kasperj/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

create folders and edgeweb

Browse Source
This commit is contained in:
Jake Kasper
2025-08-20 14:08:02 -04:00
parent 4206276725
commit 2deb975dae
5 changed files with 347 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
EdgeWeb/edgeweb-authentik.yaml Normal file
View File

@@ -0,0 +1,114 @@
services:
postgresql:
image: docker.io/library/postgres:16-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d authentik -U authentik"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
networks:
- authentik-net
volumes:
- /docker/authentik/db:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: authentik
POSTGRES_USER: authentik
POSTGRES_DB: authentik
redis:
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
networks:
- authentik-net
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- /docker/authentik/redis:/data
server:
image: ghcr.io/goauthentik/server:2025.6.4
restart: unless-stopped
command: server
environment:
AUTHENTIK_SECRET_KEY: F2rRTxbvERKsX2vma8Vq8ABjfierwj4VnvYwiFQ8h64ZPQ3Kx4Ks97mLnE94kyyWBWE4mnByvp9Z
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: authentik
AUTHENTIK_EMAIL_HOST: smtp.gmail.com
AUTHENTIK_EMAIL_PORT: 587
AUTHENTIK_EMAIL_USERNAME: jake@kaspers.us
AUTHENTIK_EMAIL_PASSWORD: oqozrafdhnjcihsc
AUTHENTIK_EMAIL_USE_TLS: true
AUTHENTIK_EMAIL_FROM: authentik@kaspers.us
AUTHENTIK_LOG_LEVEL: debug
AUTHENTIK_HOST: https://auth.kaspers.us
volumes:
- /docker/authentik/media:/media
- /docker/authentik/templates:/templates
- /docker/authentik/blueprints/:/blueprints/
ports:
- 9001:9000
- 9444:9443
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
- authentik-net
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.authentik.rule=Host(`auth.kaspers.us`)" # ⚠️ UPDATE to your domain
- "traefik.http.routers.authentik.entrypoints=websecure" # Assumes your HTTP entrypoint is 'web'
- "traefik.http.services.authentik.loadbalancer.server.port=9000"
- "traefik.http.routers.external.tls=true"
- "traefik.docker.network=proxy"
- "traefik.constraint=proxy-public"
- "traefik.http.middlewares.authentik-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.authentik.middlewares=authentik-headers@docker"
worker:
image: ghcr.io/goauthentik/server:2025.6.4
restart: unless-stopped
command: worker
networks:
- authentik-net
environment:
AUTHENTIK_SECRET_KEY: F2rRTxbvERKsX2vma8Vq8ABjfierwj4VnvYwiFQ8h64ZPQ3Kx4Ks97mLnE94kyyWBWE4mnByvp9Z
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: authentik
AUTHENTIK_LOG_LEVEL: debug
# `user: root` and the docker socket volume are optional.
# See more for the docker socket integration here:
# https://goauthentik.io/docs/outposts/integrations/docker
# Removing `user: root` also prevents the worker from fixing the permissions
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
# (1000:1000 by default)
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /docker/authentik/certs:/certs
- /docker/authentik/media:/media
- /docker/authentik/templates:/templates
- /docker/authentik/blueprints/:/blueprints/
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
authentik-net:
driver: bridge
proxy:
external: true

48
EdgeWeb/edgeweb-portainer.yaml Normal file
View File

@@ -0,0 +1,48 @@
# Docker Compose for Portainer with Traefik Labels
#
# This configuration deploys the Portainer Community Edition container
# and uses Docker labels to integrate it with a running Traefik instance.
#
version: '3.8'
services:
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: unless-stopped
# The command tells Portainer to manage the local Docker environment.
command: -H unix:///var/run/docker.sock
ports:
- 8000:8000/tcp
- 9443:9443/tcp
volumes:
# Mount the Docker socket to allow Portainer to manage containers.
- /var/run/docker.sock:/var/run/docker.sock
# A named volume for Portainer's persistent data.
- /docker/portainer:/data
networks:
# Connect Portainer to your existing Traefik proxy network.
# IMPORTANT: Replace 'proxy' with the actual name of your Traefik network.
- proxy
labels:
traefik.enable: 'true'
traefik.docker.network: proxy
traefik.http.routers.portainer.rule: Host(`edgeweb.kaspers.us`)
traefik.http.routers.portainer.entrypoints: 'websecure'
traefik.http.routers.portainer.tls.certresolver: 'letsencrypt'
traefik.http.services.portainer.loadbalancer.server.port: '9443'
traefik.http.services.portainer.loadbalancer.server.scheme: 'https'
traefik.http.routers.portainer.tls: 'true'
# --- Authentik Middleware (Optional) ---
# If you have Authentik configured as a middleware in Traefik,
# uncomment the line below to protect the Portainer dashboard.
# Replace 'authentik@docker' if your middleware has a different name.
# - "traefik.http.routers.portainer.middlewares=authentik@docker"
networks:
# Define the external network created by your main Traefik stack.
# This tells Docker Compose not to create a new network.
proxy:
external: true

