aki/docker-compose-nas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: aki:f4409eb258e11be2edee31d3a84b65a915f9c511
Branches Tags
aki:main
aki:feature/traefik-authelia-integration
...
compare: aki:f07d0937d9d28ce4e7ac6b3152e933cbb0ae7686
Branches Tags
aki:feature/traefik-authelia-integration
aki:main

2 Commits
f4409eb258 ... f07d0937d9

Author SHA1 Message Date
aki
f07d0937d9 refactor(docker-compose): Move authelia to /auth, then bring back host checks
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Details
2025-04-26 11:16:37 +08:00
aki
749aa6f1cf fix(auth): Refactor service authentication status check 2025-04-26 03:27:49 +08:00
2 changed files with 65 additions and 81 deletions
Show Stats Expand all files Collapse all files

42
docker-compose.yml
View File

@ -52,17 +52,17 @@ services:
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.authelia.rule=PathPrefix(`/`) - traefik.http.routers.authelia.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/auth`) # Changed rule
- traefik.http.routers.authelia.entrypoints=web - traefik.http.routers.authelia.entrypoints=web
- traefik.http.routers.authelia.priority=100 # - traefik.http.routers.authelia.priority=100 # Removed priority
- traefik.http.services.authelia.loadbalancer.server.port=9091 - traefik.http.services.authelia.loadbalancer.server.port=9091
- traefik.http.middlewares.authelia-auth.forwardAuth.address=http://authelia:9091/api/verify?rd=https://${APP_HOSTNAME}/ - traefik.http.middlewares.authelia-auth.forwardAuth.address=http://authelia:9091/api/verify # Simplified forwardAuth address
- traefik.http.middlewares.authelia-auth.forwardAuth.trustForwardHeader=true - traefik.http.middlewares.authelia-auth.forwardAuth.trustForwardHeader=true
- traefik.http.middlewares.authelia-auth.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email - traefik.http.middlewares.authelia-auth.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email
- homepage.group=Security - homepage.group=Security
- homepage.name=Authelia - homepage.name=Authelia
- homepage.icon=authelia.png - homepage.icon=authelia.png
- homepage.href=https://${APP_HOSTNAME}/ - homepage.href=/auth # Updated href
- homepage.description=Authentication Portal - homepage.description=Authentication Portal
sonarr: sonarr:
image: lscr.io/linuxserver/sonarr image: lscr.io/linuxserver/sonarr
@ -81,7 +81,7 @@ services:
retries: 10 retries: 10
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.sonarr.rule=PathPrefix(`/sonarr`) - traefik.http.routers.sonarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/sonarr`) # Added Host check
- traefik.http.routers.sonarr.entrypoints=web - traefik.http.routers.sonarr.entrypoints=web
- traefik.http.routers.sonarr.middlewares=authelia-auth@docker - traefik.http.routers.sonarr.middlewares=authelia-auth@docker
- traefik.http.services.sonarr.loadbalancer.server.port=8989 - traefik.http.services.sonarr.loadbalancer.server.port=8989
@ -111,7 +111,7 @@ services:
retries: 10 retries: 10
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.radarr.rule=PathPrefix(`/radarr`) - traefik.http.routers.radarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/radarr`) # Added Host check
- traefik.http.routers.radarr.entrypoints=web - traefik.http.routers.radarr.entrypoints=web
- traefik.http.routers.radarr.middlewares=authelia-auth@docker - traefik.http.routers.radarr.middlewares=authelia-auth@docker
- traefik.http.services.radarr.loadbalancer.server.port=7878 - traefik.http.services.radarr.loadbalancer.server.port=7878
@ -141,7 +141,7 @@ services:
retries: 10 retries: 10
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.lidarr.rule=PathPrefix(`/lidarr`) - traefik.http.routers.lidarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/lidarr`) # Added Host check
- traefik.http.routers.lidarr.entrypoints=web - traefik.http.routers.lidarr.entrypoints=web
- traefik.http.routers.lidarr.middlewares=authelia-auth@docker - traefik.http.routers.lidarr.middlewares=authelia-auth@docker
