From 8f07d2906dca2d3871cab73cf10c8e1aff4f648e Mon Sep 17 00:00:00 2001 From: Spoffy Date: Fri, 26 Jul 2024 16:44:40 +0100 Subject: [PATCH] Makes small improvements to basic-auth setup --- .../configs/traefik-dynamic-config.yml | 25 +------------------ .../docker-compose.yml | 13 ++++++---- 2 files changed, 9 insertions(+), 29 deletions(-) diff --git a/docker-compose-examples/grist-traefik-basic-auth/configs/traefik-dynamic-config.yml b/docker-compose-examples/grist-traefik-basic-auth/configs/traefik-dynamic-config.yml index d77000e6..210b9051 100644 --- a/docker-compose-examples/grist-traefik-basic-auth/configs/traefik-dynamic-config.yml +++ b/docker-compose-examples/grist-traefik-basic-auth/configs/traefik-dynamic-config.yml @@ -10,27 +10,4 @@ http: # E.g: `htpasswd -nB test@example.org` users: # The default username is "test@example.org". The default password is "test". - - "test@example.org:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - routers: - # General router for almost all Grist traffic. - general: - entrypoints: - - web - - websecure - rule: "HostRegexp(`.*`)" - service: grist@docker - tls: - certresolver: letsencrypt - - # Separate Traefik router for the login pages. - # This allows a user to visit the site without hitting the basic auth login page. - login: - entrypoints: - - web - - websecure - rule: "PathPrefix(`/auth/login`) || PathPrefix(`/_oauth`)" - middlewares: - - grist-basic-auth - service: grist@docker - tls: - certresolver: letsencrypt \ No newline at end of file + - "test@example.org:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" \ No newline at end of file diff --git a/docker-compose-examples/grist-traefik-basic-auth/docker-compose.yml b/docker-compose-examples/grist-traefik-basic-auth/docker-compose.yml index 97cf5071..bd8ca015 100644 --- a/docker-compose-examples/grist-traefik-basic-auth/docker-compose.yml +++ b/docker-compose-examples/grist-traefik-basic-auth/docker-compose.yml @@ -13,8 +13,6 @@ services: grist: image: gristlabs/grist:latest environment: - # Use Python 3 instead of 2. - PYTHON_VERSION: 3 # Sets the header to look at for authentication GRIST_FORWARD_AUTH_HEADER: X-Forwarded-User # Forces Grist to only use a single team called 'Example' @@ -22,7 +20,7 @@ services: # Force users to login (disable anonymous access) GRIST_FORCE_LOGIN: true # Base URL Grist redirects to when navigating. Change this to your domain. - APP_HOME_URL: https://localhost + APP_HOME_URL: https://grist.localhost # Default email for the "Admin" account GRIST_DEFAULT_EMAIL: test@example.org volumes: @@ -30,6 +28,11 @@ services: - ./grist_local_data:/persist labels: - "traefik.http.services.grist.loadbalancer.server.port=8484" + - "traefik.http.routers.grist.rule=Host(`grist.localhost`)" + - "traefik.http.routers.grist.tls.certresolver=letsencrypt" + - "traefik.http.routers.grist-auth.rule=Host(`grist.localhost`) && (PathPrefix(`/auth/login`) || PathPrefix(`/_oauth`))" + - "traefik.http.routers.grist-auth.middlewares=grist-basic-auth@file" + - "traefik.http.routers.grist-auth.tls.certresolver=letsencrypt" traefik: image: traefik:latest @@ -44,8 +47,8 @@ services: - ./configs/traefik-config.yml:/etc/traefik/traefik.yml # Set the config file for the dynamic config, such as middleware. - ./configs/traefik-dynamic-config.yml:/etc/traefik/dynamic/dynamic-config.yml - # You may want to put state somewhere other than /tmp :-) - - /tmp/grist/acme:/acme + # Certificate location, if automatic certificate setup is enabled. + - ./configs/acme:/acme # Traefik needs docker access when configured via docker labels. - /var/run/docker.sock:/var/run/docker.sock depends_on: