forked from adrienkohlbecker/traefik-auth-cloudflare
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
52 lines (48 loc) · 1.62 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
version: '3.7'
services:
traefik:
image: traefik:2.4.13
restart: always
ports:
- 80:80
- 443:443
networks:
- web
- traefik-auth
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.toml:/etc/traefik/traefik.toml:ro
container_name: traefik
traefik-auth-cloudflare:
image: ghcr.io/dashflo/traefik-auth-cloudflare:latest
restart: always
expose:
- 8080
networks:
- traefik-auth
container_name: traefik-auth-cloudflare
# traefik-auth-cloudflare needs to be configured with your auth-domain
command: ["--auth-domain", "https://foo.cloudflareaccess.com"]
echo:
image: solsson/http-echo
restart: always
init: true
expose:
- 80
networks:
- web
labels:
# basic traefik config
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.http.routers.echo.rule=Host(`echo.my-awesome-app.org`)"
# Each request is first forwarded to traefik-auth-cloudflare to check the JWT token
# the Application Audience (aud) tag is given as an URL parameter: `/auth/{audience}`
- "traefik.http.routers.echo.middlewares=echo-auth@docker"
- "traefik.http.middlewares.echo-auth.forwardauth.address=http://traefik-auth-cloudflare:8080/auth/62d4c34bece5735ba2b94a865de5cc6312dc4f6192a946005e2ac59a3f4522d2"
# Optional: Forward the X-Auth-User header to the backend, which is set by traefik-auth-cloudflare to contain the user email
- "traefik.http.middlewares.echo-auth.forwardauth.authResponseHeaders=X-Auth-User"
networks:
traefik-auth:
web:
name: web