- traefik.http.services.lidarr.loadbalancer.server.port=8686 - traefik.http.services.lidarr.loadbalancer.server.port=8686
@ -173,7 +173,7 @@ services:
retries: 10 retries: 10
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.bazarr.rule=PathPrefix(`/bazarr`) - traefik.http.routers.bazarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/bazarr`) # Added Host check
- traefik.http.routers.bazarr.entrypoints=web - traefik.http.routers.bazarr.entrypoints=web
- traefik.http.routers.bazarr.middlewares=authelia-auth@docker - traefik.http.routers.bazarr.middlewares=authelia-auth@docker
- traefik.http.services.bazarr.loadbalancer.server.port=6767 - traefik.http.services.bazarr.loadbalancer.server.port=6767
@ -208,7 +208,7 @@ services:
retries: 10 retries: 10
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.jellyseerr.rule=PathPrefix(`/jellyseerr`) - traefik.http.routers.jellyseerr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/jellyseerr`) # Added Host check
- traefik.http.routers.jellyseerr.entrypoints=web - traefik.http.routers.jellyseerr.entrypoints=web
- traefik.http.services.jellyseerr.loadbalancer.server.port=5055 - traefik.http.services.jellyseerr.loadbalancer.server.port=5055
- traefik.http.routers.jellyseerr.middlewares=jellyseerr-stripprefix,jellyseerr-rewrite,jellyseerr-rewriteHeaders,authelia-auth@docker - traefik.http.routers.jellyseerr.middlewares=jellyseerr-stripprefix,jellyseerr-rewrite,jellyseerr-rewriteHeaders,authelia-auth@docker
@ -282,7 +282,7 @@ services:
retries: 10 retries: 10
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.prowlarr.rule=PathPrefix(`/prowlarr`) - traefik.http.routers.prowlarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/prowlarr`) # Added Host check
- traefik.http.routers.prowlarr.entrypoints=web - traefik.http.routers.prowlarr.entrypoints=web
- traefik.http.routers.prowlarr.middlewares=authelia-auth@docker - traefik.http.routers.prowlarr.middlewares=authelia-auth@docker
- traefik.http.services.prowlarr.loadbalancer.server.port=9696 - traefik.http.services.prowlarr.loadbalancer.server.port=9696
@ -306,7 +306,7 @@ services:
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.flaresolverr.rule=PathPrefix(`/flaresolverr`) - traefik.http.routers.flaresolverr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/flaresolverr`) # Added Host check
- traefik.http.routers.flaresolverr.entrypoints=web - traefik.http.routers.flaresolverr.entrypoints=web
- traefik.http.routers.flaresolverr.middlewares=authelia-auth@docker - traefik.http.routers.flaresolverr.middlewares=authelia-auth@docker
- traefik.http.services.flaresolverr.loadbalancer.server.port=8191 - traefik.http.services.flaresolverr.loadbalancer.server.port=8191
@ -332,7 +332,7 @@ services:
retries: 10 retries: 10
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.qbittorrent.rule=PathPrefix(`/qbittorrent`) - traefik.http.routers.qbittorrent.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/qbittorrent`) # Added Host check
- traefik.http.routers.qbittorrent.entrypoints=web - traefik.http.routers.qbittorrent.entrypoints=web
- traefik.http.services.qbittorrent.loadbalancer.server.port=8080 - traefik.http.services.qbittorrent.loadbalancer.server.port=8080
- traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix,authelia-auth@docker - traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix,authelia-auth@docker
@ -378,7 +378,7 @@ services:
restart: always restart: always
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.sabnzbd.rule=PathPrefix(`/sabnzbd`) - traefik.http.routers.sabnzbd.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/sabnzbd`) # Added Host check
- traefik.http.routers.sabnzbd.entrypoints=web - traefik.http.routers.sabnzbd.entrypoints=web
- traefik.http.routers.sabnzbd.middlewares=authelia-auth@docker - traefik.http.routers.sabnzbd.middlewares=authelia-auth@docker
