mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-10-30 20:22:20 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
copyparty/docs/examples/docker/idp-authelia-traefik/docker-compose.yml

119 lines
4.1 KiB
YAML
Raw Blame History

---
networks:
net:
driver: bridge
services:
copyparty:
image: copyparty/ac:latest
container_name: idp_copyparty
user: "1000:1000" # should match the user/group of your fileshare volumes
volumes:
- ./cpp/:/cfg:z # the copyparty config folder
- /srv/pub:/w:z # this is where we declare that "/srv/pub" is the filesystem-path on the server that shall be shared online
networks:
- net
expose:
- 3923
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.copyparty.rule=Host(`fs.example.com`)'
- 'traefik.http.routers.copyparty.entrypoints=websecure'
- 'traefik.http.routers.copyparty.tls=true'
- 'traefik.http.routers.copyparty.tls.certresolver=letsencrypt' # ← THIS IS CRUCIAL
- 'traefik.http.routers.copyparty.middlewares=authelia@docker'
stop_grace_period: 15s # thumbnailer is allowed to continue finishing up for 10s after the shutdown signal
environment:
LD_PRELOAD: /usr/lib/libmimalloc-secure.so.NOPE
# enable mimalloc by replacing "NOPE" with "2" for a nice speed-boost (will use twice as much ram)
PYTHONUNBUFFERED: 1
# ensures log-messages are not delayed (but can reduce speed a tiny bit)
authelia:
image: authelia/authelia:4.39.5@sha256:023e02e5203dfa0ebaee7a48b5bae34f393d1f9cada4a9df7fbf87eb1759c671
container_name: idp_authelia
volumes:
- ./authelia:/config:z
networks:
- net
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.authelia.rule=Host(`authelia.example.com`)'
- 'traefik.http.routers.authelia.entrypoints=websecure'
- 'traefik.http.routers.authelia.tls=true'
- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https://authelia.example.com'
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
expose:
- 9091
restart: unless-stopped
environment:
- TZ=Etc/UTC
valkey:
image: valkey/valkey:8.1.3-alpine3.22@sha256:0d27f0bca0249f61d060029a6aaf2e16b2c417d68d02a508e1dfb763fa2948b4
container_name: idp_valkey
volumes:
- ./valkey:/data:z
networks:
- net
expose:
- 6379
restart: unless-stopped
environment:
- TZ=Etc/UTC
- VALKEY_EXTRA_FLAGS=--requirepass your_secure_password_here
socket-proxy:
image: lscr.io/linuxserver/socket-proxy:3.2.3@sha256:63d2e0ce6bb0d12dfdbde5c3af31d08fee343ec3801a050c8197a3f5ffae8bed
container_name: idp_socket_proxy
environment:
- CONTAINERS=1
- NETWORKS=1
- EVENTS=1
- PING=1
- VERSION=1
- LOG_LEVEL=warning
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
security_opt:
- no-new-privileges:true
read_only: true
tmpfs:
- /run
networks:
- net
restart: unless-stopped
expose:
- 2375
traefik:
image: traefik:3.5.0@sha256:4e7175cfe19be83c6b928cae49dde2f2788fb307189a4dc9550b67acf30c11a5
container_name: idp_traefik
volumes:
- ./traefik:/etc/traefik:z
networks:
- net
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.api.middlewares=authelia@docker'
ports:
- '80:80'
- '443:443'
command:
- '--global.sendAnonymousUsage=false'
- '--providers.docker.endpoint=tcp://socket-proxy:2375'
- '--providers.docker.exposedByDefault=false'
- '--entrypoints.web.address=:80'
- '--entrypoints.web.http.redirections.entrypoint.to=websecure'
- '--entrypoints.web.http.redirections.entrypoint.scheme=https'
- '--entrypoints.websecure.address=:443'
- '--certificatesResolvers.letsencrypt.acme.email=your-email@your-domain.com'
- '--certificatesResolvers.letsencrypt.acme.storage=/etc/traefik/acme.json'
- '--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web'
- '--log.level=INFO'
depends_on:
- socket-proxy
Reference in a new issue View git blame Copy permalink