TheHomelessSherlock/Portainer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fd332455c1e303630136860fa112c634b0fcf60e
Portainer/authentik/docker-compose.yml
root fd332455c1 fix: hardcode Traefik port labels (Gotcha 6 - vars not expanded in labels) 
Coolify does not expand ${VAR} in label values. All loadbalancer port
labels must use hardcoded values:
- trilium:   ${TRILIUM_HTTP_PORT}  → 8080
- adguard:   ${ADGUARD_HTTP_PORT}  → 80
- authentik: ${AUTHENTIK_HTTP_PORT} → 9000
- gitea:     ${GITEA_HTTP_PORT}    → 3000
- wireguard: ${WG_UI_PORT}         → 51821

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-23 02:44:58 +00:00

94 lines
3.0 KiB
YAML
Raw Blame History

services:
ths-authentik-postgres:
image: ${AUTHENTIK_POSTGRES_IMAGE}
container_name: ths-authentik-postgres
restart: unless-stopped
environment:
POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD}
POSTGRES_USER: ${AUTHENTIK_DB_USER}
POSTGRES_DB: ${AUTHENTIK_DB_NAME}
volumes:
- /opt/authentik/postgres:/var/lib/postgresql/data:Z
networks:
- ths_authentik_internal
ths-authentik-redis:
image: ${AUTHENTIK_REDIS_IMAGE}
container_name: ths-authentik-redis
restart: unless-stopped
command: ["redis-server", "--save", "60", "1", "--loglevel", "warning"]
volumes:
- /opt/authentik/redis:/data:Z
networks:
- ths_authentik_internal
ths-authentik-server:
image: ${AUTHENTIK_IMAGE}
container_name: ths-authentik-server
pull_policy: always
restart: unless-stopped
command: ["server"]
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
# OJO: forzamos hosts internos para evitar colisiones y depender del .env
AUTHENTIK_POSTGRESQL__HOST: ths-authentik-postgres
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_DB_USER}
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_DB_NAME}
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
AUTHENTIK_REDIS__HOST: ths-authentik-redis
AUTHENTIK_BOOTSTRAP_EMAIL: ${AUTHENTIK_BOOTSTRAP_EMAIL}
AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD}
AUTHENTIK_BOOTSTRAP_TOKEN: ${AUTHENTIK_BOOTSTRAP_TOKEN}
depends_on:
- ths-authentik-postgres
- ths-authentik-redis
expose:
- "9000"
networks:
- ths_authentik_internal
- proxy
labels:
# Service Authentik (panel + endpoints)
traefik.http.services.ths-authentik.loadbalancer.server.port: "9000"
# Middleware forwardAuth (para proteger otros servicios) -> usar ths-authentik@docker en tus stacks THS
traefik.http.middlewares.ths-authentik.forwardauth.address: "http://ths-authentik-server:${AUTHENTIK_HTTP_PORT}/outpost.goauthentik.io/auth/traefik"
traefik.http.middlewares.ths-authentik.forwardauth.trustForwardHeader: "true"
traefik.http.middlewares.ths-authentik.forwardauth.authResponseHeaders: "X-Authentik-Username,X-Authentik-Groups,X-Authentik-Email,X-Authentik-Uid,X-Authentik-Jwt"
ths-authentik-worker:
image: ${AUTHENTIK_IMAGE}
container_name: ths-authentik-worker
restart: unless-stopped
command: ["worker"]
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
# OJO: forzamos hosts internos igual que en server
AUTHENTIK_POSTGRESQL__HOST: ths-authentik-postgres
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_DB_USER}
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_DB_NAME}
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
AUTHENTIK_REDIS__HOST: ths-authentik-redis
depends_on:
- ths-authentik-postgres
- ths-authentik-redis
networks:
- ths_authentik_internal
networks:
proxy:
external: true
ths_authentik_internal:
driver: bridge
Reference in New Issue View Git Blame Copy Permalink