IDP update

This commit is contained in:
Brieuc Dubois 2023-04-28 23:29:02 +02:00 committed by Bhasher
parent 6033bebef3
commit a4a0b6219b
5 changed files with 88 additions and 20 deletions

View File

@ -20,6 +20,7 @@ services:
- "traefik.http.routers.jellyfin.tls=true"
- "traefik.http.routers.jellyfin.tls.certresolver=http"
networks:
- auth
- external
radarr:

View File

@ -0,0 +1,47 @@
services:
shlink:
container_name: shlink
image: shlinkio/shlink:latest
environment:
- DEFAULT_DOMAIN=s.bhasher.com
- IS_HTTPS_ENABLED=true
#- GEOLITE_LICENSE_KEY=${GEOLITE_LICENSE_KEY}
- DB_DRIVER=postgres
- DB_NAME=shlink
- DB_USER=postgres
- DB_PASSWORD=${POSTGRES_PASSWORD}
- DB_HOST=postgres
- DB_PORT=5432
#- REDIS_SERVERS=redis
- DEFAULT_QR_CODE_MARGIN=20
labels:
- "traefik.enable=true"
- "traefik.http.routers.shlink.rule=Host(`s.bhasher.com`)"
- "traefik.http.services.shlink.loadbalancer.server.port=8080"
- "traefik.http.routers.shlink.tls=true"
- "traefik.http.routers.shlink.tls.certresolver=http"
- "traefik.http.routers.shlink.entrypoints=internalsecure,externalsecure"
networks:
- external
- storage
shlink_ui:
container_name: shlink_ui
image: shlinkio/shlink-web-client
labels:
- "traefik.enable=true"
- "traefik.http.routers.shlinkui.rule=Host(`shlink.bhasher.com`)"
- "traefik.http.services.shlinkui.loadbalancer.server.port=80"
- "traefik.http.routers.shlinkui.tls=true"
- "traefik.http.routers.shlinkui.tls.certresolver=http"
- "traefik.http.routers.shlinkui.entrypoints=internalsecure,externalsecure"
volumes:
- $DATA/shlink/servers.json:/usr/share/nginx/html/servers.json
networks:
- external
networks:
external:
external: true
storage:
external: true

View File

@ -41,10 +41,6 @@ authentication_backend:
access_control:
default_policy: deny
rules:
- domain: '*.bhasher.com'
policy: two_factor
subject:
- "group:admin"
- domain: 'radarr.bhasher.com'
policy: one_factor
subject:
@ -57,6 +53,14 @@ access_control:
policy: one_factor
subject:
- "group:mediaserver"
- domain: 'lum.bhasher.com'
policy: two_factor
subject:
- "group:admin"
- domain: '*.bhasher.com'
policy: one_factor
subject:
- "group:admin"
session:
name: auth_session
@ -100,6 +104,19 @@ password_policy:
require_number: false
require_special: false
telemetry:
metrics:
enabled: true
address: "tcp://0.0.0.0:9959"
buffers:
read: 4096
write: 4096
timeouts:
read: 6s
write: 6s
idle: 30s
identity_providers:
oidc:
enforce_pkce: public_clients_only

View File

@ -34,3 +34,7 @@ scrape_configs:
static_configs:
- targets: ['traefik:8080']
- job_name: 'authelia'
scrape_interval: 15s
static_configs:
- targets: ['authelia:9959']

View File

@ -1,6 +1,6 @@
services:
prom_monitoring:
container_name: prom_monitoring
prometheus:
container_name: prometheus
image: prom/prometheus:latest
restart: unless-stopped
labels:
@ -94,7 +94,6 @@ services:
networks:
- monitoring
networks:
monitoring:
external: