---
services:
  authelia:
    image: authelia/authelia:${AUTHELIA_VERSION}
    container_name: authelia
    volumes:
      - './data/secrets:/secrets:ro'
      - './data/config:/config'
      - './data/logs/authelia.log:{{ container_authelia_log_file_path }}'
    networks:
      traefik:
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.authelia.entrypoints=http"
      - "traefik.http.routers.authelia.rule=Host(`${AUTHELIA_DOMAIN:?error}`)"
      - "traefik.http.middlewares.authelia-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.authelia.middlewares=authelia-https-redirect"
      - "traefik.http.routers.authelia-secure.entrypoints=https"
      - "traefik.http.routers.authelia-secure.rule=Host(`${AUTHELIA_DOMAIN:?error}`)"
      - "traefik.http.routers.authelia-secure.tls=true"
      - "traefik.http.routers.authelia-secure.service=authelia"
      - "traefik.http.services.authelia.loadbalancer.server.port=9091"
      # Authelia Middleware
      - "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth"
      - "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true"
      - "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
    environment:
      TZ: 'EUROPE/BERLIN'
      X_AUTHELIA_CONFIG_FILTERS: 'template'

networks:
  traefik:
    external: true