mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
73 lines
2.2 KiB
YAML
73 lines
2.2 KiB
YAML
services:
|
|
caddy:
|
|
build:
|
|
context: ./caddy-labeled
|
|
dockerfile: Dockerfile
|
|
container_name: caddy
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "443:443/udp" # HTTP/3
|
|
environment:
|
|
- CADDY_INGRESS_NETWORKS=proxy
|
|
- CF_API_TOKEN=${CF_API_TOKEN}
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- caddy_data:/data
|
|
networks: [proxy]
|
|
# Глобальные настройки + сниппет для forward_auth (Tinyauth)
|
|
labels:
|
|
caddy.email: dead@cxap.space
|
|
caddy.acme_dns: "cloudflare {env.CF_API_TOKEN}"
|
|
# сниппет аутентификации
|
|
caddy: (tinyauth_forwarder)
|
|
caddy.forward_auth: tinyauth:3000
|
|
caddy.forward_auth.uri: /api/auth/caddy
|
|
caddy.forward_auth.copy_headers: Remote-User Remote-Name Remote-Email Remote-Groups
|
|
command: ["caddy","docker-proxy","--docker-sockets","unix:///var/run/docker.sock"]
|
|
|
|
tinyauth:
|
|
image: ghcr.io/steveiliop56/tinyauth:v3
|
|
container_name: tinyauth
|
|
restart: unless-stopped
|
|
environment:
|
|
- APP_URL=https://auth.realy.nothing.help
|
|
- SECRET=${TINYAUTH_SECRET}
|
|
- USERS=${TINYAUTH_USERS}
|
|
- COOKIE_SECURE=true
|
|
- DISABLE_CONTINUE=true
|
|
- APP_TITLE="Оставь надежду, всяк сюда входящий..."
|
|
- FORGOT_PASSWORD_MESSAGE="Штош, сочувствую, но нчием помочь не могу."
|
|
expose: ["3000"]
|
|
networks: [proxy]
|
|
labels:
|
|
caddy: auth.realy.nothing.help
|
|
caddy.encode: zstd gzip
|
|
caddy.reverse_proxy: "{{upstreams 3000}}"
|
|
|
|
portainer:
|
|
image: portainer/portainer-ce:latest
|
|
container_name: portainer
|
|
restart: always
|
|
expose:
|
|
- "9000" # HTTP UI внутрь докера
|
|
- "8000" # Edge (если нужен: лучше через NetBird; иначе публикуйте отдельно с FW)
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- portainer_data:/data
|
|
networks: [proxy]
|
|
labels:
|
|
caddy: port.realy.nothing.help
|
|
caddy.encode: zstd gzip
|
|
caddy.import: tinyauth_forwarder *
|
|
caddy.reverse_proxy: "{{upstreams 9000}}"
|
|
|
|
volumes:
|
|
caddy_data:
|
|
portainer_data:
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|