From f07d0937d9d28ce4e7ac6b3152e933cbb0ae7686 Mon Sep 17 00:00:00 2001 From: aki Date: Sat, 26 Apr 2025 11:16:37 +0800 Subject: [PATCH] refactor(docker-compose): Move authelia to /auth, then bring back host checks --- docker-compose.yml | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 0614364..3a492df 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -52,17 +52,17 @@ services: - TZ=${TIMEZONE} labels: - traefik.enable=true - - traefik.http.routers.authelia.rule=PathPrefix(`/`) + - traefik.http.routers.authelia.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/auth`) # Changed rule - traefik.http.routers.authelia.entrypoints=web - - traefik.http.routers.authelia.priority=100 + # - traefik.http.routers.authelia.priority=100 # Removed priority - traefik.http.services.authelia.loadbalancer.server.port=9091 - - traefik.http.middlewares.authelia-auth.forwardAuth.address=http://authelia:9091/api/verify?rd=https://${APP_HOSTNAME}/ + - traefik.http.middlewares.authelia-auth.forwardAuth.address=http://authelia:9091/api/verify # Simplified forwardAuth address - traefik.http.middlewares.authelia-auth.forwardAuth.trustForwardHeader=true - traefik.http.middlewares.authelia-auth.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email - homepage.group=Security - homepage.name=Authelia - homepage.icon=authelia.png - - homepage.href=https://${APP_HOSTNAME}/ + - homepage.href=/auth # Updated href - homepage.description=Authentication Portal sonarr: image: lscr.io/linuxserver/sonarr @@ -81,7 +81,7 @@ services: retries: 10 labels: - traefik.enable=true - - traefik.http.routers.sonarr.rule=PathPrefix(`/sonarr`) + - traefik.http.routers.sonarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/sonarr`) # Added Host check - traefik.http.routers.sonarr.entrypoints=web - traefik.http.routers.sonarr.middlewares=authelia-auth@docker - traefik.http.services.sonarr.loadbalancer.server.port=8989 @@ -111,7 +111,7 @@ services: retries: 10 labels: - traefik.enable=true - - traefik.http.routers.radarr.rule=PathPrefix(`/radarr`) + - traefik.http.routers.radarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/radarr`) # Added Host check - traefik.http.routers.radarr.entrypoints=web - traefik.http.routers.radarr.middlewares=authelia-auth@docker - traefik.http.services.radarr.loadbalancer.server.port=7878 @@ -141,7 +141,7 @@ services: retries: 10 labels: - traefik.enable=true - - traefik.http.routers.lidarr.rule=PathPrefix(`/lidarr`) + - traefik.http.routers.lidarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/lidarr`) # Added Host check - traefik.http.routers.lidarr.entrypoints=web - traefik.http.routers.lidarr.middlewares=authelia-auth@docker - traefik.http.services.lidarr.loadbalancer.server.port=8686 @@ -173,7 +173,7 @@ services: retries: 10 labels: - traefik.enable=true - - traefik.http.routers.bazarr.rule=PathPrefix(`/bazarr`) + - traefik.http.routers.bazarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/bazarr`) # Added Host check - traefik.http.routers.bazarr.entrypoints=web - traefik.http.routers.bazarr.middlewares=authelia-auth@docker - traefik.http.services.bazarr.loadbalancer.server.port=6767 @@ -208,7 +208,7 @@ services: retries: 10 labels: - traefik.enable=true - - traefik.http.routers.jellyseerr.rule=PathPrefix(`/jellyseerr`) + - traefik.http.routers.jellyseerr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/jellyseerr`) # Added Host check - traefik.http.routers.jellyseerr.entrypoints=web - traefik.http.services.jellyseerr.loadbalancer.server.port=5055 - traefik.http.routers.jellyseerr.middlewares=jellyseerr-stripprefix,jellyseerr-rewrite,jellyseerr-rewriteHeaders,authelia-auth@docker @@ -282,7 +282,7 @@ services: retries: 10 labels: - traefik.enable=true - - traefik.http.routers.prowlarr.rule=PathPrefix(`/prowlarr`) + - traefik.http.routers.prowlarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/prowlarr`) # Added