diff options
Diffstat (limited to 'docs/community/example-of-authelia-lite-on-docker-swarm.md')
| -rw-r--r-- | docs/community/example-of-authelia-lite-on-docker-swarm.md | 181 |
1 files changed, 0 insertions, 181 deletions
diff --git a/docs/community/example-of-authelia-lite-on-docker-swarm.md b/docs/community/example-of-authelia-lite-on-docker-swarm.md deleted file mode 100644 index 52cf543c2..000000000 --- a/docs/community/example-of-authelia-lite-on-docker-swarm.md +++ /dev/null @@ -1,181 +0,0 @@ ---- -layout: default -title: Example of authelia lite on docker swarm -parent: Community -nav_order: 4 ---- - -The overlay network for docker swarm can be initialized with: - -``` -$ docker swarm init -$ docker swarm init && docker network create --driver=overlay traefik-public -$ mkdir ./redis ./letsencrypt -``` - -The structure of the folder should be like this: - -``` -├── authelia/ -│ ├── configuration.yml -│ └── users_database.yml -├── redis/ -├── letsencrypt/ -│ └── acme.json -└── traefik-compose.yml -``` - -The following configuration allows you to deploy authelia to docker swarm with traefik 2.x. Please replace the **example.com** and **your@email.com** with your domain and email respectively. Then save it as **traefik-compose.yml**. - -``` -version: '3.3' - -services: - authelia: - image: authelia/authelia:4 - volumes: - - ./authelia:/config - networks: - - traefik-public - deploy: - labels: - - 'traefik.enable=true' - - 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)' - - 'traefik.http.routers.authelia.entrypoints=web' - - "traefik.http.services.authelia.loadbalancer.server.port=9091" - # TLS - - "traefik.http.routers.authelias.rule=Host(`auth.example.com`)" - - "traefik.http.routers.authelias.entrypoints=websecure" - - "traefik.http.routers.authelias.tls.certresolver=letsencrypt" - # Redirect - - "traefik.http.routers.authelia.middlewares=https_redirect" - - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" - # Authelia - - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com' - - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' - - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' - - "traefik.http.routers.authelia.service=authelia" - - redis: - image: redis:6-alpine - volumes: - - ./redis:/data - networks: - - traefik-public - - traefik: - # The official v2.0 Traefik docker image - image: traefik:v2.2 - deploy: - labels: - - 'traefik.enable=true' - - 'traefik.http.routers.api.rule=Host(`traefik.example.com`)' - - 'traefik.http.routers.api.entrypoints=web' - - 'traefik.http.routers.api.service=api@internal' - - 'traefik.http.services.traefik.loadbalancer.server.port=80' - # TLS - - "traefik.http.routers.apis.rule=Host(`traefik.example.com`)" - - "traefik.http.routers.apis.entrypoints=websecure" - - "traefik.http.routers.apis.tls.certresolver=letsencrypt" - # Redirect - - "traefik.http.routers.api.middlewares=https_redirect" - - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" - # Authelia - - 'traefik.http.routers.apis.service=api@internal' - - 'traefik.http.routers.apis.middlewares=authelia@docker' - placement: - constraints: - - node.role == manager - command: - - "--api" - - "--providers.docker=true" - - "--providers.docker.swarmMode=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.web.address=:80" - - "--entryPoints.websecure.address=:443" - - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" - - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web" - - "--certificatesresolvers.letsencrypt.acme.email=your@email.com" - - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" - ports: - # Listen on port 80, default for HTTP, necessary to redirect to HTTPS - - target: 80 - published: 80 - mode: host - # Listen on port 443, default for HTTPS - - target: 443 - published: 443 - mode: host - volumes: - # So that Traefik can listen to the Docker events - - /var/run/docker.sock:/var/run/docker.sock - - ./letsencrypt:/letsencrypt - networks: - - traefik-public - - secure: - image: containous/whoami - networks: - - traefik-public - deploy: - labels: - - 'traefik.enable=true' - - 'traefik.http.routers.secure.rule=Host(`secure.example.com`)' - - 'traefik.http.routers.secure.entrypoints=web' - - 'traefik.http.services.secure.loadbalancer.server.port=80' - # TLS - - "traefik.http.routers.secures.rule=Host(`secure.example.com`)" - - "traefik.http.routers.secures.entrypoints=websecure" - - "traefik.http.routers.secures.tls.certresolver=letsencrypt" - # Redirect - - "traefik.http.routers.secure.middlewares=https_redirect" - - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" - # Authelia - - 'traefik.http.routers.secures.middlewares=authelia@docker' - - public: - image: containous/whoami - networks: - - traefik-public - deploy: - labels: - - 'traefik.enable=true' - - 'traefik.http.routers.public.rule=Host(`public.example.com`)' - - 'traefik.http.routers.public.entrypoints=web' - - 'traefik.http.services.public.loadbalancer.server.port=80' - # TLS - - "traefik.http.routers.publics.rule=Host(`public.example.com`)" - - "traefik.http.routers.publics.entrypoints=websecure" - - "traefik.http.routers.publics.tls.certresolver=letsencrypt" - # Redirect - - "traefik.http.routers.public.middlewares=https_redirect" - - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" - # Authelia - - 'traefik.http.routers.publics.middlewares=authelia@docker' - -networks: - traefik-public: - external: true -``` - -Finally, the stack is ready to be deployed. - -``` -$ docker stack deploy -c traefik-compose.yml traefik -``` - -Full configuration files can be found here https://github.com/wuhanstudio/authelia-docker-swarm - -``` -$ docker swarm init && docker network create --driver=overlay traefik-public - -$ git clone https://github.com/wuhanstudio/authelia-docker-swarm && cd authelia-docker-swarm - -# Replace wuhanstudio.cc with your domain -$ find . -type f -name "*.yml" -exec sed -i'' -e 's/example.com/wuhanstudio.cc/g' {} + - -# Replace wuhanstudio@qq.com with your email -$ find . -type f -name "*.yml" -exec sed -i'' -e 's/your@email.com/wuhanstudio@qq.com/g' {} + - -$ docker stack deploy -c traefik-compose.yml traefik -``` |