TheHomelessSherlock/Portainer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ak update

Browse Source
This commit is contained in:
Eduardo David Paredes Vara
2026-02-17 08:36:30 +00:00
parent db807dcf6f
commit f8cd4c2df1
1 changed files with 42 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
authentik/docker-compose.yml
View File

@@ -1,7 +1,7 @@
services: services:
authentik-postgres: ths-authentik-postgres:
image: ${AUTHENTIK_POSTGRES_IMAGE} image: ${AUTHENTIK_POSTGRES_IMAGE}
container_name: authentik-postgres container_name: ths-authentik-postgres
restart: unless-stopped restart: unless-stopped
environment: environment:
POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD} POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD}
@@ -10,46 +10,47 @@ services:
volumes: volumes:
- ${AUTHENTIK_POSTGRES_PATH}:/var/lib/postgresql/data:Z - ${AUTHENTIK_POSTGRES_PATH}:/var/lib/postgresql/data:Z
networks: networks:
- authentik_internal - ths_authentik_internal
authentik-redis: ths-authentik-redis:
image: ${AUTHENTIK_REDIS_IMAGE} image: ${AUTHENTIK_REDIS_IMAGE}
container_name: authentik-redis container_name: ths-authentik-redis
restart: unless-stopped restart: unless-stopped
command: ["redis-server", "--save", "60", "1", "--loglevel", "warning"] command: ["redis-server", "--save", "60", "1", "--loglevel", "warning"]
volumes: volumes:
- ${AUTHENTIK_REDIS_PATH}:/data:Z - ${AUTHENTIK_REDIS_PATH}:/data:Z
networks: networks:
- authentik_internal - ths_authentik_internal
authentik-server: ths-authentik-server:
image: ${AUTHENTIK_IMAGE} image: ${AUTHENTIK_IMAGE}
container_name: authentik-server container_name: ths-authentik-server
restart: unless-stopped restart: unless-stopped
command: ["server"] command: ["server"]
environment: environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
AUTHENTIK_POSTGRESQL__HOST: ${AUTHENTIK_DB_HOST} # OJO: forzamos hosts internos para evitar colisiones y depender del .env
AUTHENTIK_POSTGRESQL__HOST: ths-authentik-postgres
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_DB_USER} AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_DB_USER}
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_DB_NAME} AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_DB_NAME}
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD} AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
AUTHENTIK_REDIS__HOST: ${AUTHENTIK_REDIS_HOST} AUTHENTIK_REDIS__HOST: ths-authentik-redis
AUTHENTIK_BOOTSTRAP_EMAIL: ${AUTHENTIK_BOOTSTRAP_EMAIL} AUTHENTIK_BOOTSTRAP_EMAIL: ${AUTHENTIK_BOOTSTRAP_EMAIL}
AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD} AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD}
AUTHENTIK_BOOTSTRAP_TOKEN: ${AUTHENTIK_BOOTSTRAP_TOKEN} AUTHENTIK_BOOTSTRAP_TOKEN: ${AUTHENTIK_BOOTSTRAP_TOKEN}
depends_on: depends_on:
- authentik-postgres - ths-authentik-postgres
- authentik-redis - ths-authentik-redis
expose: expose:
- "${AUTHENTIK_HTTP_PORT}" - "${AUTHENTIK_HTTP_PORT}"
networks: networks:
- authentik_internal - ths_authentik_internal
- proxy - proxy
labels: labels:
@@ -57,60 +58,55 @@ services:
traefik.docker.network: "${TRAEFIK_DOCKER_NETWORK}" traefik.docker.network: "${TRAEFIK_DOCKER_NETWORK}"
# Service Authentik (panel + endpoints) # Service Authentik (panel + endpoints)
traefik.http.services.authentik.loadbalancer.server.port: "${AUTHENTIK_HTTP_PORT}" traefik.http.services.ths-authentik.loadbalancer.server.port: "${AUTHENTIK_HTTP_PORT}"
# Panel Authentik (auth.thehomelesssherlock.com) # Panel Authentik (auth.thehomelesssherlock.com)
traefik.http.routers.authentik.rule: "Host(`${AUTHENTIK_DOMAIN}`)" traefik.http.routers.ths-authentik.rule: "Host(`${AUTHENTIK_DOMAIN}`)"
traefik.http.routers.authentik.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}" traefik.http.routers.ths-authentik.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
traefik.http.routers.authentik.tls: "true" traefik.http.routers.ths-authentik.tls: "true"
traefik.http.routers.authentik.tls.certresolver: "${TRAEFIK_CERTRESOLVER}" traefik.http.routers.ths-authentik.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