Host check - traefik.http.routers.prowlarr.entrypoints=web - traefik.http.routers.prowlarr.middlewares=authelia-auth@docker - traefik.http.services.prowlarr.loadbalancer.server.port=9696 @@ -306,7 +306,7 @@ services: - TZ=${TIMEZONE} labels: - traefik.enable=true - - traefik.http.routers.flaresolverr.rule=PathPrefix(`/flaresolverr`) + - traefik.http.routers.flaresolverr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/flaresolverr`) # Added Host check - traefik.http.routers.flaresolverr.entrypoints=web - traefik.http.routers.flaresolverr.middlewares=authelia-auth@docker - traefik.http.services.flaresolverr.loadbalancer.server.port=8191 @@ -332,7 +332,7 @@ services: retries: 10 labels: - traefik.enable=true - - traefik.http.routers.qbittorrent.rule=PathPrefix(`/qbittorrent`) + - traefik.http.routers.qbittorrent.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/qbittorrent`) # Added Host check - traefik.http.routers.qbittorrent.entrypoints=web - traefik.http.services.qbittorrent.loadbalancer.server.port=8080 - traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix,authelia-auth@docker @@ -378,7 +378,7 @@ services: restart: always labels: - traefik.enable=true - - traefik.http.routers.sabnzbd.rule=PathPrefix(`/sabnzbd`) + - traefik.http.routers.sabnzbd.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/sabnzbd`) # Added Host check - traefik.http.routers.sabnzbd.entrypoints=web - traefik.http.routers.sabnzbd.middlewares=authelia-auth@docker - traefik.http.services.sabnzbd.loadbalancer.server.port=8080 @@ -414,9 +414,9 @@ services: retries: 10 labels: - traefik.enable=true - - traefik.http.routers.jellyfin.rule=PathPrefix(`/jellyfin`) + - traefik.http.routers.jellyfin.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/jellyfin`) # Added Host check - traefik.http.routers.jellyfin.entrypoints=web - - traefik.http.routers.jellyfin.middlewares=authelia-auth@docker + - traefik.http.routers.jellyfin.middlewares= # Ensure this remains empty for no auth - traefik.http.services.jellyfin.loadbalancer.server.port=8096 - homepage.group=Media - homepage.name=Jellyfin @@ -446,7 +446,7 @@ services: - traefik.http.middlewares.calibre-headers.headers.customRequestHeaders.X-Script-Name=/calibre - traefik.http.middlewares.calibre-stripprefixregex.stripPrefixRegex.regex=/calibre - traefik.http.routers.calibre.middlewares=calibre-headers,calibre-stripprefixregex,authelia-auth@docker - - traefik.http.routers.calibre.rule=PathPrefix(`/calibre`) + - traefik.http.routers.calibre.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/calibre`) # Added Host check - traefik.http.routers.calibre.entrypoints=web - traefik.http.services.calibre.loadbalancer.server.port=8083 - homepage.group=Media @@ -519,15 +519,15 @@ services: [sh, -c, "cp -n /app/config/tpl/*.yaml /app/config && node server.js"] labels: - traefik.enable=true - - traefik.http.routers.homepage.rule=PathPrefix(`/home`) + - traefik.http.routers.homepage.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/`) # Changed rule to root - traefik.http.routers.homepage.entrypoints=web - - traefik.http.routers.homepage.priority=10 - - traefik.http.middlewares.homepage-stripprefix.stripPrefix.prefixes=/home - - traefik.http.routers.homepage.middlewares=homepage-stripprefix,authelia-auth@docker + # - traefik.http.routers.homepage.priority=10 # Removed priority + # - traefik.http.middlewares.homepage-stripprefix.stripPrefix.prefixes=/home # Removed stripPrefix middleware definition + - traefik.http.routers.homepage.middlewares=authelia-auth@docker # Removed stripPrefix middleware usage - homepage.group=Dashboard - homepage.name=Homepage - homepage.icon=homepage.png - - homepage.href=/home + - homepage.href=/ # Updated href - homepage.description=Service Dashboard watchtower: image: ghcr.io/containrrr/watchtower:latest