.routers.api.middlewares=https_redirect" - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" # Authelia - 'traefik.http.routers.apis.service=api@internal' #- 'traefik.http.routers.apis.middlewares=authelia@docker' placement: constraints: - node.role == manager networks: - traefik-public nginx: image: nginx:alpine volumes: - ./nginx.conf:/etc/nginx/nginx.conf #:ro - ./trustai-mainpage:/usr/share/nginx/html:ro networks: - traefik-public deploy: labels: - "traefik.enable=true" # nginx - "traefik.http.routers.nginx.rule=Host(`home.trustai.uk`)" - "traefik.http.routers.nginx.entrypoints=web" - "traefik.http.services.nginx.loadbalancer.server.port=80" # TLS - "traefik.http.routers.nginxs.rule=Host(`home.trustai.uk`)" - "traefik.http.routers.nginxs.entrypoints=websecure" - "traefik.http.routers.nginxs.tls.certresolver=myhttpchallenge" # Redirect - "traefik.http.routers.nginx.middlewares=https_redirect" - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" networks: traefik-public: external: true