traefik.http.routers.authentik.service: "authentik" traefik.http.routers.ths-authentik.service: "ths-authentik"
# Middleware forwardAuth (para proteger otros servicios) # Middleware forwardAuth (para proteger otros servicios) -> usar ths-authentik@docker en tus stacks THS
traefik.http.middlewares.authentik.forwardauth.address: "http://authentik-server:${AUTHENTIK_HTTP_PORT}/outpost.goauthentik.io/auth/traefik" traefik.http.middlewares.ths-authentik.forwardauth.address: "http://ths-authentik-server:${AUTHENTIK_HTTP_PORT}/outpost.goauthentik.io/auth/traefik"
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: "true" traefik.http.middlewares.ths-authentik.forwardauth.trustForwardHeader: "true"
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: "X-Authentik-Username,X-Authentik-Groups,X-Authentik-Email,X-Authentik-Uid,X-Authentik-Jwt" traefik.http.middlewares.ths-authentik.forwardauth.authResponseHeaders: "X-Authentik-Username,X-Authentik-Groups,X-Authentik-Email,X-Authentik-Uid,X-Authentik-Jwt"
# Callback del outpost en gitea hacia Authentik (ya lo tenías) # OUTPOST genérico para TODO el dominio THS (subdominios + apex + www)
traefik.http.routers.authentik-outpost-gitea.rule: "Host(`${GITEA_DOMAIN}`) && PathPrefix(`/outpost.goauthentik.io/`)" # ✅ Sin comas dentro de Host()
traefik.http.routers.authentik-outpost-gitea.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}" traefik.http.routers.ths-authentik-outpost.rule: "(HostRegexp(`{subdomain:[a-z0-9-]+}.thehomelesssherlock.com`) || Host(`thehomelesssherlock.com`) || Host(`www.thehomelesssherlock.com`)) && PathPrefix(`/outpost.goauthentik.io/`)"
traefik.http.routers.authentik-outpost-gitea.tls: "true" traefik.http.routers.ths-authentik-outpost.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
traefik.http.routers.authentik-outpost-gitea.tls.certresolver: "${TRAEFIK_CERTRESOLVER}" traefik.http.routers.ths-authentik-outpost.tls: "true"
traefik.http.routers.authentik-outpost-gitea.service: "authentik" traefik.http.routers.ths-authentik-outpost.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
traefik.http.routers.authentik-outpost-gitea.priority: "50" traefik.http.routers.ths-authentik-outpost.service: "ths-authentik"
traefik.http.routers.ths-authentik-outpost.priority: "1000"
# ✅ CORRECCIÓN: Callback del outpost para tu WEB (www.thehomelesssherlock.com) ths-authentik-worker:
traefik.http.routers.authentik-outpost-ths.rule: "Host(`${THS_DOMAIN}`) && PathPrefix(`/outpost.goauthentik.io/`)"
traefik.http.routers.authentik-outpost-ths.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
traefik.http.routers.authentik-outpost-ths.tls: "true"
traefik.http.routers.authentik-outpost-ths.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
traefik.http.routers.authentik-outpost-ths.service: "authentik"
traefik.http.routers.authentik-outpost-ths.priority: "250"
authentik-worker:
image: ${AUTHENTIK_IMAGE} image: ${AUTHENTIK_IMAGE}
container_name: authentik-worker container_name: ths-authentik-worker
restart: unless-stopped restart: unless-stopped
command: ["worker"] command: ["worker"]
environment: environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
AUTHENTIK_POSTGRESQL__HOST: ${AUTHENTIK_DB_HOST} # OJO: forzamos hosts internos igual que en server
AUTHENTIK_POSTGRESQL__HOST: ths-authentik-postgres
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_DB_USER} AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_DB_USER}
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_DB_NAME} AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_DB_NAME}
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD} AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
AUTHENTIK_REDIS__HOST: ${AUTHENTIK_REDIS_HOST} AUTHENTIK_REDIS__HOST: ths-authentik-redis
depends_on: depends_on:
- authentik-postgres - ths-authentik-postgres
- authentik-redis - ths-authentik-redis
networks: networks:
- authentik_internal - ths_authentik_internal
networks: networks:
proxy: proxy:
external: true external: true
authentik_internal: ths_authentik_internal:
driver: bridge driver: bridge