Files
init_scripts/admin/bootstrap/docker-compose.yml
T

73 lines
2.3 KiB
YAML

services:
caddy:
build:
context: ./caddy-labeled
dockerfile: Dockerfile
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp" # HTTP/3
environment:
- CADDY_INGRESS_NETWORKS=proxy
- CF_API_TOKEN=${CF_API_TOKEN}
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- caddy_data:/data
networks: [proxy]
# Глобальные настройки + сниппет для forward_auth (Tinyauth)
labels:
caddy.email: dead@cxap.space
caddy.acme_dns: "cloudflare {env.CF_API_TOKEN}"
# сниппет аутентификации
caddy: (tinyauth_forwarder)
caddy.forward_auth: tinyauth:3000
caddy.forward_auth.uri: /api/auth/caddy
caddy.forward_auth.copy_headers: Remote-User Remote-Name Remote-Email Remote-Groups
command: ["caddy","docker-proxy","--watch","--docker-host","unix:///var/run/docker.sock"]
tinyauth:
image: ghcr.io/steveiliop56/tinyauth:v3
container_name: tinyauth
restart: unless-stopped
environment:
- APP_URL=https://auth.realy.nothing.help
- SECRET=${TINYAUTH_SECRET}
- USERS=${TINYAUTH_USERS}
- COOKIE_SECURE=true
- DISABLE_CONTINUE=true
- APP_TITLE="Оставь надежду, всяк сюда входящий..."
- FORGOT_PASSWORD_MESSAGE="Штош, сочувствую, но нчием помочь не могу."
expose: ["3000"]
networks: [proxy]
labels:
caddy: auth.realy.nothing.help
caddy.encode: zstd gzip
caddy.reverse_proxy: "{{upstreams 3000}}"
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: always
expose:
- "9000" # HTTP UI внутрь докера
- "8000" # Edge (если нужен: лучше через NetBird; иначе публикуйте отдельно с FW)
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks: [proxy]
labels:
caddy: port.realy.nothing.help
caddy.encode: zstd gzip
caddy.import: tinyauth_forwarder *
caddy.reverse_proxy: "{{upstreams 9000}}"
volumes:
caddy_data:
portainer_data:
networks:
proxy:
external: true