kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix variable substitution in users_database.yml

Browse Source 
- Update localize_users_database_file to properly resolve nested variables in AUTHELIA_ADMIN_EMAIL
- Fix template to use correct AUTHELIA_* variables instead of DEFAULT_* variables
- Update deploy-core.sh to only process files containing variables and fix .env path
- Fix file permissions for authelia config files
This commit is contained in:
Kelin
2026-02-03 22:48:27 -05:00
parent e2a654b3f4
commit 59cd225e0e
14 changed files with 278 additions and 259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docker-compose/core/authelia/config/configuration.yml
View File

@@ -11,12 +11,12 @@ log:
theme: dark
jwt_secret: ${AUTHELIA_JWT_SECRET}
jwt_secret: 4f263cdfa9929d007551fd5a5a6b552f7e17127cc4bb425b375a8532631d527b6b591a560a784552a33767699391973799e7472b679e7f94fcf4aca2ce5b2efc
default_redirection_url: https://auth.${DOMAIN}
default_redirection_url: https://auth.kelinreij.duckdns.org
totp:
issuer: ${DOMAIN}
issuer: kelinreij.duckdns.org
period: 30
skew: 1
@@ -36,34 +36,34 @@ access_control:
rules:
# Bypass Authelia for Jellyfin (allow app access)
- domain: jellyfin.${DOMAIN}
- domain: jellyfin.kelinreij.duckdns.org
policy: bypass
# Bypass for Plex (allow app access)
- domain: plex.${DOMAIN}
- domain: plex.kelinreij.duckdns.org
policy: bypass
# Bypass for Home Assistant (has its own auth)
- domain: ha.${DOMAIN}
- domain: ha.kelinreij.duckdns.org
policy: bypass
# Protected: All other services require authentication
- domain: "*.${DOMAIN}"
- domain: "*.kelinreij.duckdns.org"
policy: one_factor
# Two-factor for admin services (optional)
# - domain:
# - "admin.${DOMAIN}"
# - "portainer.${DOMAIN}"
# - "admin.kelinreij.duckdns.org"
# - "portainer.kelinreij.duckdns.org"
# policy: two_factor
session:
name: authelia_session
secret: ${AUTHELIA_SESSION_SECRET}
secret: 3ba018547a24dfd49ae55f23b5b75377ec93f5957707e2a669b0a49966df745a5b062eee3f7356e0abae21452915bdd30a32f404ec0a2a7a957c93a2fa2a94c8
expiration: 24h # Session expires after 24 hours
inactivity: 24h # Session expires after 24 hours of inactivity
remember_me_duration: 1M
domain: ${DOMAIN}
domain: kelinreij.duckdns.org
regulation:
max_retries: 3
@@ -71,7 +71,7 @@ regulation:
ban_time: 5m
storage:
encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
encryption_key: dd23db430500eb630e469d5cf0f77dd597649bd4d1a90c02ad673286d8eb9aa8f55435655435d40033751003fc764a173944dbc3ad89d57330e185269792a4b7
local:
path: /config/db.sqlite3

BIN
docker-compose/core/authelia/config/db.sqlite3 Normal file
View File

Binary file not shown.

0
docker-compose/core/authelia/config/notification.txt Normal file
View File

22
docker-compose/core/authelia/config/users_database.yml
View File

@@ -1,20 +1,12 @@
# Authelia Users Database
# Copy to /opt/stacks/authelia/users_database.yml
# Generate password hashes with: docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'yourpassword'
###############################################################
# Users Database #
###############################################################
users:
${AUTHELIA_ADMIN_USER}:
displayname: ${AUTHELIA_ADMIN_USER}
password: "${AUTHELIA_ADMIN_PASSWORD_HASH}"
email: ${AUTHELIA_ADMIN_EMAIL}
kelin:
displayname: "kelin"
password: "$argon2id$v=19$m=65536,t=3,p=4$e97MzVuvteD5VfHT+Kw9Ew$NnK63ABYKRm5d8nWG7Z8dbRBJfhhHjaf71zQ354KSN4"
email: kelinshomelab@gmail.com
groups:
- admins
- users
# Example: Additional user
# user1:
# displayname: "User One"
# password: "$argon2id$v=19$m=65536,t=3,p=4$CHANGEME"
# email: user1@example.com
# groups:
# - users

