personal_interest_mirrors/Compose-Examples
1
0
Fork 0
mirror of https://github.com/Haxxnet/Compose-Examples.git synced 2025-12-16 20:08:29 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
cd8ebd40986ff2748a249e8a08dc93aca8324259
Compose-Examples/examples/guacamole/docker-compose-gluetun-traefik-authentik-oidc.yml

88 lines
3.1 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
services:
guacd:
image: guacamole/guacd
container_name: guacamole-guacd
restart: always
depends_on:
- gluetun
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/guacd/drive:/drive:rw
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/guacd/record:/record:rw
network_mode: container:gluetun
postgres:
image: postgres:16-alpine
container_name: guacamole-db
restart: always
depends_on:
- gluetun
environment:
- PGDATA=/var/lib/postgresql/data/guacamole
- POSTGRES_DB=guacamole_db
- POSTGRES_USER=guacamole_user
- POSTGRES_PASSWORD=ChooseYourOwnPasswordHere1234
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/psql/init:/docker-entrypoint-initdb.d:z
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/psql/data:/var/lib/postgresql/data:Z
network_mode: container:gluetun
guacamole:
image: guacamole/guacamole
container_name: guacamole-ui
restart: always
depends_on:
- guacd
- postgres
- gluetun
environment:
- GUACD_HOSTNAME=localhost
- POSTGRESQL_HOSTNAME=localhost
- POSTGRESQL_DATABASE=guacamole_db
- POSTGRESQL_USER=guacamole_user
- POSTGRESQL_PASSWORD=ChooseYourOwnPasswordHere1234
- OPENID_ENABLED=true
- OPENID_AUTHORIZATION_ENDPOINT=https://authentik.example.com/application/o/authorize/
- OPENID_JWKS_ENDPOINT=https://authentik.example.com/application/o/guacamole-oidc/jwks/
- OPENID_ISSUER=https://authentik.example.com/application/o/guacamole-oidc/
- OPENID_CLIENT_ID=<masked>
- OPENID_REDIRECT_URI=https://guacamole.example.com/guacamole
- OPENID_USERNAME_CLAIM_TYPE=preferred_username
- OPENID_SCOPE=openid email profile
network_mode: container:gluetun
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
expose:
- 8080 # guacamole
- 5432 # psql guac
environment:
- VPN_SERVICE_PROVIDER=custom
- VPN_TYPE=wireguard
- DNS_ADDRESS=1.1.1.1,1.0.0.1
- WIREGUARD_ENDPOINT_IP=127.0.0.1 # add your wan ipv4 here of wg server
- WIREGUARD_ENDPOINT_PORT=51820
- WIREGUARD_PUBLIC_KEY='<PUBKEY>' # add your wg public key here
- WIREGUARD_PRIVATE_KEY='<PRIVKEY>' # add your wg private key here
- WIREGUARD_PRESHARED_KEY='<PSK>' # add your wg pre-shared key here
- WIREGUARD_ADDRESSES='0.0.0.0/32' # add your client ipv4/ipv6 here
volumes:
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gluetun/configs/gluetun:/gluetun
restart: always
networks:
- proxy
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.http.routers.guacamole.rule=Host(`guacamole.example.com`) && PathPrefix(`/guacamole`) || Host(`guacamole.example.com`) && PathPrefix(`/outpost.goauthentik.io`)
- traefik.http.routers.guacamole.service=guacamole
- traefik.http.services.guacamole.loadbalancer.server.port=8080
- traefik.http.routers.guacamole.middlewares=authentik@docker
networks:
proxy:
external: true
Reference in New Issue View Git Blame Copy Permalink