- traefik.http.services.sabnzbd.loadbalancer.server.port=8080 - traefik.http.services.sabnzbd.loadbalancer.server.port=8080
@ -414,9 +414,9 @@ services:
retries: 10 retries: 10
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.jellyfin.rule=PathPrefix(`/jellyfin`) - traefik.http.routers.jellyfin.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/jellyfin`) # Added Host check
- traefik.http.routers.jellyfin.entrypoints=web - traefik.http.routers.jellyfin.entrypoints=web
- traefik.http.routers.jellyfin.middlewares=authelia-auth@docker - traefik.http.routers.jellyfin.middlewares= # Ensure this remains empty for no auth
- traefik.http.services.jellyfin.loadbalancer.server.port=8096 - traefik.http.services.jellyfin.loadbalancer.server.port=8096
- homepage.group=Media - homepage.group=Media
- homepage.name=Jellyfin - homepage.name=Jellyfin
@ -446,7 +446,7 @@ services:
- traefik.http.middlewares.calibre-headers.headers.customRequestHeaders.X-Script-Name=/calibre - traefik.http.middlewares.calibre-headers.headers.customRequestHeaders.X-Script-Name=/calibre
- traefik.http.middlewares.calibre-stripprefixregex.stripPrefixRegex.regex=/calibre - traefik.http.middlewares.calibre-stripprefixregex.stripPrefixRegex.regex=/calibre
- traefik.http.routers.calibre.middlewares=calibre-headers,calibre-stripprefixregex,authelia-auth@docker - traefik.http.routers.calibre.middlewares=calibre-headers,calibre-stripprefixregex,authelia-auth@docker
- traefik.http.routers.calibre.rule=PathPrefix(`/calibre`) - traefik.http.routers.calibre.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/calibre`) # Added Host check
- traefik.http.routers.calibre.entrypoints=web - traefik.http.routers.calibre.entrypoints=web
- traefik.http.services.calibre.loadbalancer.server.port=8083 - traefik.http.services.calibre.loadbalancer.server.port=8083
- homepage.group=Media - homepage.group=Media
@ -519,15 +519,15 @@ services:
[sh, -c, "cp -n /app/config/tpl/*.yaml /app/config && node server.js"] [sh, -c, "cp -n /app/config/tpl/*.yaml /app/config && node server.js"]
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.homepage.rule=PathPrefix(`/home`) - traefik.http.routers.homepage.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/`) # Changed rule to root
- traefik.http.routers.homepage.entrypoints=web - traefik.http.routers.homepage.entrypoints=web
- traefik.http.routers.homepage.priority=10 # - traefik.http.routers.homepage.priority=10 # Removed priority
- traefik.http.middlewares.homepage-stripprefix.stripPrefix.prefixes=/home # - traefik.http.middlewares.homepage-stripprefix.stripPrefix.prefixes=/home # Removed stripPrefix middleware definition
- traefik.http.routers.homepage.middlewares=homepage-stripprefix,authelia-auth@docker - traefik.http.routers.homepage.middlewares=authelia-auth@docker # Removed stripPrefix middleware usage
- homepage.group=Dashboard - homepage.group=Dashboard
- homepage.name=Homepage - homepage.name=Homepage
- homepage.icon=homepage.png - homepage.icon=homepage.png
- homepage.href=/home - homepage.href=/ # Updated href
- homepage.description=Service Dashboard - homepage.description=Service Dashboard
watchtower: watchtower:
image: ghcr.io/containrrr/watchtower:latest image: ghcr.io/containrrr/watchtower:latest

104
update-setup.sh
View File

@ -623,85 +623,69 @@ list_services() {
return 1 return 1
fi fi
# Show a warning if we're not creating a backup for this operation
echo -e "${BLUE}Checking services in $COMPOSE_FILE...${NC}" echo -e "${BLUE}Checking services in $COMPOSE_FILE...${NC}"
echo -e "${CYAN}SERVICE\t\tAUTH STATUS${NC}" echo -e "${CYAN}SERVICE\t\tAUTH STATUS${NC}"
echo -e "${CYAN}-------\t\t-----------${NC}" echo -e "${CYAN}-------\t\t-----------${NC}"
local service_count=0 local service_count=0
# Use yq if available for more reliable parsing # Get all router names from the labels
if command -v yq &> /dev/null; then # This pattern is specific to how your docker-compose.yml format works
