IDP update
This commit is contained in:
parent
6033bebef3
commit
a4a0b6219b
|
@ -20,6 +20,7 @@ services:
|
|||
- "traefik.http.routers.jellyfin.tls=true"
|
||||
- "traefik.http.routers.jellyfin.tls.certresolver=http"
|
||||
networks:
|
||||
- auth
|
||||
- external
|
||||
|
||||
radarr:
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
services:
|
||||
shlink:
|
||||
container_name: shlink
|
||||
image: shlinkio/shlink:latest
|
||||
environment:
|
||||
- DEFAULT_DOMAIN=s.bhasher.com
|
||||
- IS_HTTPS_ENABLED=true
|
||||
#- GEOLITE_LICENSE_KEY=${GEOLITE_LICENSE_KEY}
|
||||
- DB_DRIVER=postgres
|
||||
- DB_NAME=shlink
|
||||
- DB_USER=postgres
|
||||
- DB_PASSWORD=${POSTGRES_PASSWORD}
|
||||
- DB_HOST=postgres
|
||||
- DB_PORT=5432
|
||||
#- REDIS_SERVERS=redis
|
||||
- DEFAULT_QR_CODE_MARGIN=20
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.shlink.rule=Host(`s.bhasher.com`)"
|
||||
- "traefik.http.services.shlink.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.shlink.tls=true"
|
||||
- "traefik.http.routers.shlink.tls.certresolver=http"
|
||||
- "traefik.http.routers.shlink.entrypoints=internalsecure,externalsecure"
|
||||
networks:
|
||||
- external
|
||||
- storage
|
||||
|
||||
shlink_ui:
|
||||
container_name: shlink_ui
|
||||
image: shlinkio/shlink-web-client
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.shlinkui.rule=Host(`shlink.bhasher.com`)"
|
||||
- "traefik.http.services.shlinkui.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.shlinkui.tls=true"
|
||||
- "traefik.http.routers.shlinkui.tls.certresolver=http"
|
||||
- "traefik.http.routers.shlinkui.entrypoints=internalsecure,externalsecure"
|
||||
volumes:
|
||||
- $DATA/shlink/servers.json:/usr/share/nginx/html/servers.json
|
||||
networks:
|
||||
- external
|
||||
|
||||
networks:
|
||||
external:
|
||||
external: true
|
||||
storage:
|
||||
external: true
|
|
@ -41,10 +41,6 @@ authentication_backend:
|
|||
access_control:
|
||||
default_policy: deny
|
||||
rules:
|
||||
- domain: '*.bhasher.com'
|
||||
policy: two_factor
|
||||
subject:
|
||||
- "group:admin"
|
||||
- domain: 'radarr.bhasher.com'
|
||||
policy: one_factor
|
||||
subject:
|
||||
|
@ -57,6 +53,14 @@ access_control:
|
|||
policy: one_factor
|
||||
subject:
|
||||
- "group:mediaserver"
|
||||
- domain: 'lum.bhasher.com'
|
||||
policy: two_factor
|
||||
subject:
|
||||
- "group:admin"
|
||||
- domain: '*.bhasher.com'
|
||||
policy: one_factor
|
||||
subject:
|
||||
- "group:admin"
|
||||
|
||||
session:
|
||||
name: auth_session
|
||||
|
@ -100,6 +104,19 @@ password_policy:
|
|||
require_number: false
|
||||
require_special: false
|
||||
|
||||
telemetry:
|
||||
metrics:
|
||||
enabled: true
|
||||
address: "tcp://0.0.0.0:9959"
|
||||
buffers:
|
||||
read: 4096
|
||||
write: 4096
|
||||
timeouts:
|
||||
read: 6s
|
||||
write: 6s
|
||||
idle: 30s
|
||||
|
||||
|
||||
identity_providers:
|
||||
oidc:
|
||||
enforce_pkce: public_clients_only
|
||||
|
|
|
@ -34,3 +34,7 @@ scrape_configs:
|
|||
static_configs:
|
||||
- targets: ['traefik:8080']
|
||||
|
||||
- job_name: 'authelia'
|
||||
scrape_interval: 15s
|
||||
static_configs:
|
||||
- targets: ['authelia:9959']
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
services:
|
||||
prom_monitoring:
|
||||
container_name: prom_monitoring
|
||||
prometheus:
|
||||
container_name: prometheus
|
||||
image: prom/prometheus:latest
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
|
@ -94,7 +94,6 @@ services:
|
|||
networks:
|
||||
- monitoring
|
||||
|
||||
|
||||
networks:
|
||||
monitoring:
|
||||
external:
|
||||
|
|
Loading…
Reference in New Issue