8
docker-compose/core/authelia/config/users_database.yml.template
View File

@@ -3,10 +3,10 @@
###############################################################
users:
${DEFAULT_USER}:
displayname: "Administrator"
password: "${DEFAULT_PASSWORD_HASH}" # Generate with: docker run authelia/authelia:latest authelia crypto hash generate pbkdf2 --password 'yourpassword'
email: ${DEFAULT_EMAIL}
${AUTHELIA_ADMIN_USER}:
displayname: "${AUTHELIA_ADMIN_USER}"
password: "${AUTHELIA_ADMIN_PASSWORD_HASH}"
email: ${AUTHELIA_ADMIN_EMAIL}
groups:
- admins
- users

19
docker-compose/core/authelia/secrets/users_database.yml Normal file
View File

@@ -0,0 +1,19 @@
# yamllint disable rule:line-length
---
###############################################################
# Users Database #
###############################################################
# This file can be used if you do not have an LDAP set up.
users:
authelia:
disabled: false
displayname: "Test User"
password: "$argon2id$v=19$m=32768,t=1,p=8$eUhVT1dQa082YVk2VUhDMQ$E8QI4jHbUBt3EdsU1NFDu4Bq5jObKNx7nBKSn1EYQxk" # Password is 'authelia'
email: authelia@authelia.com
groups:
- admins
- dev
...
# yamllint enable rule:line-length

19
docker-compose/core/deploy-core.sh
View File

@@ -6,16 +6,16 @@ set -e
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_DIR="/home/kelin/EZ-Homelab" # Fixed repo path since script runs from /opt/stacks/core
REPO_DIR="$HOME/EZ-Homelab"
source "$REPO_DIR/scripts/common.sh"
log_info "Deploying core stack..."
# Load environment
load_env_file_safely .env
load_env_file_safely "$REPO_DIR/.env"
# Copy fresh templates
cp "$REPO_DIR/docker-compose/core/authelia/secrets/users_database.yml" "./authelia/secrets/users_database.yml"
# cp "$REPO_DIR/docker-compose/core/authelia/secrets/users_database.yml" "./authelia/secrets/users_database.yml"
# Localize labels in compose file (only replaces variables in labels, not environment sections)
localize_compose_labels docker-compose.yml
@@ -23,7 +23,7 @@ localize_compose_labels docker-compose.yml
# Localize config files - Process all YAML config files (excluding docker-compose.yml)
# This performs FULL variable replacement on config files like:
# - authelia/config/configuration.yml
# - authelia/secrets/users_database.yml <- HANDLED SPECIALLY to preserve password hashes
# - authelia/config/users_database.yml <- HANDLED SPECIALLY to preserve password hashes
# - traefik/dynamic/*.yml
#
# Why exclude docker-compose.yml?
@@ -35,10 +35,13 @@ localize_compose_labels docker-compose.yml
# nested variables like ${AUTHELIA_ADMIN_PASSWORD_HASH} or ${SERVICE_NAME}.${DOMAIN}
# The localize_users_database_file function handles password hashes specially to avoid corruption
for config_file in $(find . -name "*.yml" -o -name "*.yaml" | grep -v docker-compose.yml); do
if [[ "$config_file" == *"users_database.yml" ]]; then
localize_users_database_file "$config_file"
else
localize_config_file "$config_file"
# Only process files that contain variables (have ${ in them)
if grep -q '\${' "$config_file"; then
if [[ "$config_file" == *"users_database.yml" ]]; then
localize_users_database_file "$config_file"
else
localize_config_file "$config_file"
fi
fi
done

