version: "3.8"

services:
  authelia:
    image: authelia/authelia:latest
    container_name: authelia
    volumes:
      - /mnt/HoardingCow_docker_data/Authelia:/config
    networks:
      - traefik-net
    restart: unless-stopped
    labels:
      - "traefik.enable=true"

      # HTTP router
      - "traefik.http.routers.authelia-http.rule=Host(`auth.lazyworkhorse.net`)"
      - "traefik.http.routers.authelia-http.entrypoints=web"
      - "traefik.http.routers.authelia-http.middlewares=redirect-to-https"

      # HTTPS router
      - "traefik.http.routers.authelia-https.rule=Host(`auth.lazyworkhorse.net`)"
      - "traefik.http.routers.authelia-https.entrypoints=websecure"
      - "traefik.http.routers.authelia-https.tls=true"
      - "traefik.http.routers.authelia-https.tls.certresolver=njalla"

      - "traefik.http.services.authelia.loadbalancer.server.port=9091"

      # forward auth middleware definition
      - "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lazyworkhorse.net"
      - "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"

networks:
  traefik-net:
    external: true