Try adding forward_auth with webdav

2 years ago · 1781cb4c50
parent 1ddc1ac083
commit 1781cb4c50
5 changed files with 33 additions and 25 deletions
--- a/services/authelia.yaml
+++ b/services/authelia.yaml
@ -15,6 +15,8 @@ secrets:
    file: ../secrets/smtp/SMTP_HOST
  SMTP_PORT:
    file: ../secrets/smtp/SMTP_PORT
+  SMTP_USERNAME:
+    file: ../secrets/smtp/SMTP_USERNAME

 services:
  authelia:
@ -25,11 +27,11 @@ services:
      - postgres
      - secrets
      - caddy
-      - smtp
+      #- smtp
    restart: unless-stopped
    expose:
      - 9091
-    secrets: [JWT_SECRET, SESSION_SECRET, STORAGE_PASSWORD, STORAGE_ENCRYPTION_KEY, SMTP_PASSWORD, SMTP_HOST, SMTP_PORT]
+    secrets: [JWT_SECRET, SESSION_SECRET, STORAGE_PASSWORD, STORAGE_ENCRYPTION_KEY, SMTP_PASSWORD, SMTP_HOST, SMTP_PORT, SMTP_USERNAME]
    environment:
      AUTHELIA_JWT_SECRET_FILE: /run/secrets/JWT_SECRET
      AUTHELIA_SESSION_SECRET_FILE: /run/secrets/SESSION_SECRET
@ -37,7 +39,7 @@ services:

      AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia
      AUTHELIA_STORAGE_POSTGRES_ADDRESS: postgres
-      AUTHELIA_STORAGE_POSTGRES_USERNAME: authelia
+      AUTHELIA_STORAGE_POSTGRES_USERNAME_FILE: /run/secrets/SMTP_USERNAME
      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /run/secrets/STORAGE_PASSWORD

      AUTHELIA_DEFAULT_REDIRECTION_URL: https://${DOMAIN}
@ -80,14 +82,14 @@ services:
      - ../data/authelia/config:/mnt/backup/src/authelia/config:ro

  # backup the postgres database
-  backup-postgres:
-    volumes:
-      - ../secrets/authelia/STORAGE_PASSWORD:/run/secrets/AUTHELIA_PGPASSWORD
-    environment:
-      - AUTHELIA_PGHOST: authelia
-      - AUTHELIA_PGUSER: authelia
-      - AUTHELIA_DBS_TO_INCLUDE: authelia
-      - AUTHELIA_PGPASSWORD_FILE: /run/secrets/AUTHELIA_PGPASSWORD
+  #backup-postgres:
+  #  volumes:
+  #    - ../secrets/authelia/STORAGE_PASSWORD:/run/secrets/AUTHELIA_PGPASSWORD
+  #  environment:
+  #    - AUTHELIA_PGHOST: authelia
+  #    - AUTHELIA_PGUSER: authelia
+  #    - AUTHELIA_DBS_TO_INCLUDE: authelia
+  #    - AUTHELIA_PGPASSWORD_FILE: /run/secrets/AUTHELIA_PGPASSWORD

  # generate all these secrets if they are empty on start
  secrets:
--- a/services/backup.yaml
+++ b/services/backup.yaml
@ -20,22 +20,22 @@ services:
    environment:
      HOSTNAME: ${DOMAIN}
      TZ: America/New_York
-    entrypoint: ["/run"]
    volumes:
-      - ./backup/run:/run:ro
+      - ./backup/backup-files:/backup-files:ro
+    entrypoint: ["/backup-files"]

-  backup-postgres:
-    container_name: backup-postgres
-    image: tecnativa/docker-duplicity-postgres:latest
-    restart: unless-stopped
-    depends_on: [secrets]
-    secrets: [B2_APPLICATION_KEY, B2_APPLICATION_KEY_ID, BUCKET_NAME, PASSPHRASE]
-    environment:
-      HOSTNAME: ${DOMAIN}
-      TZ: America/New_York
-    entrypoint: ["/run-postgres"]
-    volumes:
-      - ./backup/run-postgres:/run-postgres:ro
+#  backup-postgres:
+#    container_name: backup-postgres
+#    image: tecnativa/docker-duplicity-postgres:latest
+#    restart: unless-stopped
+#    depends_on: [secrets]
+#    secrets: [B2_APPLICATION_KEY, B2_APPLICATION_KEY_ID, BUCKET_NAME, PASSPHRASE]
+#    environment:
+#      HOSTNAME: ${DOMAIN}
+#      TZ: America/New_York
+#    entrypoint: ["/backup-databases"]
+#    volumes:
+#      - ./backup/backup-databases:/backup-databases:ro

  secrets:
    volumes:
--- a/services/backup/backup-databases
+++ b/services/backup/backup-databases
--- a/services/backup/backup-files
+++ b/services/backup/backup-files
--- a/services/web/Proxyfile
+++ b/services/web/Proxyfile
@ -1,3 +1,9 @@
 web.{$DOMAIN} {
+	forward_auth authelia:9091 {
+		uri /api/verify?rd=https://login.{$DOMAIN}/
+		copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+	}
+
 	reverse_proxy web:4431
 }
+