Ready for TrueNAS+runtipi hosting

- adapt secretes via tipi-compose - add ix-dockge to runtipi-reverse-proxy as an example - added rt.dockge.yml(.bobo) as an example - bobo auth is now working
2025-01-17 13:18:06 -08:00 · 2025-01-17 13:18:06 -08:00 · dd6cc77488
commit dd6cc77488
parent aac1960343
6 changed files with 125 additions and 10 deletions
--- a/_traefik/dynamic/_templates/mw.fwd-auth-sysmgr.yml.bobo
+++ b/_traefik/dynamic/_templates/mw.fwd-auth-sysmgr.yml.bobo
@ -0,0 +1,19 @@
+http:
+  middlewares:
+    authentik_sysmgr:
+      forwardAuth:
+        address: https://auth.avital14.com/outpost.goauthentik.io/auth/traefik
+        trustForwardHeader: true
+        authResponseHeadersRegex: "^[Xx]-[Aa]uthentik"
+        # authResponseHeaders:
+        #   - X-authentik-username
+        #   - X-authentik-groups
+        #   - X-authentik-email
+        #   - X-authentik-name
+        #   - X-authentik-uid
+        #   - X-authentik-jwt
+        #   - X-authentik-meta-jwks
+        #   - X-authentik-meta-outpost
+        #   - X-authentik-meta-provider
+        #   - X-authentik-meta-app
+        #   - X-authentik-meta-version
--- a/_traefik/dynamic/_templates/rt.dockge.yml.bobo
+++ b/_traefik/dynamic/_templates/rt.dockge.yml.bobo
@ -0,0 +1,23 @@
+# http routing section
+http:
+  routers:
+    # Define a connection between requests and services
+    home-assistant:
+      rule: "Host(`dockge.toronto.avital14.com`)" 
+      entrypoints:
+      - websecure
+    # # If the rule matches, applies the middleware
+    # middlewares:
+    # - test-user
+      # If the rule matches, forward to the whoami service (declared below)
+      service: home-assistant
+      tls:
+        certresolver: myresolver
+
+  services:
+    # Define how to reach an existing service on our infrastructure
+    home-assistant:
+      loadBalancer:      
+        servers:
+        - url: "http://dockge:31014"
+        #- address: "ha.lan:8123"