devydave/tinyauth-recipe
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f80be0411183de6bf9db4e3682b4aa357c00cf84
tinyauth-recipe/compose.yml
devydave f80be04111 init: adds basic setup
2026-01-02 11:52:12 +01:00

62 lines
2.7 KiB
YAML
Raw Blame History

---
services:
app:
image: ghcr.io/steveiliop56/tinyauth:v4
networks:
- proxy
deploy:
restart_policy:
condition: on-failure
labels:
- "traefik.enable=true"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.middlewares.${STACK_NAME}.forwardauth.address=http://${STACK_NAME}_app:3000/api/auth/traefik"
## Edit the following line if you are using one, but not both, "Redirect" sections below
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirectscheme,${STACK_NAME}-redirecthostname"
## Redirect from EXTRA_DOMAINS to DOMAIN
# - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.regex=^http[s]?://([^/]*)/(.*)"
# - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.replacement=https://${DOMAIN}/$${2}"
# - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.permanent=true"
## Redirect HTTP to HTTPS
# - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.scheme=https"
# - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.permanent=true"
## When you're ready for release, run "abra recipe sync <name>" to set this
- "coop-cloud.${STACK_NAME}.version="
## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore
# - "backupbot.backup=true"
# - "backupbot.backup.path=/some/path"
environment:
APP_URL: "https://${DOMAIN}"
DISABLE_ANALYTICS: "true"
#USERS_FILE: /run/secrets/users
PROVIDERS_SSO_AUTH_URL: ${AUTH_URL}
PROVIDERS_SSO_CLIENT_ID: ${CLIENT_ID}
PROVIDERS_SSO_CLIENT_SECRET_FILE: /run/secrets/client_secret
PROVIDERS_SSO_REDIRECT_URL: https://${DOMAIN}/api/oauth/callback/sso
PROVIDERS_SSO_SCOPES: ${SCOPES}
PROVIDERS_SSO_TOKEN_URL: ${TOKEN_URL}
PROVIDERS_SSO_USER_INFO_URL: ${USER_INFO_URL}
secrets:
- users
- client_secret
# healthcheck:
# test: ["CMD", "curl", "-f", "http://localhost:3000/api/healthz"]
# interval: 5s
# timeout: 3s
# retries: 10
# start_period: 1m
secrets:
users:
name: ${STACK_NAME}_users_${SECRET_USERS_VERSION}
external: true
client_secret:
name: ${STACK_NAME}_client_secret_${SECRET_CLIENT_SECRET_VERSION}
external: true
networks:
proxy:
external: true
Reference in New Issue View Git Blame Copy Permalink