TheHomelessSherlock/Portainer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5617b29fcf30b4ad30c683b071bf305aac55ee6c
Portainer/authentik/docker-compose.yml
root 5617b29fcf fix: replace variable bind mounts with hardcoded paths/named volumes 
Coolify converts ${VAR}:/path bind mounts to named Docker volumes when
the variable is not resolved. Fixed per stack:

- adguard: -> named volumes (data already in Coolify-created volumes)
- authentik: -> named volumes (data already in Coolify-created volumes)
- gitea: -> /opt/gitea/{postgres,data,runner}
- mail-relay: -> /opt/mail-relay/{queue,opendkim,secrets/...}
- media-server: COMMON_PATH -> /opt/media (hardcoded)
- trilium: -> /opt/trilium/data
- wireguard: -> /opt/wg-easy + /lib/modules

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-23 02:09:08 +00:00

98 lines
3.1 KiB
YAML
Raw Blame History

services:
ths-authentik-postgres:
image: ${AUTHENTIK_POSTGRES_IMAGE}
container_name: ths-authentik-postgres
restart: unless-stopped
environment:
POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD}
POSTGRES_USER: ${AUTHENTIK_DB_USER}
POSTGRES_DB: ${AUTHENTIK_DB_NAME}
volumes:
- authentik-postgres-path:/var/lib/postgresql/data:Z
networks:
- ths_authentik_internal
ths-authentik-redis:
image: ${AUTHENTIK_REDIS_IMAGE}
container_name: ths-authentik-redis
restart: unless-stopped
command: ["redis-server", "--save", "60", "1", "--loglevel", "warning"]
volumes:
- authentik-redis-path:/data:Z
networks:
- ths_authentik_internal
ths-authentik-server:
image: ${AUTHENTIK_IMAGE}
container_name: ths-authentik-server
pull_policy: always
restart: unless-stopped
command: ["server"]
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
# OJO: forzamos hosts internos para evitar colisiones y depender del .env
AUTHENTIK_POSTGRESQL__HOST: ths-authentik-postgres
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_DB_USER}
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_DB_NAME}
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
AUTHENTIK_REDIS__HOST: ths-authentik-redis
AUTHENTIK_BOOTSTRAP_EMAIL: ${AUTHENTIK_BOOTSTRAP_EMAIL}
AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD}
AUTHENTIK_BOOTSTRAP_TOKEN: ${AUTHENTIK_BOOTSTRAP_TOKEN}
depends_on:
- ths-authentik-postgres
- ths-authentik-redis
expose:
- "${AUTHENTIK_HTTP_PORT}"
networks:
- ths_authentik_internal
- proxy
labels:
# Service Authentik (panel + endpoints)
traefik.http.services.ths-authentik.loadbalancer.server.port: "${AUTHENTIK_HTTP_PORT}"
# Middleware forwardAuth (para proteger otros servicios) -> usar ths-authentik@docker en tus stacks THS
traefik.http.middlewares.ths-authentik.forwardauth.address: "http://ths-authentik-server:${AUTHENTIK_HTTP_PORT}/outpost.goauthentik.io/auth/traefik"
traefik.http.middlewares.ths-authentik.forwardauth.trustForwardHeader: "true"
traefik.http.middlewares.ths-authentik.forwardauth.authResponseHeaders: "X-Authentik-Username,X-Authentik-Groups,X-Authentik-Email,X-Authentik-Uid,X-Authentik-Jwt"
ths-authentik-worker:
image: ${AUTHENTIK_IMAGE}
container_name: ths-authentik-worker
restart: unless-stopped
command: ["worker"]
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
# OJO: forzamos hosts internos igual que en server
AUTHENTIK_POSTGRESQL__HOST: ths-authentik-postgres
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_DB_USER}
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_DB_NAME}
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
AUTHENTIK_REDIS__HOST: ths-authentik-redis
depends_on:
- ths-authentik-postgres
- ths-authentik-redis
networks:
- ths_authentik_internal
volumes:
authentik-postgres-path:
authentik-redis-path:
networks:
proxy:
external: true
ths_authentik_internal:
driver: bridge
Reference in New Issue View Git Blame Copy Permalink