-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathdocker-compose.yml
64 lines (60 loc) · 2.8 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
---
version: "3"
# example docker-compose to demonstrate how to use trauth.
# there are two implementation examples here. a global and local sso setup.
# the credentials in both cases are admin:password
# for an mTLS example, check out the .dev docker-compose file.
services:
traefik:
image: traefik
command:
- --api.dashboard=true
- --log.level=DEBUG
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --entryPoints.web.address=:80
- --experimental.plugins.trauth.modulename=github.com/leonjza/trauth
- --experimental.plugins.trauth.version=v1.5.0 # or whatever the latest version is
labels:
traefik.enable: true
traefik.http.routers.dashboard.entrypoints: web
traefik.http.routers.dashboard.rule: Host(`traefik.dev.local`)
traefik.http.routers.dashboard.service: api@internal
# configure trauth globally, and reuse the middelware on multiple services
traefik.http.middlewares.global-sso.plugin.trauth.domain: dev.local
traefik.http.middlewares.global-sso.plugin.trauth.cookiename: global-sso-cookie
# see notes about cookiekey's in the documentation.
traefik.http.middlewares.global-sso.plugin.trauth.cookiekey: 97zh8jwic74b5jcxc09nnxroewfzvn3p
traefik.http.middlewares.global-sso.plugin.trauth.usersfile: /htpass
ports:
- 80:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./example-htpass:/htpass
whoami-1:
image: traefik/whoami
depends_on:
- traefik
labels:
traefik.enable: true
traefik.http.routers.whoami-1.rule: Host(`whoami-1.dev.local`)
traefik.http.routers.whoami-1.entrypoints: web
# or, configure a service specific instance of trauth
traefik.http.routers.whoami-1.middlewares: local-sso
traefik.http.middlewares.local-sso.plugin.trauth.domain: whoami-1.dev.local
traefik.http.middlewares.local-sso.plugin.trauth.cookiename: sso-cookie
# *note* the double $$ here to escape a single $
traefik.http.middlewares.local-sso.plugin.trauth.users: admin:$$2y$$05$$fVvJElbTaB/Cw9FevNc2keGo6sMRhY2e55..U.6zOsca3rQuuAU1e
# skip authentication for this service matching the domain and the /test/* or /another-test/* paths
"traefik.http.middlewares.local-sso.plugin.trauth.rules[0].domain": whoami-1.dev.local
"traefik.http.middlewares.local-sso.plugin.trauth.rules[0].excludes[0].exclude": ^/test/.*$
"traefik.http.middlewares.local-sso.plugin.trauth.rules[0].excludes[1].exclude": ^/another-test/.*$
whoami-2:
image: traefik/whoami
depends_on:
- traefik
labels:
traefik.enable: true
traefik.http.routers.whoami-2.rule: Host(`whoami-2.dev.local`)
traefik.http.routers.whoami-2.entrypoints: web
traefik.http.routers.whoami-2.middlewares: global-sso