# Authelia DuckDNS & Traefik based Arcane Registry

## Approach
 
Authelia provides single sign on authentication  
DuckDNS provides free sub domain redirects, and letsencrypt certificates (domain and wildcard)

Traefik routes based on labels for services running on the same server  
Traefik routes based on remote-host.yaml files for services NOT running on the same server. 

Each docker-compose.yml & .env file template includes templated labels to easily configure traefik routing.

>***Tip:*** **Create the following variables in .env.global**  
>* TZ=America/New_York  
>* PUID=1000  
>* PGID=1000  
>* SERVER_NAME=  
>* SERVER_IP=  
>* SUBDOMAIN=  
>  
>  Then you can simply remove them from the .env file instead of filling in the values every time.

To disable Authelia for a specific site (like Jellyfin): Comment out this line in the compose file `- ${AUTHELIA_LABEL}`

## Deploying a new server? Start with the core stack

## Compose file template

```bash
services:
  SERVICE_NAME:
    image: 
    container_name: 
    restart: unless-stopped
    networks:
      - homelab-network
      - traefik-network
    ports:
      - ${EXTERNAL_PORT}:${INTERNAL_PORT}
    volumes:
      - ./data:/data
      - ./config:/config
    environment:
      - TZ=${TZ}
      - PUID=${PUID}
      - PGID=${PGID}
    healthcheck:
      test: ['CMD', 'wget', '--quiet', '--tries=1', '--spider', 'http://localhost:9898/']
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s
    labels:
      - com.getarcaneapp.arcane.icon=${ICON_URL}
      - ${HOST_LABEL}
      - ${LOADBALANCER_LABEL}
      - ${WATCHTOWER_ENABLE_LABEL}
      - ${TRAEFIK_ENABLE_LABEL}
      - ${TRAEFIK_NETWORK_LABEL}
      - ${ENTRYPOINT_LABEL}
      - ${CERT_LABEL}
      - ${AUTHELIA_LABEL}
 
networks:
  homelab-network:
    external: true
  traefik-network:
    external: true

x-dockge:
  urls:
    - https://${PROXY_URL}
    - ${LOCAL_URL}

x-arcane:
  icon: ${ICON_URL}
  urls:
    - https://${PROXY_URL}
    - ${LOCAL_URL}

```

## .env template

```bash
# #######################################################
# Templating variables, not used by compose file directly
SERVER_NAME=
SERVER_IP=
SUBDOMAIN=
SERVICE_NAME=
ICON_URL=https://cdn.jsdelivr.net/gh/selfhst/icons@main/svg/${SERVICE_NAME}.svg

# Include Server Name in Proxy URL? Choose one.

# PROXY_URL=${SERVICE_NAME}.${SERVER_NAME}.${SUBDOMAIN}.duckdns.org
PROXY_URL=${SERVICE_NAME}.${SUBDOMAIN}.duckdns.org


# #############################################################################
# Compose file variables

TZ=America/New_York
PUID=1000
PGID=1000

CONTAINER_NAME=${SERVICE_NAME}
INTERNAL_PORT=8081
EXTERNAL_PORT=8099
LOCAL_URL=http://${SERVER_IP}:${EXTERNAL_PORT}


# #############################################################
# Container Labels

# DO NOT enclose label values in single quotes
# If the value needs to include single quotes use backticks instead

# For example HOST_LABEL=traefik.http.routers.${SERVICE_NAME}.rule=Host(`${PROXY_URL}`)
# Notice the use of backticks instead of single quotes around ${PROXY_URL}

TRAEFIK_ENABLE_LABEL=traefik.enable=true
HOST_LABEL=traefik.http.routers.${SERVICE_NAME}.rule=Host(`${PROXY_URL}`)
ICON_LABEL=com.getarcaneapp.arcane.icon=${ICON_URL}
LOADBALANCER_LABEL=traefik.http.services.${SERVICE_NAME}.loadbalancer.server.port=${INTERNAL_PORT}

TRAEFIK_NETWORK_LABEL=traefik.docker.network=traefik-network
ENTRYPOINT_LABEL=traefik.http.routers.${SERVICE_NAME}.entrypoints=websecure
CERT_LABEL=traefik.http.routers.${SERVICE_NAME}.tls.certresolver=letsencrypt

AUTHELIA_LABEL=traefik.http.routers.${SERVICE_NAME}.middlewares=authelia@docker
WATCHTOWER_ENABLE_LABEL=com.centurylinklabs.watchtower.enable=true
```

## Traefik remote server yaml files

When Traefik is on a different server

* labels in compose files are ignored  (remove to avoid confussion)

* The routers and services must be included in a yaml file under traefik/dynamic 

> **VARIABLES MUST BE REPLACED BY THE ACTUAL VALUES  -  The files in traefik/dynamic do NOT have access to the env variables**  
***Tip:*** **Use find/replace in your text editor**

```yaml
http:
  routers:

    ${SERVICE_NAME}-${SERVER_NAME}:
      rule: "Host(`${SERVICE_NAME}$.${DOMAIN}`)"
      service: ${SERVICE_NAME}-${SERVER_NAME}-service
      entrypoints:
        - websecure
      tls:
        certResolver: letsencrypt
      middlewares:
        - authelia@docker


  services:

    ${SERVICE_NAME}-${SERVER_NAME}-service:
      loadBalancer:
        servers:
          - url: "http://${SERVER_IP}:${EXTERNAL_PORT}"
        passHostHeader: true

```

Filename doesn't technically matter, but it is recomended to either 

* create a file for each service named like `service-server_name-remote-host.yaml`

* OR Create a single file per server like `server_name-remote-host.yaml`


## Docker Compose Templates

* Core
  * Authelia
  * DuckDNS  (no webui)
  * Traefik

* Backrest
* Bookstack
* Calibre-web
* Docker-proxy  (no webui)
* Dokuwiki
* Dozzle
* Gitea
* Glances
* Homarr
* Homepage
* Jupyter
* Mealie  (No Authelia middleware)
* Sablier  (no webui)
* Valutwarden  (No Authelia middleware)
* Watchtower  (no webui)