Fix: Use variables instead of placeholders in docker-compose files

- Replace hardcoded placeholders with Docker Compose variables - docker-compose.yml: Use ${DUCKDNS_SUBDOMAINS}, ${DUCKDNS_TOKEN}, ${DOMAIN}, ${SERVER_IP} - traefik.yml: Use ${DEFAULT_EMAIL} for ACME email - users_database.yml: Use ${AUTHELIA_ADMIN_USER}, ${AUTHELIA_ADMIN_EMAIL}, ${AUTHELIA_ADMIN_PASSWORD_HASH} - sablier/docker-compose.yml: Fix to use ${DOMAIN} instead of {{DUCKDNS_DOMAIN}} This aligns with the correct strategy: - Docker-compose files use variables (${VAR}) - .env files use placeholders or actual values
2026-02-05 11:57:42 -05:00
parent 73cb274160
commit a554d00fd3
4 changed files with 16 additions and 16 deletions
--- a/docker-compose/core/authelia/config/users_database.yml
+++ b/docker-compose/core/authelia/config/users_database.yml
@@ -3,10 +3,10 @@
 ###############################################################

 users:
-  admin:
-    displayname: "admin"
-    password: "generate-with-openssl-rand-hex-64"
-    email: admin@example.com
+  ${AUTHELIA_ADMIN_USER}:
+    displayname: "${AUTHELIA_ADMIN_USER}"
+    password: "${AUTHELIA_ADMIN_PASSWORD_HASH}"
+    email: ${AUTHELIA_ADMIN_EMAIL}
    groups:
      - admins
      - users
--- a/docker-compose/core/docker-compose.yml
+++ b/docker-compose/core/docker-compose.yml
@@ -15,8 +15,8 @@ services:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
-      - SUBDOMAINS=yourdomain
-      - TOKEN=your-duckdns-token
+      - SUBDOMAINS=${DUCKDNS_SUBDOMAINS}
+      - TOKEN=${DUCKDNS_TOKEN}
    volumes:
      - ./duckdns/config:/config
    networks:
@@ -29,7 +29,7 @@ services:
    restart: unless-stopped
    command: ['--configFile=/config/traefik.yml']
    environment:
-      - DUCKDNS_TOKEN=your-duckdns-token
+      - DUCKDNS_TOKEN=${DUCKDNS_TOKEN}
    ports:
      - 80:80
      - 443:443
@@ -48,7 +48,7 @@ services:
      - 'homelab.category=core'
      - 'homelab.description=Reverse proxy and SSL termination'
      - 'traefik.enable=true'
-      - 'traefik.http.routers.traefik.rule=Host(`traefik.yourdomain.duckdns.org`)'
+      - 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)'
      - 'traefik.http.routers.traefik.entrypoints=websecure'
      - 'traefik.http.routers.traefik.tls.certresolver=letsencrypt'
      - 'traefik.http.routers.traefik.middlewares=authelia@docker'
@@ -80,13 +80,13 @@ services:
      # If Traefik is on a remote server: these labels are NOT USED; 
      #   configure external yml files in /traefik/dynamic folder instead.
      - 'traefik.enable=true'
-      - 'traefik.http.routers.authelia.rule=Host(`auth.yourdomain.duckdns.org`)'
+      - 'traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)'
      - 'traefik.http.routers.authelia.entrypoints=websecure'
      - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
      - 'traefik.http.routers.authelia.service=authelia'
      - 'traefik.http.services.authelia.loadbalancer.server.port=9091'
      # Authelia forward auth middleware configuration
-      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.yourdomain.duckdns.org/'
+      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/'
      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=X-Secret'
      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'

@@ -96,7 +96,7 @@ networks:

 x-dockge:
  urls:
-    - https://auth.yourdomain.duckdns.org
-    - http://192.168.1.100:9091
-    - https://traefik.yourdomain.duckdns.org
-    - http://192.168.1.100:8080
+    - https://auth.${DOMAIN}
+    - http://${SERVER_IP}:9091
+    - https://traefik.${DOMAIN}
+    - http://${SERVER_IP}:8080
--- a/docker-compose/core/traefik/traefik.yml
+++ b/docker-compose/core/traefik/traefik.yml
@@ -27,7 +27,7 @@ entryPoints:
 certificatesResolvers:
  letsencrypt:
    acme:
-      email: admin@example.com  # Your email for Let's Encrypt notifications
+      email: ${DEFAULT_EMAIL}  # Your email for Let's Encrypt notifications
      caServer: https://acme-v02.api.letsencrypt.org/directory  # Use staging for testing
      storage: /letsencrypt/acme.json
      # DNS challenge - For wildcard certificates (*.yourdomain.duckdns.org)
--- a/docker-compose/sablier/docker-compose.yml
+++ b/docker-compose/sablier/docker-compose.yml
@@ -9,7 +9,7 @@ services:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.sablier.rule=Host(`sablier.{{DUCKDNS_DOMAIN}}`)"
+      - "traefik.http.routers.sablier.rule=Host(`sablier.${DOMAIN}`)"
      - "traefik.http.routers.sablier.entrypoints=websecure"
      - "traefik.http.routers.sablier.tls=true"
      - "traefik.http.routers.sablier.tls.certresolver=letsencrypt"