--- x-env: &env - AUTHENTIK_POSTGRESQL__PASSWORD - AUTHENTIK_POSTGRESQL__USER - AUTHENTIK_POSTGRESQL__NAME - AUTHENTIK_POSTGRESQL__HOST - AUTHENTIK_REDIS__HOST - AUTHENTIK_ERROR_REPORTING__ENABLED - AUTHENTIK_SECRET_KEY= #file:///run/secrets/secret_key - AK_ADMIN_TOKEN= #file:///run/secrets/admin_token - AK_ADMIN_PASS= #file:///run/secrets/admin_pass - AUTHENTIK_EMAIL__HOST - AUTHENTIK_EMAIL__PORT - AUTHENTIK_EMAIL__USERNAME - AUTHENTIK_EMAIL__PASSWORD - AUTHENTIK_EMAIL__USE_TLS - AUTHENTIK_EMAIL__USE_SSL - AUTHENTIK_EMAIL__TIMEOUT - AUTHENTIK_EMAIL__FROM - AUTHENTIK_LOG_LEVEL version: '3.8' services: app: image: ghcr.io/goauthentik/server:2022.7.3 command: server # secrets: # - db_password # - admin_pass # - admin_token # - secret_key volumes: - media:/media - custom-templates:/templates networks: - internal - proxy healthcheck: test: ["CMD", "curl", "-f", "localhost:9000/-/health/live/"] interval: 30s timeout: 10s retries: 10 start_period: 1m environment: *env deploy: update_config: failure_action: rollback order: start-first labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=9000" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN" - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}" - "coop-cloud.${STACK_NAME}.version=0.3.0+2022.7.3" worker: image: ghcr.io/goauthentik/server:2022.7.3 command: worker # secrets: # - db_password # - admin_pass # - admin_token # - secret_key networks: - internal - proxy user: root volumes: - backups:/backups - media:/media - /var/run/docker.sock:/var/run/docker.sock - custom-templates:/templates environment: *env db: image: postgres:12.11-alpine # secrets: # - db_password volumes: - database:/var/lib/postgresql/data networks: - internal healthcheck: test: ["CMD", "pg_isready"] interval: 30s timeout: 10s retries: 10 start_period: 1m environment: - POSTGRES_PASSWORD - POSTGRES_USER - POSTGRES_DB deploy: labels: backupbot.backup: "true" backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=${POSTGRES_PASSWORD} pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > /tmp/backup/backup.sql" backupbot.backup.post-hook: "rm -rf /tmp/backup" backupbot.backup.path: "/tmp/backup/" redis: image: redis:7.0.4-alpine networks: - internal healthcheck: test: ["CMD", "redis-cli","ping"] interval: 30s timeout: 10s retries: 10 start_period: 1m # secrets: # db_password: # external: true # name: ${STACK_NAME}_db_password # secret_key: # external: true # name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION} # admin_token: # external: true # name: ${STACK_NAME}_admin_token_${SECRET_ADMIN_TOKEN_VERSION} # admin_pass: # external: true # name: ${STACK_NAME}_admin_pass_${SECRET_ADMIN_PASS_VERSION} networks: proxy: external: true internal: volumes: backups: media: custom-templates: database: