Tellsanguis
fd01ea59ee
- Playbooks Ansible avec rôles (common, cockpit, docker, services) - 30+ stacks Docker Compose avec reverse proxy Traefik - Ansible Vault pour gestion secrets - Intégration CrowdSec pour détection intrusions - Versions images Docker fixées pour reproductibilité
28 lines
1.2 KiB
YAML
28 lines
1.2 KiB
YAML
services:
|
|
tinyauth:
|
|
image: ghcr.io/steveiliop56/tinyauth:v3
|
|
container_name: tinyauth
|
|
restart: unless-stopped
|
|
environment:
|
|
- SECRET=${SECRET}
|
|
- APP_URL=https://auth.tellserv.fr
|
|
- GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
|
|
- GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
|
|
- OAUTH_WHITELIST=${OAUTH_WHITELIST}
|
|
networks:
|
|
- traefik_network
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`auth.tellserv.fr`)"
|
|
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=websecure"
|
|
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls=true"
|
|
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=cloudflare"
|
|
- "traefik.http.services.${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=3000"
|
|
- "traefik.http.middlewares.${COMPOSE_PROJECT_NAME}.forwardauth.address=http://${COMPOSE_PROJECT_NAME}:3000/api/auth/traefik"
|
|
- "traefik.http.middlewares.${COMPOSE_PROJECT_NAME}.forwardauth.trustForwardHeader=true"
|
|
- "traefik.http.middlewares.${COMPOSE_PROJECT_NAME}.forwardauth.authResponseHeaders=X-Forwarded-User"
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
|
|
networks:
|
|
traefik_network:
|
|
external: true
|