mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
docs: add an example of deploying authelia lite on docker swarm (#1899)
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
This commit is contained in:
parent
be4f6b6fb1
commit
fd21157aac
181
docs/community/example-of-authelia-lite-on-docker-swarm.md
Normal file
181
docs/community/example-of-authelia-lite-on-docker-swarm.md
Normal file
|
@ -0,0 +1,181 @@
|
|||
---
|
||||
layout: default
|
||||
title: Example of authelia lite on docker swarm
|
||||
parent: Community
|
||||
nav_order: 4
|
||||
---
|
||||
|
||||
The overlay network for docker swarm can be initialized with:
|
||||
|
||||
```
|
||||
$ docker swarm init
|
||||
$ docker swarm init && docker network create --driver=overlay traefik-public
|
||||
$ mkdir ./redis ./letsencrypt
|
||||
```
|
||||
|
||||
The structure of the folder should be like this:
|
||||
|
||||
```
|
||||
├── authelia/
|
||||
│ ├── configuration.yml
|
||||
│ └── users_database.yml
|
||||
├── redis/
|
||||
├── letsencrypt/
|
||||
│ └── acme.json
|
||||
└── traefik-compose.yml
|
||||
```
|
||||
|
||||
The following configuration allows you to deploy authelia to docker swarm with traefik 2.x. Please replace the **example.com** and **your@email.com** with your domain and email respectively. Then save it as **traefik-compose.yml**.
|
||||
|
||||
```
|
||||
version: '3.3'
|
||||
|
||||
services:
|
||||
authelia:
|
||||
image: authelia/authelia:4
|
||||
volumes:
|
||||
- ./authelia:/config
|
||||
networks:
|
||||
- traefik-public
|
||||
deploy:
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
- 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)'
|
||||
- 'traefik.http.routers.authelia.entrypoints=web'
|
||||
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
|
||||
# TLS
|
||||
- "traefik.http.routers.authelias.rule=Host(`auth.example.com`)"
|
||||
- "traefik.http.routers.authelias.entrypoints=websecure"
|
||||
- "traefik.http.routers.authelias.tls.certresolver=letsencrypt"
|
||||
# Redirect
|
||||
- "traefik.http.routers.authelia.middlewares=https_redirect"
|
||||
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
|
||||
# Authelia
|
||||
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com'
|
||||
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
|
||||
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups'
|
||||
- "traefik.http.routers.authelia.service=authelia"
|
||||
|
||||
redis:
|
||||
image: redis:6-alpine
|
||||
volumes:
|
||||
- ./redis:/data
|
||||
networks:
|
||||
- traefik-public
|
||||
|
||||
traefik:
|
||||
# The official v2.0 Traefik docker image
|
||||
image: traefik:v2.2
|
||||
deploy:
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
- 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
|
||||
- 'traefik.http.routers.api.entrypoints=web'
|
||||
- 'traefik.http.routers.api.service=api@internal'
|
||||
- 'traefik.http.services.traefik.loadbalancer.server.port=80'
|
||||
# TLS
|
||||
- "traefik.http.routers.apis.rule=Host(`traefik.example.com`)"
|
||||
- "traefik.http.routers.apis.entrypoints=websecure"
|
||||
- "traefik.http.routers.apis.tls.certresolver=letsencrypt"
|
||||
# Redirect
|
||||
- "traefik.http.routers.api.middlewares=https_redirect"
|
||||
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
|
||||
# Authelia
|
||||
- 'traefik.http.routers.apis.service=api@internal'
|
||||
- 'traefik.http.routers.apis.middlewares=authelia@docker'
|
||||
placement:
|
||||
constraints:
|
||||
- node.role == manager
|
||||
command:
|
||||
- "--api"
|
||||
- "--providers.docker=true"
|
||||
- "--providers.docker.swarmMode=true"
|
||||
- "--providers.docker.exposedbydefault=false"
|
||||
- "--entrypoints.web.address=:80"
|
||||
- "--entryPoints.websecure.address=:443"
|
||||
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
|
||||
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
|
||||
- "--certificatesresolvers.letsencrypt.acme.email=your@email.com"
|
||||
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
|
||||
ports:
|
||||
# Listen on port 80, default for HTTP, necessary to redirect to HTTPS
|
||||
- target: 80
|
||||
published: 80
|
||||
mode: host
|
||||
# Listen on port 443, default for HTTPS
|
||||
- target: 443
|
||||
published: 443
|
||||
mode: host
|
||||
volumes:
|
||||
# So that Traefik can listen to the Docker events
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./letsencrypt:/letsencrypt
|
||||
networks:
|
||||
- traefik-public
|
||||
|
||||
secure:
|
||||
image: containous/whoami
|
||||
networks:
|
||||
- traefik-public
|
||||
deploy:
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
- 'traefik.http.routers.secure.rule=Host(`secure.example.com`)'
|
||||
- 'traefik.http.routers.secure.entrypoints=web'
|
||||
- 'traefik.http.services.secure.loadbalancer.server.port=80'
|
||||
# TLS
|
||||
- "traefik.http.routers.secures.rule=Host(`secure.example.com`)"
|
||||
- "traefik.http.routers.secures.entrypoints=websecure"
|
||||
- "traefik.http.routers.secures.tls.certresolver=letsencrypt"
|
||||
# Redirect
|
||||
- "traefik.http.routers.secure.middlewares=https_redirect"
|
||||
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
|
||||
# Authelia
|
||||
- 'traefik.http.routers.secures.middlewares=authelia@docker'
|
||||
|
||||
public:
|
||||
image: containous/whoami
|
||||
networks:
|
||||
- traefik-public
|
||||
deploy:
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
- 'traefik.http.routers.public.rule=Host(`public.example.com`)'
|
||||
- 'traefik.http.routers.public.entrypoints=web'
|
||||
- 'traefik.http.services.public.loadbalancer.server.port=80'
|
||||
# TLS
|
||||
- "traefik.http.routers.publics.rule=Host(`public.example.com`)"
|
||||
- "traefik.http.routers.publics.entrypoints=websecure"
|
||||
- "traefik.http.routers.publics.tls.certresolver=letsencrypt"
|
||||
# Redirect
|
||||
- "traefik.http.routers.public.middlewares=https_redirect"
|
||||
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
|
||||
# Authelia
|
||||
- 'traefik.http.routers.publics.middlewares=authelia@docker'
|
||||
|
||||
networks:
|
||||
traefik-public:
|
||||
external: true
|
||||
```
|
||||
|
||||
Finally, the stack is ready to be deployed.
|
||||
|
||||
```
|
||||
$ docker stack deploy -c traefik-compose.yml traefik
|
||||
```
|
||||
|
||||
Full configuration files can be found here https://github.com/wuhanstudio/authelia-docker-swarm
|
||||
|
||||
```
|
||||
$ docker swarm init && docker network create --driver=overlay traefik-public
|
||||
|
||||
$ git clone https://github.com/wuhanstudio/authelia-docker-swarm && cd authelia-docker-swarm
|
||||
|
||||
# Replace wuhanstudio.cc with your domain
|
||||
$ find . -type f -name "*.yml" -exec sed -i'' -e 's/example.com/wuhanstudio.cc/g' {} +
|
||||
|
||||
# Replace wuhanstudio@qq.com with your email
|
||||
$ find . -type f -name "*.yml" -exec sed -i'' -e 's/your@email.com/wuhanstudio@qq.com/g' {} +
|
||||
|
||||
$ docker stack deploy -c traefik-compose.yml traefik
|
||||
```
|
Loading…
Reference in New Issue
Block a user