12
docker-compose/core/docker-compose.yml
View File

@@ -48,7 +48,7 @@ services:
- 'homelab.category=core'
- 'homelab.description=Reverse proxy and SSL termination'
- 'traefik.enable=true'
- 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)'
- 'traefik.http.routers.traefik.rule=Host(`traefik.kelinreij.duckdns.org`)'
- 'traefik.http.routers.traefik.entrypoints=websecure'
- 'traefik.http.routers.traefik.tls.certresolver=letsencrypt'
- 'traefik.http.routers.traefik.middlewares=authelia@docker'
@@ -80,13 +80,13 @@ services:
# If Traefik is on a remote server: these labels are NOT USED;
# configure external yml files in /traefik/dynamic folder instead.
- 'traefik.enable=true'
- 'traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)'
- 'traefik.http.routers.authelia.rule=Host(`auth.kelinreij.duckdns.org`)'
- 'traefik.http.routers.authelia.entrypoints=websecure'
- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
- 'traefik.http.routers.authelia.service=authelia'
- 'traefik.http.services.authelia.loadbalancer.server.port=9091'
# Authelia forward auth middleware configuration
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/'
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/'
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=X-Secret'
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
@@ -127,7 +127,7 @@ networks:
x-dockge:
urls:
- https://auth.${DOMAIN}
- https://auth.kelinreij.duckdns.org
- http://192.168.4.11:9091
- https://traefik.${DOMAIN}
- http://192.168.4.11:8080
- https://traefik.kelinreij.duckdns.org
- http://192.168.4.11:8080

5
docker-compose/core/duckdns/config/logrotate.conf Normal file
View File

@@ -0,0 +1,5 @@
/config/duck.log {
rotate 5
size 100k
compress
}

4
docker-compose/core/traefik/dynamic/external-host-homeassistant.yml
View File

@@ -2,7 +2,7 @@ http:
routers:
# Individual Services
homeassistant:
rule: "Host(`hass.${DOMAIN}`)"
rule: "Host(`hass.kelinreij.duckdns.org`)"
entryPoints:
- websecure
service: homeassistant
@@ -15,5 +15,5 @@ http:
homeassistant:
loadBalancer:
servers:
- url: "http://${HOMEASSISTANT_IP}:8123"
- url: "http://:8123"
passHostHeader: true