12
EdgeWeb/edgeweb-traefik-env.env Normal file
View File

@@ -0,0 +1,12 @@
ROOT_DOMAIN=kaspers.us
HTTP_TIMEOUT=60
POLLING_INTERVAL=10
PROPAGATION_TIMEOUT=3600
TTL=300
PROVIDERS_GOOGLE_CLIENT_ID=<GOOGLE CLIENT ID>
PROVIDERS_GOOGLE_CLIENT_SECRET=<GOOGLE CLIENT SECRET>
SECRET=RandomTextGoesHere
WHITELIST=<YOUR GOOGLE ACCOUNT EMAIL>
LOG_LEVEL=INFO
ZONE_ID=7e2d1b9d7e0f7a5056bfaea28f070ba3
TUNNEL_TOKEN=eyJhIjoiNmZkNGQyNGRhNDNiNTgyZDY3NjA4ZmZlZjU1NDljNGEiLCJ0IjoiYTUxNjEwNWQtNTI3OC00MTVlLTkxZWQtNjg5ZGFkOWY3MjFiIiwicyI6Ik9HVmxNbU01TW1JdFl6RTJZeTAwWXpRekxXSmpOVE10WTJGbU9UZzNOVEF3WWpKaSJ9

173
EdgeWeb/edgeweb-traefik.yaml Normal file
View File

@@ -0,0 +1,173 @@
version: '3.8'
services:
reverse-proxy:
image: traefik:latest
command:
- "--log"
- "--log.level=debug"
- "--log.format=json"
- "--api.insecure=true"
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--providers.file.directory=/config"
- "--providers.file.watch=true"
- "--serversTransport.insecureSkipVerify=true" # Allow self-signed certificates for target hosts - https://doc.traefik.io/traefik/routing/overview/#insecureskipverify
- "--metrics"
- "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls=true"
- "--entrypoints.websecure.http.tls.certresolver=letsencrypt"
- "--entrypoints.webinternal.address=:82"
- "--certificatesresolvers.letsencrypt.acme.email=kasperj@gmail.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/letsencrypt.json"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=300"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=8.8.8.8:53"
environment:
- CLOUDFLARE_DNS_API_TOKEN=n-iAlyJaGKcJwUcbxiIYA6kmxTVPBF_ez-g0fglW
- CLOUDFLARE_API_KEY=n-iAlyJaGKcJwUcbxiIYA6kmxTVPBF_ez-g0fglW
- CLOUDFLARE_HTTP_TIMEOUT=${HTTP_TIMEOUT}
- CLOUDFLARE_POLLING_INTERVAL=${POLLING_INTERVAL}
- CLOUDFLARE_PROPAGATION_TIMEOUT=${PROPAGATION_TIMEOUT}
- CLOUDFLARE_TTL=${TTL}
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.api.rule=Host(`traefik-api.kaspers.us`)
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.entrypoints=websecure
- traefik.http.routers.api.tls=true
- traefik.http.services.api.loadbalancer.server.port=8080
- traefik.docker.network=proxy
- traefik.http.routers.api.tls.certresolver=letsencrypt
- traefik.http.routers.dashboard.rule=Host(`traefik.kaspers.us`)
- traefik.http.routers.dashboard.entrypoints=web
- traefik.http.routers.dashboard.service=api@internal
- traefik.http.routers.dashboard.tls=true
- traefik.http.routers.dashboard.tls.certresolver=letsencrypt
ports:
# HTTP
- target: 80
published: 80
# HTTPS
- target: 443
published: 443
# Web UI (enabled by --api.insecure=true)
- target: 8080
published: 8182
networks:
- proxy
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
- /docker/traefik/acme:/etc/traefik/acme/
- /docker/traefik/origcerts:/etc/traefik/certs/
- /docker/traefik:/config
- /docker/traefik/cloudflare:/cloudflare
