[DOCS] Update secrets examples for Docker Compose (#948)

* [DOCS] Update secrets examples for Docker Compose

* Fix typo

* Include examples for Docker Secrets and bind mounted secret files
This commit is contained in:
Amir Zarrinkafsh 2020-05-01 16:58:40 +10:00 committed by GitHub
parent aebcb38f90
commit 6d8f45513f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -66,6 +66,109 @@ prevent secret leaks if an another application gets compromised on your
server. The UNIX permissions should probably be something like 600. server. The UNIX permissions should probably be something like 600.
## Docker
Secrets can be provided in a `docker-compose.yml` either with Docker secrets or
bind mounted secret files, examples of these are provided below.
### Compose with Docker secrets
This example assumes secrets are stored in `/path/to/authelia/secrets/{secretname}`
on the host and are exposed with Docker secrets in a `docker-compose.yml` file:
```yaml
version: '3.8'
networks:
net:
driver: bridge
secrets:
jwt:
file: /path/to/authelia/secrets/jwt
duo:
file: /path/to/authelia/secrets/duo
session:
file: /path/to/authelia/secrets/session
redis:
file: /path/to/authelia/secrets/redis
mysql:
file: /path/to/authelia/secrets/mysql
smtp:
file: /path/to/authelia/secrets/smtp
ldap:
file: /path/to/authelia/secrets/ldap
services:
authelia:
image: authelia/authelia
container_name: authelia
secrets:
- jwt
- duo
- session
- redis
- mysql
- smtp
- ldap
volumes:
- /path/to/authelia:/var/lib/authelia
- /path/to/authelia/configuration.yml:/etc/authelia/configuration.yml:ro
networks:
- net
expose:
- 9091
restart: unless-stopped
environment:
- AUTHELIA_JWT_SECRET_FILE=/run/secrets/jwt
- AUTHELIA_DUO_API_SECRET_KEY_FILE=/run/secrets/duo
- AUTHELIA_SESSION_SECRET_FILE=/run/secrets/session
- AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/run/secrets/redis
- AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/run/secrets/mysql
- AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/run/secrets/smtp
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/run/secrets/ldap
- TZ=Australia/Melbourne
```
### Compose with bind mounted secret files
This example assumes secrets are stored in `/path/to/authelia/secrets/{secretname}`
on the host and are exposed with bind mounted secret files in a `docker-compose.yml` file
at `/etc/authelia/secrets/`:
```yaml
version: '3.8'
networks:
net:
driver: bridge
services:
authelia:
image: authelia/authelia
container_name: authelia
volumes:
- /path/to/authelia:/var/lib/authelia
- /path/to/authelia/configuration.yml:/etc/authelia/configuration.yml:ro
- /path/to/authelia/secrets:/etc/authelia/secrets
networks:
- net
expose:
- 9091
restart: unless-stopped
environment:
- AUTHELIA_JWT_SECRET_FILE=/etc/authelia/secrets/jwt
- AUTHELIA_DUO_API_SECRET_KEY_FILE=/etc/authelia/secrets/duo
- AUTHELIA_SESSION_SECRET_FILE=/etc/authelia/secrets/session
- AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/etc/authelia/secrets/redis
- AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/etc/authelia/secrets/mysql
- AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/etc/authelia/secrets/smtp
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/etc/authelia/secrets/ldap
- TZ=Australia/Melbourne
```
## Kubernetes ## Kubernetes
Secrets can be mounted as files using the following sample manifests. Secrets can be mounted as files using the following sample manifests.