248
docker-compose/core/traefik/dynamic/local-host-production.yml
View File

@@ -1,101 +1,101 @@
http:
routers:
# Remote Server Services (${REMOTE_SERVER_HOSTNAME})
dockge-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`dockge.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
# Remote Server Services (your-remote-server)
dockge-your-remote-server:
rule: "Host(`dockge.your-remote-server.kelinreij.duckdns.org`)"
entryPoints:
- websecure
service: dockge-${REMOTE_SERVER_HOSTNAME}
service: dockge-your-remote-server
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
dozzle-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`dozzle.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
dozzle-your-remote-server:
rule: "Host(`dozzle.your-remote-server.kelinreij.duckdns.org`)"
entryPoints:
- websecure
service: dozzle-${REMOTE_SERVER_HOSTNAME}
service: dozzle-your-remote-server
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
glances-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`glances.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
glances-your-remote-server:
rule: "Host(`glances.your-remote-server.kelinreij.duckdns.org`)"
entryPoints:
- websecure
service: glances-${REMOTE_SERVER_HOSTNAME}
service: glances-your-remote-server
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
backrest-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`backrest.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
backrest-your-remote-server:
rule: "Host(`backrest.your-remote-server.kelinreij.duckdns.org`)"
entryPoints:
- websecure
service: backrest-${REMOTE_SERVER_HOSTNAME}
service: backrest-your-remote-server
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
duplicati-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`duplicati.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
duplicati-your-remote-server:
rule: "Host(`duplicati.your-remote-server.kelinreij.duckdns.org`)"
entryPoints:
- websecure
service: duplicati-${REMOTE_SERVER_HOSTNAME}
service: duplicati-your-remote-server
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
homepage-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`homepage.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
homepage-your-remote-server:
rule: "Host(`homepage.your-remote-server.kelinreij.duckdns.org`)"
entryPoints:
- websecure
service: homepage-${REMOTE_SERVER_HOSTNAME}
service: homepage-your-remote-server
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
homarr-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`homarr.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
homarr-your-remote-server:
rule: "Host(`homarr.your-remote-server.kelinreij.duckdns.org`)"
entryPoints:
- websecure
service: homarr-${REMOTE_SERVER_HOSTNAME}
service: homarr-your-remote-server
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
grafana-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`grafana.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
grafana-your-remote-server:
rule: "Host(`grafana.your-remote-server.kelinreij.duckdns.org`)"
entryPoints:
- websecure
service: grafana-${REMOTE_SERVER_HOSTNAME}
service: grafana-your-remote-server
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
prometheus-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`prometheus.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
prometheus-your-remote-server:
rule: "Host(`prometheus.your-remote-server.kelinreij.duckdns.org`)"
entryPoints:
- websecure
service: prometheus-${REMOTE_SERVER_HOSTNAME}
service: prometheus-your-remote-server
tls:
certResolver: letsencrypt
middlewares:
- authelia@docker
uptime-kuma-${REMOTE_SERVER_HOSTNAME}:
rule: "Host(`status.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
uptime-kuma-your-remote-server:
rule: "Host(`status.your-remote-server.kelinreij.duckdns.org`)"
entryPoints:
- websecure
service: uptime-kuma-${REMOTE_SERVER_HOSTNAME}
