docs: Update README.md

examples/authentik/README.md

@@ -22,3 +22,62 @@ https://<hostname>/if/flow/initial-setup/
 # without TLS reverse proxy
 https://<hostname>:9000/if/flow/initial-setup/
 ````
+
+## Traefik Outpost on another server
+
+In case you want to protect containers with Authentik but your Authentik runs on another, totally different server, you can deploy an outpost container. This container will communicate with your offsite Authentik instance and provide a traefik forward-auth middleware.
+
+Follow these instructions:
+
+1. Create your to-be-protected application at your Authentik instance (provider + app) as usual.
+2. Create a new outpost at your Authentik instance at `/if/admin/#/outpost/outposts`.
+    - Make note of the deployment token. This one will later be used as env in `AUTHENTIK_TOKEN` for the outpost container.
+    - Add your previously to-be-protected application to this outpost.
+4. Spawn the outpost proxy container on your server, where Authentik is not running.
+
+````
+services:
+
+  authentik-outpost:
+    image: ghcr.io/goauthentik/proxy:2025.6
+    container_name: authentik-outpost
+    restart: unless-stopped
+    expose:
+       - 9000
+    environment:
+      AUTHENTIK_HOST: https://authentik.ptf.one
+      AUTHENTIK_TOKEN: <YOUR-DEPLOYMENT-TOKEN>
+      AUTHENTIK_INSECURE: "false"  # set to "true" if your Authentik domain uses self-signed certs
+    labels:
+      - traefik.enable=true
+      - traefik.http.middlewares.authentik.forwardauth.address=http://authentik-outpost:9000/outpost.goauthentik.io/auth/traefik
+      - traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true
+      - traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-m>
+    networks:
+      - proxy
+
+networks:
+  proxy:
+    external: true
+````
+
+Afterwards, you can use the new middleware `authentik@docker` for your running containers. If enabled, you have to authenticate against the Authentik instance, which runs somewhere else. 
+
+Here an example on how to enable the middleware on a simplistic whoami container:
+
+````
+services:
+
+  whoami:
+    image: traefik/whoami
+    container_name: whoami
+    command:
+       - --name=whoami
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=dev
+      - traefik.http.routers.whoami.rule=Host(`whoami.example.com`)
+      - traefik.http.routers.whoami.service=whoami
+      - traefik.http.services.whoami.loadbalancer.server.port=80
+      - traefik.http.routers.whoami.middlewares=authentik@docker # <--- this is the relevant part
+````

examples/crowdsec/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
 
   crowdsec:
-    image: crowdsecurity/crowdsec:v1.6.8
+    image: crowdsecurity/crowdsec:v1.6.10
     container_name: crowdsec
     restart: unless-stopped
     ports:

examples/cs2-dedicated-server/README.md

@@ -2,6 +2,7 @@
 
 - https://github.com/joedwards32/CS2
 - https://github.com/shobhit-pathak/cs2-rcon-panel
+- https://github.com/l4rm4nd/cs2-rcon-panel
 
 # Notes
 
@@ -11,7 +12,7 @@ Minimum system requirements are:
 - 2 GiB RAM
 - 40 GB of disk space for the container or mounted as a persistent volume on /home/steam/cs2-dedicated/
 
-Default login for the rcon panel is `cspanel:v67ic55x4ghvjfj`.
+Default login for the rcon panel is `cspanel:v67ic55x4ghvjfj`. You can change this via environment variables.
 
 > [!TIP]
-> If you restart the container, the CS2 server will automatically pull and install updates. So may configure a cronjob to regularly restart the container to keep your CS2 dedicated server up-to-date.
+> If you restart the container, the CS2 server will automatically pull and install updates. So may configure a cronjob to regularly restart the container to keep your CS2 dedicated server up-to-date.

examples/cs2-dedicated-server/docker-compose.yml

@@ -41,8 +41,11 @@ services:
       #- 27020:27020/udp        # UDP
 
   cs2-rconpanel:
-    image: soren90/rcon-panel
+    image: ghcr.io/l4rm4nd/cs2-rcon-panel:latest
     container_name: cs2-rcon-panel
+    environment:
+      - USERNAME=cspanel # change this
+      - PASSWORD=v67ic55x4ghvjfj # change this
     ports:
       - 3000:3000
     restart: unless-stopped

examples/immich/.env

@@ -1,5 +1,5 @@
 # Versioning
-IMMICH_VERSION=v1.135.2
+IMMICH_VERSION=v1.135.3
 
 # Database
 DB_HOSTNAME=immich-database

examples/traefik/docker-compose-command-config.yml

@@ -74,7 +74,7 @@ services:
       - docker-proxynet
 
   socket-proxy:
-    image: lscr.io/linuxserver/socket-proxy:1.26.2
+    image: lscr.io/linuxserver/socket-proxy:latest
     container_name: socket-proxy
     environment:
       - CONTAINERS=1

examples/traefik/docker-compose.yml

@@ -35,7 +35,7 @@ services:
       - docker-proxynet
 
   socket-proxy:
-    image: lscr.io/linuxserver/socket-proxy:1.26.2
+    image: lscr.io/linuxserver/socket-proxy:latest
     container_name: socket-proxy
     environment:
       - CONTAINERS=1

examples/traefik/traefik.yml

@@ -17,7 +17,7 @@ log:
 #  plugins:
 #    bouncer:
 #      moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
-#      version: v1.4.2
+#      version: v1.4.4
 
 #metrics:
 #  influxDB2: