Compare commits

...

3 commits

5 changed files with 34 additions and 2 deletions

View file

@ -38,7 +38,7 @@
};
volumes = [
"/home/ghoscht/.docker/infrastructure/traefik_config/traefik.yml:/traefik.yml:ro"
"/home/ghoscht/.docker/infrastructure/traefik_data/config.yml:/config.yml:ro"
"/home/ghoscht/.docker/infrastructure/traefik_config/conf:/conf:ro"
"/storage/dataset/docker/infrastructure/traefik_data/acme.json:/acme.json"
"/var/run/docker.sock:/var/run/docker.sock:ro"
"traefik-logs:/var/log/traefik"

View file

@ -96,7 +96,8 @@ in {
exposedByDefault: false
network: dmz
file:
filename: /config.yml
watch: true
directory: /conf/
certificatesResolvers:
letsencrypt:
acme:

View file

@ -59,6 +59,13 @@
"traefik.http.routers.navidrome.tls" = "true";
"traefik.http.routers.navidrome.tls.certresolver" = "letsencrypt";
"traefik.http.services.navidrome-external.loadbalancer.server.port" = "4533";
"traefik.http.routers.navidrome-external.service" = "navidrome-external";
"traefik.http.routers.navidrome-external.rule" = "Host(`music.ghoscht.com`)";
"traefik.http.routers.navidrome-external.entrypoints" = "websecure-external";
"traefik.http.routers.navidrome-external.tls" = "true";
"traefik.http.routers.navidrome-external.tls.certresolver" = "letsencrypt";
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.sort_tags" = "semver";
@ -112,6 +119,7 @@
"traefik.docker.network" = "dmz";
"traefik.http.routers.transmission.tls" = "true";
"traefik.http.routers.transmission.tls.certresolver" = "letsencrypt";
"traefik.http.routers.transmission.middlewares" = "authentik@file";
};
volumes = [
"/storage/dataset/docker/media/transmission_data:/config"
@ -155,6 +163,7 @@
"traefik.docker.network" = "dmz";
"traefik.http.routers.prowlarr.tls" = "true";
"traefik.http.routers.prowlarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.prowlarr.middlewares" = "authentik@file";
"diun.enable" = "true";
"diun.watch_repo" = "true";
@ -185,6 +194,7 @@
"traefik.docker.network" = "dmz";
"traefik.http.routers.sonarr.tls" = "true";
"traefik.http.routers.sonarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.sonarr.middlewares" = "authentik@file";
"diun.enable" = "true";
"diun.watch_repo" = "true";
@ -217,6 +227,7 @@
"traefik.docker.network" = "dmz";
"traefik.http.routers.radarr.tls" = "true";
"traefik.http.routers.radarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.radarr.middlewares" = "authentik@file";
"diun.enable" = "true";
"diun.watch_repo" = "true";
@ -250,6 +261,7 @@
"traefik.docker.network" = "dmz";
"traefik.http.routers.lidarr.tls" = "true";
"traefik.http.routers.lidarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.lidarr.middlewares" = "authentik@file";
};
volumes = [
"/storage/dataset/docker/media/lidarr_data:/config"
@ -280,6 +292,7 @@
"traefik.docker.network" = "dmz";
"traefik.http.routers.bazarr.tls" = "true";
"traefik.http.routers.bazarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.bazarr.middlewares" = "authentik@file";
};
volumes = [
"/storage/dataset/docker/media/bazarr_data:/config"

View file

@ -0,0 +1,18 @@
http:
middlewares:
authentik:
forwardAuth:
address: http://authentik:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version