Files
Fizzlepoof 2057c8aaa5
Some checks failed
secret-guardrails / artifact-secret-scan (push) Has been cancelled
secret-guardrails / gitleaks (push) Has been cancelled
Cut Doris over to Authentik ingress
2026-05-24 18:59:36 +00:00

170 lines
4.2 KiB
YAML

http:
routers:
auth:
rule: Host(`auth.paccoco.com`)
entryPoints: [web]
service: authentik-outpost
middlewares:
- security-headers
- auth-host-redirect
doris-authentik-outpost:
rule: Host(`doris.paccoco.com`) && PathPrefix(`/outpost.goauthentik.io/`)
priority: 15
entryPoints: [web]
service: authentik-outpost
middlewares:
- security-headers
doris:
rule: Host(`doris.paccoco.com`)
entryPoints: [web]
service: doris-dashboard
middlewares:
- security-headers
- authentik-forwardauth
gitea-authentik-outpost:
rule: Host(`gitea.paccoco.com`) && PathPrefix(`/outpost.goauthentik.io/`)
priority: 15
entryPoints: [web]
service: authentik-outpost
middlewares:
- security-headers
gitea:
rule: Host(`gitea.paccoco.com`)
entryPoints: [web]
service: gitea
middlewares:
- security-headers
grafana:
rule: Host(`grafana.paccoco.com`)
entryPoints: [web]
service: grafana
middlewares:
- security-headers
technitium:
rule: Host(`dns.paccoco.com`)
entryPoints: [web]
service: technitium
middlewares:
- security-headers
traefik-dashboard-authentik-outpost:
rule: Host(`traefik.paccoco.com`) && PathPrefix(`/outpost.goauthentik.io/`)
priority: 20
entryPoints: [web]
service: authentik-outpost
middlewares:
- security-headers
traefik-dashboard-root:
rule: Host(`traefik.paccoco.com`) && Path(`/`)
priority: 15
entryPoints: [web]
service: api@internal
middlewares:
- security-headers
- traefik-dashboard-root-redirect
traefik-dashboard:
rule: Host(`traefik.paccoco.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
priority: 10
entryPoints: [web]
service: api@internal
middlewares:
- security-headers
- authentik-forwardauth
services:
authelia:
loadBalancer:
servers:
- url: http://authelia:9091
authentik-outpost:
loadBalancer:
servers:
- url: http://authentik-server:9000
gitea:
loadBalancer:
servers:
- url: http://gitea:3000
grafana:
loadBalancer:
servers:
- url: http://grafana:3000
technitium:
loadBalancer:
passHostHeader: true
serversTransport: technitium-selfsigned
servers:
- url: https://technitium-dns-pilot:443
doris-dashboard:
loadBalancer:
passHostHeader: true
servers:
- url: http://10.5.30.7:8787
middlewares:
authelia-forwardauth:
forwardAuth:
address: http://authelia:9091/api/authz/forward-auth
trustForwardHeader: true
authResponseHeaders:
- Remote-User
- Remote-Groups
- Remote-Name
- Remote-Email
authentik-forwardauth:
forwardAuth:
address: http://authentik-server:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-entitlements
traefik-dashboard-root-redirect:
redirectRegex:
regex: ^https?://([^/]+)/?$
replacement: https://${1}/dashboard/
permanent: false
auth-host-redirect:
redirectRegex:
regex: ^https?://auth\.paccoco\.com(?:/(.*))?$
replacement: https://authentik.paccoco.com/${1}
permanent: true
security-headers:
headers:
frameDeny: true
browserXssFilter: true
contentTypeNosniff: true
referrerPolicy: same-origin
customRequestHeaders:
X-Forwarded-Proto: https
customResponseHeaders:
X-Robots-Tag: noindex, nofollow, noarchive, nosnippet
serversTransports:
technitium-selfsigned:
insecureSkipVerify: true