service: uptime-kuma-your-remote-server
tls:
certResolver: letsencrypt
middlewares:
@@ -103,286 +103,286 @@ http:
# Service Definitions
services:
backrest-${SERVER_HOSTNAME}:
backrest-jasper:
loadBalancer:
servers:
- url: "http://${SERVER_IP}:9898"
- url: "http://192.168.4.4:9898"
passHostHeader: true
vaultwarden-${SERVER_HOSTNAME}:
vaultwarden-jasper:
loadBalancer:
servers:
- url: "http://${SERVER_IP}:8091"
- url: "http://192.168.4.4:8091"
passHostHeader: true
bookstack-${SERVER_HOSTNAME}:
bookstack-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:6875"
- url: "http://192.168.4.4:6875"
passHostHeader: true
calibre-web-${SERVER_HOSTNAME}:
calibre-web-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8083"
- url: "http://192.168.4.4:8083"
passHostHeader: true
code-${SERVER_HOSTNAME}:
code-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8079"
- url: "http://192.168.4.4:8079"
passHostHeader: true
dockge-${SERVER_HOSTNAME}:
dockge-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:5001"
- url: "http://192.168.4.4:5001"
passHostHeader: true
dockhand-${SERVER_HOSTNAME}:
dockhand-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:3003"
- url: "http://192.168.4.4:3003"
passHostHeader: true
dokuwiki-${SERVER_HOSTNAME}:
dokuwiki-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8087"
- url: "http://192.168.4.4:8087"
passHostHeader: true
dozzle-${SERVER_HOSTNAME}:
dozzle-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8085"
- url: "http://192.168.4.4:8085"
passHostHeader: true
duplicati-${SERVER_HOSTNAME}:
duplicati-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8200"
- url: "http://192.168.4.4:8200"
passHostHeader: true
ez-assistant-${SERVER_HOSTNAME}:
ez-assistant-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:18789" # Internal IP of ${SERVER_HOSTNAME} server
- url: "http://192.168.4.4:18789" # Internal IP of jasper server
passHostHeader: true
formio-${SERVER_HOSTNAME}:
formio-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:3002"
- url: "http://192.168.4.4:3002"
passHostHeader: true
gitea-${SERVER_HOSTNAME}:
gitea-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:3010"
- url: "http://192.168.4.4:3010"
passHostHeader: true
glances-${SERVER_HOSTNAME}:
glances-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:61208"
- url: "http://192.168.4.4:61208"
passHostHeader: true
homarr-${SERVER_HOSTNAME}:
homarr-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:7575"
- url: "http://192.168.4.4:7575"
passHostHeader: true
homepage-${SERVER_HOSTNAME}:
homepage-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:3000"
- url: "http://192.168.4.4:3000"
passHostHeader: true
jellyfin-${SERVER_HOSTNAME}:
jellyfin-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8096"
- url: "http://192.168.4.4:8096"
passHostHeader: true
jupyter-${SERVER_HOSTNAME}:
jupyter-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8890"
- url: "http://192.168.4.4:8890"
passHostHeader: true
kopia-${SERVER_HOSTNAME}:
kopia-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:51515"
- url: "http://192.168.4.4:51515"
passHostHeader: true
mealie-${SERVER_HOSTNAME}:
mealie-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:9000"
- url: "http://192.168.4.4:9000"
passHostHeader: true
mediawiki-${SERVER_HOSTNAME}:
mediawiki-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8086"
- url: "http://192.168.4.4:8086"
passHostHeader: true
motioneye-${SERVER_HOSTNAME}:
motioneye-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8081"
- url: "http://192.168.4.4:8081"
passHostHeader: true
nextcloud-${SERVER_HOSTNAME}:
nextcloud-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8089"
- url: "http://192.168.4.4:8089"
passHostHeader: true
openkm-${SERVER_HOSTNAME}:
openkm-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:18080"
- url: "http://192.168.4.4:18080"
passHostHeader: true
