Skip to content
Snippets Groups Projects
docker-compose.yml 1.77 KiB
services:
    
  vnc:
    build: .
    restart: always
    environment:
      DISPLAY_WIDTH: 1440
      DISPLAY_HEIGHT: 900
      RUN_XTERM: "no"
    volumes:
      - /srv/jameica:/jameica/
      - /srv/data-jameica:/jameica-data/
      - {{basedir}}/work:/jameica-work/
    networks:
      - default
    labels:
      - com.centurylinklabs.watchtower.enable=false
      - traefik.enable=true
      - traefik.http.routers.{{ servicename }}.middlewares={{ servicename }}-auth
      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=8080


  auth:
    image: thomseddon/traefik-forward-auth:2.2
    restart: always
    environment: 
      LOG_LEVEL: info
      DEFAULT_ACTION: auth
      DEFAULT_PROVIDER: generic-oauth
      SECRET: {{ forward_auth_secret }}
      PROVIDERS_GENERIC_OAUTH_AUTH_URL: {{ oauth_global.authorize_url }}
      PROVIDERS_GENERIC_OAUTH_TOKEN_URL: {{ oauth_global.token_url }}
      PROVIDERS_GENERIC_OAUTH_USER_URL: {{ oauth_global.userinfo_url }}
      PROVIDERS_GENERIC_OAUTH_CLIENT_ID: {{ servicename }}
      PROVIDERS_GENERIC_OAUTH_CLIENT_SECRET: {{ oauth_client_secret }}
      PROVIDERS_GENERIC_OAUTH_SCOPE: profile
      PROVIDERS_GENERIC_OAUTH_TOKEN_STYLE: header
    labels:
      - com.centurylinklabs.watchtower.enable=false
      - traefik.enable=true
      - traefik.http.middlewares.{{ servicename }}-auth.forwardauth.address=http://auth:4181
      - traefik.http.middlewares.{{ servicename }}-auth.forwardauth.authResponseHeaders=X-Forwarded-User
      - traefik.http.services.{{ servicename }}-auth.loadbalancer.server.port=4181
    networks:
      - default
      - web

networks:
  web:
    external: true