# traefik-forward-auth:
# image: thomseddon/traefik-forward-auth:2.1.0
# networks:
# - traefik
# environment:
# - PROVIDERS_GOOGLE_CLIENT_ID=${PROVIDERS_GOOGLE_CLIENT_ID}
# - PROVIDERS_GOOGLE_CLIENT_SECRET=${PROVIDERS_GOOGLE_CLIENT_SECRET}
# - SECRET=${SECRET}
# - AUTH_HOST=auth.${ROOT_DOMAIN}
# - COOKIE_DOMAIN=${ROOT_DOMAIN}
# - WHITELIST=${WHITELIST}
# deploy:
# labels:
# - traefik.enable=true
# - traefik.docker.network=traefik
#
# - traefik.http.routers.auth.rule=Host(`auth.${ROOT_DOMAIN}`)
# - traefik.http.routers.auth.entrypoints=websecure
# - traefik.http.routers.auth.tls=true
# - traefik.http.routers.auth.tls.domains[0].main=${ROOT_DOMAIN}
# - traefik.http.routers.auth.tls.domains[0].sans=*.${ROOT_DOMAIN}
# - traefik.http.routers.auth.tls.certresolver=letsencrypt
# - traefik.http.routers.auth.service=auth@docker
#
# - traefik.http.services.auth.loadbalancer.server.port=4181
#
# - traefik.http.middlewares.forward-auth.forwardauth.address=http://traefik-forward-auth:4181
# - traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true
# - traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User
#
# - traefik.http.routers.auth.middlewares=forward-auth
#
# - traefik.constraint=proxy-public
tunnel:
container_name: cloudflared-tunnel
image: cloudflare/cloudflared
restart: unless-stopped
command: tunnel run
networks:
- proxy
environment:
- TUNNEL_TOKEN=${TUNNEL_TOKEN}
error-pages:
image: tarampampam/error-pages:2.26.0
environment:
TEMPLATE_NAME: l7-dark
networks:
- proxy
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=proxy
# use as "fallback" for any non-registered services (with priority below normal)
- traefik.http.routers.error-pages.rule=HostRegexp(`{host:.+}`)
- traefik.http.routers.error-pages.priority=10
# should say that all of your services work on https
- traefik.http.routers.error-pages.tls='true'
- traefik.http.routers.error-pages.entrypoints=websecure
- traefik.http.routers.error-pages.middlewares=error-pages
- traefik.http.services.error-pages.loadbalancer.server.port=8080
# "errors" middleware settings
- traefik.http.middlewares.error-pages.errors.status=400-599
- traefik.http.middlewares.error-pages.errors.service=error-pages
- traefik.http.middlewares.error-pages.errors.query=/{status}.html
cloudflare-companion:
image: ghcr.io/tiredofit/docker-traefik-cloudflare-companion:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- TIMEZONE=America/New_York
- LOG_TYPE=CONSOLE
- LOG_LEVEL=INFO
- TRAEFIK_VERSION=2
- RC_TYPE=CNAME
- TARGET_DOMAIN=a516105d-5278-415e-91ed-689dad9f721b.cfargotunnel.com
- DOMAIN1_TARGET_DOMAIN=a516105d-5278-415e-91ed-689dad9f721b.cfargotunnel.com
- REFRESH_ENTRIES=TRUE
- TRAEFIK_DEFAULT_RULE=FALSE
- TRAEFIK_ENABLE_LABEL_ONLY=TRUE
- DEFAULT_MODE=SKIP
- PURGE_ON_DELETE=TRUE
- ENABLE_TRAEFIK_POLL=TRUE
- TRAEFIK_POLL_URL=http://reverse-proxy:8080/
- TRAEFIK_FILTER_LABEL=traefik.constraint
- TRAEFIK_FILTER=proxy-public
- DOMAIN1=${ROOT_DOMAIN}
- DOMAIN1_ZONE_ID=${ZONE_ID}
- DOMAIN1_PROXIED=TRUE
- TRAEFIK_EXCLUDED_HOST1=.*
- CF_TOKEN=n-iAlyJaGKcJwUcbxiIYA6kmxTVPBF_ez-g0fglW
restart: always
networks:
- proxy
networks:
proxy:
external: true

0
docuseal.yaml → QNAP/docuseal.yaml
View File