Ian Roddis
33 lines
1.6 KiB
Django/Jinja
33 lines
1.6 KiB
Django/Jinja
services:
|
|
uptimekuma:
|
|
image: louislam/uptime-kuma:{{ uptimekuma_version }}
|
|
container_name: uptimekuma
|
|
restart: unless-stopped
|
|
volumes:
|
|
- {{ uptimekuma_data_dir }}/data:/app/data
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.uptimekuma.rule=Host(`{{ uptimekuma_domain }}`)"
|
|
- "traefik.http.routers.uptimekuma.tls=true"
|
|
- "traefik.http.routers.uptimekuma.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.uptimekuma.middlewares=uptimekuma-auth@docker"
|
|
- "traefik.http.services.uptimekuma.loadbalancer.server.port=3001"
|
|
# Authentik forward auth — protects the dashboard with Authentik SSO.
|
|
# Pre-requisite: create a Proxy Provider (Forward Auth, single application)
|
|
# in Authentik pointing to https://{{ uptimekuma_domain }}, then add it
|
|
# to the embedded outpost.
|
|
- "traefik.http.middlewares.uptimekuma-auth.forwardauth.address=https://{{ authentik_domain }}/outpost.goauthentik.io/auth/traefik"
|
|
- "traefik.http.middlewares.uptimekuma-auth.forwardauth.trustForwardHeader=true"
|
|
- "traefik.http.middlewares.uptimekuma-auth.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
|
|
networks:
|
|
- {{ sovereign_network_name }}
|
|
logging:
|
|
driver: gelf
|
|
options:
|
|
gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
|
|
tag: "uptimekuma"
|
|
|
|
networks:
|
|
{{ sovereign_network_name }}:
|
|
external: true
|