openwebui-${SERVER_HOSTNAME}:
openwebui-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:3000"
- url: "http://192.168.4.4:3000"
passHostHeader: true
qbittorrent-${SERVER_HOSTNAME}:
qbittorrent-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8081"
- url: "http://192.168.4.4:8081"
passHostHeader: true
tdarr-${SERVER_HOSTNAME}:
tdarr-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8265"
- url: "http://192.168.4.4:8265"
passHostHeader: true
unmanic-${SERVER_HOSTNAME}:
unmanic-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8889"
- url: "http://192.168.4.4:8889"
passHostHeader: true
wordpress-${SERVER_HOSTNAME}:
wordpress-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8088"
- url: "http://192.168.4.4:8088"
passHostHeader: true
# Arr Services
jellyseerr-${SERVER_HOSTNAME}:
jellyseerr-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:5055"
- url: "http://192.168.4.4:5055"
passHostHeader: true
prowlarr-${SERVER_HOSTNAME}:
prowlarr-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:9696"
- url: "http://192.168.4.4:9696"
passHostHeader: true
radarr-${SERVER_HOSTNAME}:
radarr-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:7878"
- url: "http://192.168.4.4:7878"
passHostHeader: true
sonarr-${SERVER_HOSTNAME}:
sonarr-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8989"
- url: "http://192.168.4.4:8989"
passHostHeader: true
lidarr-${SERVER_HOSTNAME}:
lidarr-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8686"
- url: "http://192.168.4.4:8686"
passHostHeader: true
readarr-${SERVER_HOSTNAME}:
readarr-jasper:
loadbalancer:
servers:
- url: "http://${SERVER_IP}:8787"
- url: "http://192.168.4.4:8787"
passHostHeader: true
mylar3-${SERVER_HOSTNAME}:
mylar3-jasper:
loadBalancer:
servers:
- url: "http://${SERVER_IP}:8090"
- url: "http://192.168.4.4:8090"
passHostHeader: true
# Remote Server Service Definitions (${REMOTE_SERVER_HOSTNAME})
dockge-${REMOTE_SERVER_HOSTNAME}:
# Remote Server Service Definitions (your-remote-server)
dockge-your-remote-server:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:5001"
- url: "http://your.remote.ip.address:5001"
passHostHeader: true
dozzle-${REMOTE_SERVER_HOSTNAME}:
dozzle-your-remote-server:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:8085"
- url: "http://your.remote.ip.address:8085"
passHostHeader: true
glances-${REMOTE_SERVER_HOSTNAME}:
glances-your-remote-server:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:61208"
- url: "http://your.remote.ip.address:61208"
passHostHeader: true
backrest-${REMOTE_SERVER_HOSTNAME}:
backrest-your-remote-server:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:9898"
- url: "http://your.remote.ip.address:9898"
passHostHeader: true
duplicati-${REMOTE_SERVER_HOSTNAME}:
duplicati-your-remote-server:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:8200"
- url: "http://your.remote.ip.address:8200"
passHostHeader: true
homepage-${REMOTE_SERVER_HOSTNAME}:
homepage-your-remote-server:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:3000"
- url: "http://your.remote.ip.address:3000"
passHostHeader: true
homarr-${REMOTE_SERVER_HOSTNAME}:
homarr-your-remote-server:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:7575"
- url: "http://your.remote.ip.address:7575"
passHostHeader: true
grafana-${REMOTE_SERVER_HOSTNAME}:
grafana-your-remote-server:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:3000"
- url: "http://your.remote.ip.address:3000"
passHostHeader: true
prometheus-${REMOTE_SERVER_HOSTNAME}:
prometheus-your-remote-server:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:9090"
- url: "http://your.remote.ip.address:9090"
passHostHeader: true
uptime-kuma-${REMOTE_SERVER_HOSTNAME}:
uptime-kuma-your-remote-server:
loadbalancer:
servers:
- url: "http://${REMOTE_SERVER_IP}:3001"
- url: "http://your.remote.ip.address:3001"
passHostHeader: true
# Middleware Definitions

