Fix traefik/authelia bugs
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
@@ -38,9 +38,6 @@ in
|
||||
|
||||
"authelia-configuration.yaml".content = builtins.readFile (
|
||||
(pkgs.formats.yaml { }).generate "configuration.yaml" {
|
||||
theme = "auto";
|
||||
telemetry.metrics.enabled = true;
|
||||
|
||||
authentication_backend = {
|
||||
refresh_interval = "always";
|
||||
file = {
|
||||
@@ -52,6 +49,8 @@ in
|
||||
password_policy.zxcvbn.enabled = true;
|
||||
access_control.default_policy = "deny";
|
||||
|
||||
server.endpoints.authz.forward-auth.implementation = "ForwardAuth";
|
||||
|
||||
session = {
|
||||
secret = hmConfig.sops.placeholder."authelia/session";
|
||||
|
||||
@@ -98,6 +97,8 @@ in
|
||||
password = hmConfig.sops.placeholder."authelia/smtp";
|
||||
sender = "jupiter@karaolidis.com";
|
||||
};
|
||||
|
||||
theme = "auto";
|
||||
}
|
||||
);
|
||||
|
||||
@@ -162,7 +163,6 @@ in
|
||||
labels = [
|
||||
"traefik.enable=true"
|
||||
"traefik.http.routers.authelia.rule=Host(`id.karaolidis.com`)"
|
||||
"traefik.http.routers.authelia.tls.certresolver=letsencrypt"
|
||||
|
||||
"traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true"
|
||||
"traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth"
|
||||
|
||||
@@ -71,9 +71,6 @@ in
|
||||
enable-signup = false;
|
||||
enable-login = true;
|
||||
enable-reservations = false;
|
||||
|
||||
enable-metrics = true;
|
||||
metrics-listen-http = ":8080";
|
||||
}
|
||||
);
|
||||
|
||||
@@ -130,7 +127,6 @@ in
|
||||
labels = [
|
||||
"traefik.enable=true"
|
||||
"traefik.http.routers.ntfy.rule=Host(`ntfy.karaolidis.com`)"
|
||||
"traefik.http.routers.ntfy.tls.certresolver=letsencrypt"
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
@@ -58,24 +58,25 @@ in
|
||||
|
||||
"--providers.docker=true"
|
||||
"--providers.docker.exposedbydefault=false"
|
||||
"--providers.docker.network=systemd-traefik"
|
||||
|
||||
"--entryPoints.web.address=:80"
|
||||
"--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
||||
"--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
||||
"--entryPoints.web.http3"
|
||||
"--entrypoints.web.forwardedHeaders.insecure=true"
|
||||
"--entryPoints.http.address=:80"
|
||||
"--entrypoints.http.http.redirections.entryPoint.to=https"
|
||||
"--entrypoints.http.http.redirections.entryPoint.scheme=https"
|
||||
"--entryPoints.http.http3"
|
||||
"--entrypoints.http.forwardedHeaders.insecure=true"
|
||||
|
||||
"--entryPoints.websecure.address=:443"
|
||||
"--entryPoints.websecure.asDefault=true"
|
||||
"--entrypoints.websecure.http.tls=true"
|
||||
"--entrypoints.websecure.http.tls.certResolver=letsencrypt"
|
||||
"--entrypoints.websecure.http.tls.domains[0].main=karaolidis.com"
|
||||
"--entrypoints.websecure.http.tls.domains[0].sans=*.karaolidis.com"
|
||||
"--entrypoints.websecure.http.tls.domains[1].main=krlds.com"
|
||||
"--entrypoints.websecure.http.tls.domains[1].sans=*.krlds.com"
|
||||
"--entrypoints.websecure.http.middlewares=compress@docker"
|
||||
"--entryPoints.websecure.http3"
|
||||
"--entrypoints.websecure.forwardedHeaders.insecure=true"
|
||||
"--entryPoints.https.address=:443"
|
||||
"--entryPoints.https.asDefault=true"
|
||||
"--entrypoints.https.http.tls=true"
|
||||
"--entrypoints.https.http.tls.certResolver=letsencrypt"
|
||||
"--entrypoints.https.http.tls.domains[0].main=karaolidis.com"
|
||||
"--entrypoints.https.http.tls.domains[0].sans=*.karaolidis.com"
|
||||
"--entrypoints.https.http.tls.domains[1].main=krlds.com"
|
||||
"--entrypoints.https.http.tls.domains[1].sans=*.krlds.com"
|
||||
"--entrypoints.https.http.middlewares=compress@docker"
|
||||
"--entryPoints.https.http3"
|
||||
"--entrypoints.https.forwardedHeaders.insecure=true"
|
||||
|
||||
"--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
|
||||
"--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
|
||||
@@ -84,10 +85,14 @@ in
|
||||
];
|
||||
labels = [
|
||||
"traefik.enable=true"
|
||||
"traefik.http.routers.traefik.rule=Host(`proxy.karaolidis.com`)"
|
||||
"traefik.http.routers.traefik.tls.certresolver=letsencrypt"
|
||||
"traefik.http.routers.traefik.service: 'api@internal'"
|
||||
"traefik.http.routers.traefik.middlewares: 'authelia@docker'"
|
||||
|
||||
"traefik.http.routers.traefik-dashboard.rule=Host(`proxy.karaolidis.com`)"
|
||||
"traefik.http.routers.traefik-dashboard.service=dashboard@internal"
|
||||
"traefik.http.routers.traefik-dashboard.middlewares=authelia@docker"
|
||||
|
||||
"traefik.http.routers.traefik-api.rule='Host(`proxy.karaolidis.com`) && PathPrefix(`/api`)'"
|
||||
"traefik.http.routers.traefik-api.service=api@internal"
|
||||
"traefik.http.routers.traefik-api.middlewares=authelia@docker"
|
||||
|
||||
"traefik.http.middlewares.compress.compress=true"
|
||||
# TODO: Middlewares: Headers
|
||||
@@ -104,6 +109,7 @@ in
|
||||
After = [
|
||||
"traefik-http.socket"
|
||||
"traefik-https.socket"
|
||||
"${containers.authelia._serviceName}.service"
|
||||
"sops-nix.service"
|
||||
];
|
||||
|
||||
@@ -137,7 +143,7 @@ in
|
||||
"traefik-http" = {
|
||||
Socket = {
|
||||
ListenStream = "0.0.0.0:80";
|
||||
FileDescriptorName = "web";
|
||||
FileDescriptorName = "http";
|
||||
Service = "${containers.traefik._serviceName}.service";
|
||||
};
|
||||
|
||||
@@ -149,7 +155,7 @@ in
|
||||
"traefik-https" = {
|
||||
Socket = {
|
||||
ListenStream = "0.0.0.0:443";
|
||||
FileDescriptorName = "websecure";
|
||||
FileDescriptorName = "https";
|
||||
Service = "${containers.traefik._serviceName}.service";
|
||||
};
|
||||
|
||||
|
||||
@@ -26,7 +26,6 @@ in
|
||||
labels = [
|
||||
"traefik.enable=true"
|
||||
"traefik.http.routers.whoami.rule=Host(`whoami.karaolidis.com`)"
|
||||
"traefik.http.routers.whoami.tls.certresolver=letsencrypt"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user