TheHomelessSherlock/Portainer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: TheHomelessSherlock:backup-origin-main
Branches Tags
TheHomelessSherlock:main TheHomelessSherlock:list TheHomelessSherlock:backup-origin-main
..
compare: TheHomelessSherlock:8246bff8a126805dc3d3194d6189d0e03a78d62f
Branches Tags
TheHomelessSherlock:main TheHomelessSherlock:list TheHomelessSherlock:backup-origin-main

7 Commits
backup-ori ... 8246bff8a1

Author SHA1 Message Date
eduardo
8246bff8a1 Refactor Traefik configuration for Authentik 
Updated Traefik router rules and added new callback for www.thehomelesssherlock.com.
 2026-02-15 16:27:18 +00:00
Eduardo David Paredes Vara
43c24b4b86 media server 2026-02-15 16:27:18 +00:00
Eduardo David Paredes Vara
43d10ea7cf media server 2026-02-15 16:27:18 +00:00
Eduardo David Paredes Vara
becce96ede media-server 2026-02-15 16:27:18 +00:00
Eduardo David Paredes Vara
a97c88454f Update docker-compose.yml 2025-12-22 16:27:54 +01:00
Eduardo David Paredes Vara
d05d783244 Update Traefik router rule for authentik outpost 2025-12-18 11:27:18 +01:00
Eduardo David Paredes Vara
35bb14028f Refactor Traefik configuration for Authentik 
Updated Traefik router rules and added new callback for www.thehomelesssherlock.com.
 2025-12-18 10:50:07 +01:00
1 changed files with 20 additions and 8 deletions
Expand all files Collapse all files

28
authentik/docker-compose.yml
View File

@@ -37,7 +37,6 @@ services:
AUTHENTIK_REDIS__HOST: ${AUTHENTIK_REDIS_HOST} AUTHENTIK_REDIS__HOST: ${AUTHENTIK_REDIS_HOST}
# Bootstrap inicial (primera vez)
AUTHENTIK_BOOTSTRAP_EMAIL: ${AUTHENTIK_BOOTSTRAP_EMAIL} AUTHENTIK_BOOTSTRAP_EMAIL: ${AUTHENTIK_BOOTSTRAP_EMAIL}
AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD} AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD}
AUTHENTIK_BOOTSTRAP_TOKEN: ${AUTHENTIK_BOOTSTRAP_TOKEN} AUTHENTIK_BOOTSTRAP_TOKEN: ${AUTHENTIK_BOOTSTRAP_TOKEN}
@@ -57,24 +56,37 @@ services:
traefik.enable: "true" traefik.enable: "true"
traefik.docker.network: "${TRAEFIK_DOCKER_NETWORK}" traefik.docker.network: "${TRAEFIK_DOCKER_NETWORK}"
# Router del panel de Authentik # Service Authentik (panel + endpoints)
traefik.http.routers.authentik.rule: "Host(`${AUTHENTIK_DOMAIN}`)"
traefik.http.routers.authentik.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
traefik.http.routers.authentik.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
traefik.http.services.authentik.loadbalancer.server.port: "${AUTHENTIK_HTTP_PORT}" traefik.http.services.authentik.loadbalancer.server.port: "${AUTHENTIK_HTTP_PORT}"
# Middleware de forwardAuth que usaremos en Portainer, Pi-hole, etc. # Panel Authentik (auth.thehomelesssherlock.com)
traefik.http.routers.authentik.rule: "Host(`${AUTHENTIK_DOMAIN}`)"
traefik.http.routers.authentik.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
traefik.http.routers.authentik.tls: "true"
traefik.http.routers.authentik.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
traefik.http.routers.authentik.service: "authentik"
# Middleware forwardAuth (para proteger otros servicios)
traefik.http.middlewares.authentik.forwardauth.address: "http://authentik-server:${AUTHENTIK_HTTP_PORT}/outpost.goauthentik.io/auth/traefik" traefik.http.middlewares.authentik.forwardauth.address: "http://authentik-server:${AUTHENTIK_HTTP_PORT}/outpost.goauthentik.io/auth/traefik"
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: "true" traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: "true"
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: "X-Authentik-Username,X-Authentik-Groups,X-Authentik-Email,X-Authentik-Uid,X-Authentik-Jwt" traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: "X-Authentik-Username,X-Authentik-Groups,X-Authentik-Email,X-Authentik-Uid,X-Authentik-Jwt"
# Callback del outpost en gitea hacia Authentik # Callback del outpost en gitea hacia Authentik (ya lo tenías)
traefik.http.routers.authentik-outpost-gitea.rule: "Host(`${GITEA_DOMAIN}`) && PathPrefix(`/outpost.goauthentik.io/`)" traefik.http.routers.authentik-outpost-gitea.rule: "Host(`${GITEA_DOMAIN}`) && PathPrefix(`/outpost.goauthentik.io/`)"
traefik.http.routers.authentik-outpost-gitea.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}" traefik.http.routers.authentik-outpost-gitea.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
traefik.http.routers.authentik-outpost-gitea.tls: "true"
traefik.http.routers.authentik-outpost-gitea.tls.certresolver: "${TRAEFIK_CERTRESOLVER}" traefik.http.routers.authentik-outpost-gitea.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
traefik.http.routers.authentik-outpost-gitea.service: "authentik" traefik.http.routers.authentik-outpost-gitea.service: "authentik"
traefik.http.routers.authentik-outpost-gitea.priority: "50" traefik.http.routers.authentik-outpost-gitea.priority: "50"
# ✅ CORRECCIÓN: Callback del outpost para tu WEB (www.thehomelesssherlock.com)
traefik.http.routers.authentik-outpost-ths.rule: "Host(`${THS_DOMAIN}`) && PathPrefix(`/outpost.goauthentik.io/`)"
traefik.http.routers.authentik-outpost-ths.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
traefik.http.routers.authentik-outpost-ths.tls: "true"
traefik.http.routers.authentik-outpost-ths.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
traefik.http.routers.authentik-outpost-ths.service: "authentik"
traefik.http.routers.authentik-outpost-ths.priority: "250"
authentik-worker: authentik-worker:
image: ${AUTHENTIK_IMAGE} image: ${AUTHENTIK_IMAGE}
container_name: authentik-worker container_name: authentik-worker
@@ -93,6 +105,7 @@ services:
depends_on: depends_on:
- authentik-postgres - authentik-postgres
- authentik-redis - authentik-redis
networks: networks:
- authentik_internal - authentik_internal
@@ -101,4 +114,3 @@ networks:
external: true external: true
authentik_internal: authentik_internal:
driver: bridge driver: bridge