refactor Authelia

authelia/docker-compose.yml

@@ -5,7 +5,7 @@ networks:
 
 services:
   authelia:
-    image: authelia/authelia:latest
+    image: authelia/authelia:4.37.5
     container_name: authelia
     volumes:
       - ./config:/config
@@ -14,6 +14,19 @@ services:
     environment:
       - TZ=UTC
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:9091/api/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    resources:
+      limits:
+        cpus: '0.5'
+        memory: 512M
+      reservations:
+        cpus: '0.25'
+        memory: 256M
     labels:
       - "traefik.enable=true"
       # The URL where you will actually log in
@@ -21,8 +34,6 @@ services:
       - "traefik.http.routers.authelia.entrypoints=websecure"
       - "traefik.http.routers.authelia.tls.certresolver=myresolver"
       - "traefik.http.services.authelia.loadbalancer.server.port=9091"
-
-# --- ADD THESE THREE LINES BELOW ---
       - "traefik.http.middlewares.authelia-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.quangkhai.ch/"
       - "traefik.http.middlewares.authelia-auth.forwardauth.trustForwardHeader=true"
       - "traefik.http.middlewares.authelia-auth.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"