mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-02 11:56:02 +02:00
44 lines
1.5 KiB
YAML
44 lines
1.5 KiB
YAML
version: "3"
|
|
services:
|
|
traefik:
|
|
image: traefik:v2.1
|
|
command:
|
|
- "--accesslog=true"
|
|
- "--api.insecure=true"
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--entryPoints.websecure.forwardedHeaders.insecure"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--providers.docker=true"
|
|
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "8080:8080"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
httpbin:
|
|
image: kennethreitz/httpbin:latest
|
|
labels:
|
|
- "traefik.http.middlewares.pomerium.forwardauth.authResponseHeaders=X-Pomerium-Authenticated-User-Email,x-pomerium-authenticated-user-id,x-pomerium-authenticated-user-groups,x-pomerium-jwt-assertion"
|
|
- "traefik.http.middlewares.pomerium.forwardauth.address=http://pomerium/"
|
|
- "traefik.http.middlewares.pomerium.forwardauth.trustForwardHeader=true"
|
|
|
|
- "traefik.http.routers.httpbin.middlewares=pomerium@docker"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.httpbin.rule=Host(`httpbin.localhost.pomerium.io`)"
|
|
- "traefik.http.routers.httpbin.entrypoints=websecure"
|
|
- "traefik.http.routers.httpbin.tls=true"
|
|
|
|
pomerium:
|
|
image: pomerium/pomerium:latest
|
|
volumes:
|
|
- ./config.yaml:/pomerium/config.yaml:ro
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.pomerium.rule=Host(`authenticate.localhost.pomerium.io`)"
|
|
- "traefik.http.routers.pomerium.entrypoints=websecure"
|
|
- "traefik.http.routers.pomerium.tls=true"
|
|
expose:
|
|
- 80
|