# Get all services from the docker-compose.yml file local router_lines=$(grep -n "traefik.http.routers" "$COMPOSE_FILE")
local services=$(yq e '.services | keys | .[]' "$COMPOSE_FILE" 2>/dev/null)
# Process each router line to get service names
while IFS= read -r line; do
local line_num=$(echo "$line" | cut -d: -f1)
local router_config=$(echo "$line" | cut -d: -f2-)
for service in $services; do # Extract service name from router definition
if [[ "$router_config" =~ traefik\.http\.routers\.([^.]+) ]]; then
local service="${BASH_REMATCH[1]}"
# Skip infrastructure containers # Skip infrastructure containers
if [[ "$service" == "redis" || "$service" == "authelia" || "$service" == "traefik" || "$service" == "tailscale" || "$service" == "watchtower" || "$service" == "autoheal" || "$service" == "middlewares" ]]; then if [[ "$service" == "redis" || "$service" == "authelia" || "$service" == "traefik" || "$service" == "tailscale" || "$service" == "watchtower" || "$service" == "autoheal" || "$service" == "middlewares" ]]; then
continue continue
fi fi
# Check if this service has Traefik router configured # Skip duplicate entries - only handle each service once
local has_router=$(yq e ".services.$service.labels[] | select(contains(\"traefik.http.routers.$service\"))" "$COMPOSE_FILE" 2>/dev/null) if [[ "$processed_services" == *"$service"* ]]; then
if [ -n "$has_router" ]; then
local status=$(get_auth_status "$service")
# Format the output with padding
printf "${BOLD}%-20s${NC}" "$service"
case "$status" in
"enabled")
echo -e "${GREEN}Enabled${NC}"
service_count=$((service_count + 1))
;;
"disabled")
echo -e "${YELLOW}Disabled${NC}"
service_count=$((service_count + 1))
;;
*)
echo -e "${RED}Unknown${NC}"
;;
esac
fi
done
else
# Fallback to using grep for parsing (less reliable)
# First identify all container names
local services=$(grep "container_name:" "$COMPOSE_FILE" | awk '{print $3}')
for service in $services; do
# Skip infrastructure containers
if [[ "$service" == "redis" || "$service" == "authelia" || "$service" == "traefik" || "$service" == "tailscale" || "$service" == "watchtower" || "$service" == "autoheal" || "$service" == "middlewares" ]]; then
continue continue
fi fi
processed_services="$processed_services $service"
# Look specifically for router configuration for this service # Find if this router has a middlewares configuration, with or without authelia
if grep -q "traefik.http.routers.$service" "$COMPOSE_FILE"; then local status="unknown"
local status=$(get_auth_status "$service") # Look for middlewares for this service
if grep -q "traefik.http.routers.$service.middlewares=.*authelia-auth" "$COMPOSE_FILE"; then
printf "${BOLD}%-20s${NC}" "$service" status="enabled"
elif grep -q "traefik.http.routers.$service.middlewares=" "$COMPOSE_FILE"; then
case "$status" in # Has middlewares but no authelia-auth
"enabled") if ! grep -q "traefik.http.routers.$service.middlewares=.*authelia-auth" "$COMPOSE_FILE"; then
echo -e "${GREEN}Enabled${NC}" status="disabled"
service_count=$((service_count + 1)) fi
;;
"disabled")
echo -e "${YELLOW}Disabled${NC}"
service_count=$((service_count + 1))
;;
*)
echo -e "${RED}Unknown${NC}"
;;
esac
fi fi
done
fi printf "${BOLD}%-20s${NC}" "$service"
case "$status" in
"enabled")
echo -e "${GREEN}Enabled${NC}"
service_count=$((service_count + 1))
;;
"disabled")
echo -e "${YELLOW}Disabled${NC}"
service_count=$((service_count + 1))
;;
*)
echo -e "${RED}Unknown${NC}"
;;
esac
fi
done <<< "$router_lines"
if [ $service_count -eq 0 ]; then if [ $service_count -eq 0 ]; then
echo -e "${YELLOW}No services found with authentication status.${NC}" echo -e "${YELLOW}No services found with authentication status.${NC}"
echo -e "${YELLOW}This could indicate that no services are configured with Traefik routers,${NC}" echo -e "${YELLOW}This could indicate an issue with detecting middlewares in your docker-compose.yml.${NC}"
echo -e "${YELLOW}or that the compose file has an unexpected structure.${NC}"
fi fi
} }