172
docker-compose/core/traefik/dynamic/sablier.yml
View File

@@ -3,16 +3,16 @@ http:
middlewares:
authelia:
forwardauth:
address: http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/
address: http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/
authResponseHeaders:
- X-Secret
trustForwardHeader: true
sablier-${SERVER_HOSTNAME}-arr:
sablier-jasper-arr:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-arr
group: jasper-arr
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -20,11 +20,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-backrest:
sablier-jasper-backrest:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-backrest
group: jasper-backrest
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -32,11 +32,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-vaultwarden:
sablier-jasper-vaultwarden:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-vaultwarden
group: jasper-vaultwarden
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -44,11 +44,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-bookstack:
sablier-jasper-bookstack:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-bookstack
group: jasper-bookstack
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -56,11 +56,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-calibre-web:
sablier-jasper-calibre-web:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-calibre-web
group: jasper-calibre-web
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -68,11 +68,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-code-server:
sablier-jasper-code-server:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-code-server
group: jasper-code-server
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -80,11 +80,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-dozzle:
sablier-jasper-dozzle:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-dozzle
group: jasper-dozzle
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -92,11 +92,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-dokuwiki:
sablier-jasper-dokuwiki:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-dokuwiki
group: jasper-dokuwiki
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -104,11 +104,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-duplicati:
sablier-jasper-duplicati:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-duplicati
group: jasper-duplicati
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -116,11 +116,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-assistant:
sablier-jasper-assistant:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-assistant
group: jasper-assistant
sessionDuration: 30m
ignoreUserAgent: curl
dynamic:
@@ -128,11 +128,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-formio:
sablier-jasper-formio:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-formio
group: jasper-formio
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -140,11 +140,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-gitea:
sablier-jasper-gitea:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-gitea
group: jasper-gitea
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -152,11 +152,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-glances:
sablier-jasper-glances:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-glances
group: jasper-glances
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -164,11 +164,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-homarr:
sablier-jasper-homarr:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-homarr
group: jasper-homarr
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -176,11 +176,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-jellyfin:
sablier-jasper-jellyfin:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-jellyfin
group: jasper-jellyfin
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -188,11 +188,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-jupyter:
sablier-jasper-jupyter:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-jupyter
group: jasper-jupyter
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -200,11 +200,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-komodo:
sablier-jasper-komodo:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-komodo
group: jasper-komodo
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -212,11 +212,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-kopia:
sablier-jasper-kopia:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-kopia
group: jasper-kopia
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -224,11 +224,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-mealie:
sablier-jasper-mealie:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-mealie
group: jasper-mealie
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -236,11 +236,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-mediawiki:
sablier-jasper-mediawiki:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-mediawiki
group: jasper-mediawiki
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -248,11 +248,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-nextcloud:
sablier-jasper-nextcloud:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-nextcloud
group: jasper-nextcloud
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -260,11 +260,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-openkm:
sablier-jasper-openkm:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-openkm
group: jasper-openkm
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -272,11 +272,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-openwebui:
sablier-jasper-openwebui:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-openwebui
group: jasper-openwebui
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -284,11 +284,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-pulse:
sablier-jasper-pulse:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-pulse
group: jasper-pulse
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -296,11 +296,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-tdarr:
sablier-jasper-tdarr:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-tdarr
group: jasper-tdarr
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -308,11 +308,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-unmanic:
sablier-jasper-unmanic:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-unmanic
group: jasper-unmanic
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -320,11 +320,11 @@ http:
theme: ghost
show-details-by-default: true
sablier-${SERVER_HOSTNAME}-wordpress:
sablier-jasper-wordpress:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${SERVER_HOSTNAME}-wordpress
group: jasper-wordpress
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
@@ -332,123 +332,123 @@ http:
theme: ghost
show-details-by-default: true
# Remote Server (${REMOTE_SERVER_HOSTNAME}) Sablier Middlewares
sablier-${REMOTE_SERVER_HOSTNAME}-dockge:
# Remote Server (your-remote-server) Sablier Middlewares
sablier-your-remote-server-dockge:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-dockge
group: your-remote-server-dockge
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Dockge (${REMOTE_SERVER_HOSTNAME})
displayName: Dockge (your-remote-server)
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-dozzle:
sablier-your-remote-server-dozzle:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-dozzle
group: your-remote-server-dozzle
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Dozzle (${REMOTE_SERVER_HOSTNAME})
displayName: Dozzle (your-remote-server)
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-glances:
sablier-your-remote-server-glances:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-glances
group: your-remote-server-glances
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Glances (${REMOTE_SERVER_HOSTNAME})
displayName: Glances (your-remote-server)
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-backrest:
sablier-your-remote-server-backrest:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-backrest
group: your-remote-server-backrest
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Backrest (${REMOTE_SERVER_HOSTNAME})
displayName: Backrest (your-remote-server)
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-duplicati:
sablier-your-remote-server-duplicati:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-duplicati
group: your-remote-server-duplicati
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Duplicati (${REMOTE_SERVER_HOSTNAME})
displayName: Duplicati (your-remote-server)
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-homepage:
sablier-your-remote-server-homepage:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-homepage
group: your-remote-server-homepage
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Homepage (${REMOTE_SERVER_HOSTNAME})
displayName: Homepage (your-remote-server)
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-homarr:
sablier-your-remote-server-homarr:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-homarr
group: your-remote-server-homarr
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Homarr (${REMOTE_SERVER_HOSTNAME})
displayName: Homarr (your-remote-server)
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-grafana:
sablier-your-remote-server-grafana:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-grafana
group: your-remote-server-grafana
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Grafana (${REMOTE_SERVER_HOSTNAME})
displayName: Grafana (your-remote-server)
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-prometheus:
sablier-your-remote-server-prometheus:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-prometheus
group: your-remote-server-prometheus
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Prometheus (${REMOTE_SERVER_HOSTNAME})
displayName: Prometheus (your-remote-server)
theme: ghost
show-details-by-default: true
sablier-${REMOTE_SERVER_HOSTNAME}-uptime-kuma:
sablier-your-remote-server-uptime-kuma:
plugin:
sablier:
sablierUrl: http://sablier-service:10000
group: ${REMOTE_SERVER_HOSTNAME}-uptime-kuma
group: your-remote-server-uptime-kuma
sessionDuration: 5m
ignoreUserAgent: curl
dynamic:
displayName: Uptime Kuma (${REMOTE_SERVER_HOSTNAME})
displayName: Uptime Kuma (your-remote-server)
theme: ghost
show-details-by-default: true

2
docker-compose/core/traefik/traefik.yml
View File

@@ -27,7 +27,7 @@ entryPoints:
certificatesResolvers:
letsencrypt:
acme:
email: ${ACME_EMAIL} # Your email for Let's Encrypt notifications
email: kelinshomelab@gmail.com # Your email for Let's Encrypt notifications
caServer: https://acme-v02.api.letsencrypt.org/directory # Use staging for testing
storage: /letsencrypt/acme.json
# DNS challenge - For wildcard certificates (*.yourdomain.duckdns.org)