services:
  authelia:
    container_name: 'authelia'
    image: 'authelia/authelia'
    restart: 'unless-stopped'
    networks:
      - traefik
    environment:
      TZ: "Asia/Shanghai"
    labels:
      traefik.enable: true
      traefik.docker.network: traefik

      traefik.http.services.authelia.loadbalancer.healthcheck.path: /api/health
      traefik.http.services.authelia.loadbalancer.healthcheck.interval: 10s

      traefik.http.middlewares.authelia.forwardAuth.address: 'http://authelia:9091/api/authz/forward-auth'
      traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader: 'true'
      traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders: 'Remote-User,Remote-Groups,Remote-Email,Remote-Name'
      traefik.http.routers.authelia.rule: 'Host(`auth.example.com`)'
      traefik.http.routers.authelia.entryPoints: 'https'
      traefik.http.routers.authelia.tls: 'true'
    volumes:
      - /etc/localtime:/etc/localtime:ro
      # - /etc/timezone:/etc/timezone:ro
      - '${PWD}/config:/config'
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9091/api/health"]
      interval: 10s
      timeout: 3s
      retries: 3
      start_period: 5s
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
networks:
  traefik:
    external: true