networks:
  proxy_tier:
    name: proxy_tier
    external: true

services:
  authelia:
    image: authelia/authelia:4.37.5
    container_name: authelia
    volumes:
      - ./config:/config
    networks:
      - proxy_tier
    environment:
      - TZ=UTC
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:9091/api/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    resources:
      limits:
        cpus: '0.5'
        memory: 512M
      reservations:
        cpus: '0.25'
        memory: 256M
    labels:
      - "traefik.enable=true"
      # The URL where you will actually log in
      - "traefik.http.routers.authelia.rule=Host(`auth.quangkhai.ch`)"
      - "traefik.http.routers.authelia.entrypoints=websecure"
      - "traefik.http.routers.authelia.tls.certresolver=myresolver"
      - "traefik.http.services.authelia.loadbalancer.server.port=9091"
      - "traefik.http.middlewares.authelia-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.quangkhai.ch/"
      - "traefik.http.middlewares.authelia-auth.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.authelia-auth.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"