docker-compose.yml 1.77 KiB
services:
vnc:
build: .
restart: always
environment:
DISPLAY_WIDTH: 1440
DISPLAY_HEIGHT: 900
RUN_XTERM: "no"
volumes:
- /srv/jameica:/jameica/
- /srv/data-jameica:/jameica-data/
- {{basedir}}/work:/jameica-work/
networks:
- default
labels:
- com.centurylinklabs.watchtower.enable=false
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.middlewares={{ servicename }}-auth
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=8080
auth:
image: thomseddon/traefik-forward-auth:2.2
restart: always
environment:
LOG_LEVEL: info
DEFAULT_ACTION: auth
DEFAULT_PROVIDER: generic-oauth
SECRET: {{ forward_auth_secret }}
PROVIDERS_GENERIC_OAUTH_AUTH_URL: {{ oauth_global.authorize_url }}
PROVIDERS_GENERIC_OAUTH_TOKEN_URL: {{ oauth_global.token_url }}
PROVIDERS_GENERIC_OAUTH_USER_URL: {{ oauth_global.userinfo_url }}
PROVIDERS_GENERIC_OAUTH_CLIENT_ID: {{ servicename }}
PROVIDERS_GENERIC_OAUTH_CLIENT_SECRET: {{ oauth_client_secret }}
PROVIDERS_GENERIC_OAUTH_SCOPE: profile
PROVIDERS_GENERIC_OAUTH_TOKEN_STYLE: header
labels:
- com.centurylinklabs.watchtower.enable=false
- traefik.enable=true
- traefik.http.middlewares.{{ servicename }}-auth.forwardauth.address=http://auth:4181
- traefik.http.middlewares.{{ servicename }}-auth.forwardauth.authResponseHeaders=X-Forwarded-User
- traefik.http.services.{{ servicename }}-auth.loadbalancer.server.port=4181
networks:
- default
- web
networks:
web:
external: true