Configuration cleanup

docker-compose.yaml

@@ -2,11 +2,13 @@ version: "3.5"
 
 networks:
   web:
+    # All containers that are router through traefik needs to be on this network
     external: false
     name: web
 
 volumes:
   authelia-config:
+    # Used for pre-processing of authelia configuration
 
 services:
   proxy:
@@ -21,26 +23,24 @@ services:
       - web
     command:
       - "--configFile=/data/traefik.yaml"
-    ports:
-      - "80:80"
-      - "443:443"
-      - "8080:8080"
+    ports: 
+      - 80:80
+      - 443:443
+      # Open port 8080 for debugging emergencies
+    # - 8080:8080
     volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock"
-      - "./traefik:/data"
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./traefik:/data
     labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
+      traefik.enable: true
+      traefik.http.services.traefik.loadbalancer.server.port: 8080
 
-      - "traefik.http.routers.traefik.rule=Host(`traefik.${PRIVATE_DOMAIN}`)"
-      - "traefik.http.routers.traefik.middlewares=auth@file"
-      - "traefik.http.routers.traefik.tls.certResolver=le"
-
-      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
-      - "traefik.http.routers.http-catchall.entrypoints=web"
-      - "traefik.http.routers.http-catchall.middlewares=redir@file"
+      traefik.http.routers.traefik.rule: Host(`traefik.${PRIVATE_DOMAIN}`)
+      traefik.http.routers.traefik.middlewares: auth@file
+      traefik.http.routers.traefik.tls.certResolver: le
 
   authelia-config:
+    # Preprocess authelia configuration through gomplate
     image: hairyhenderson/gomplate
     environment:
       - PRIVATE_DOMAIN
@@ -53,7 +53,8 @@ services:
     container_name: authelia
     image: authelia/authelia
     restart: always
-    links:
+    depends_on:
+      # config preprocessor should run first
       - authelia-config
     volumes:
       - ./authelia:/opt/authelia
@@ -64,35 +65,26 @@ services:
     networks:
       - web
     labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.authelia.rule=Host(`auth.${PRIVATE_DOMAIN}`)"
-      - "traefik.http.routers.authelia.tls=true"
-      - "traefik.http.routers.authelia.tls.certResolver=le"
-      - "traefik.http.routers.authelia.entrypoints=websecure"
+      traefik.enable: true
+      traefik.http.routers.authelia.rule: Host(`auth.${PRIVATE_DOMAIN}`)
+      traefik.http.routers.authelia.tls.certResolver: le
+      traefik.http.routers.authelia.entrypoints: websecure
 
-# whoami-http:
-#   image: containous/whoami
-#   networks:
-#     - web
-#   labels:
-#     - "traefik.enable=true"
-#     - "traefik.http.routers.whoami2.rule=Host(`wai-http.${PRIVATE_DOMAIN}`)"
-#
 # whoami-https:
 #   image: containous/whoami
 #   networks:
 #     - web
 #   labels:
-#     - "traefik.enable=true"
-#     - "traefik.http.routers.whoami.rule=Host(`wai-https.${PRIVATE_DOMAIN}`)"
-#     - "traefik.http.routers.whoami.tls.certResolver=le"
+#     traefik.enable: true
+#     traefik.http.routers.wait-https.rule: Host(`wai-https.${PRIVATE_DOMAIN}`)
+#     traefik.http.routers.wait-https.tls.certResolver: le
 
 # whoami-auth:
 #   image: containous/whoami
 #   networks:
 #     - web
 #   labels:
-#     - "traefik.enable=true"
-#     - "traefik.http.routers.wai.rule=Host(`wai-auth.${PRIVATE_DOMAIN}`)"
-#     - "traefik.http.routers.wai.tls.certResolver=le"
-#     - "traefik.http.routers.wai.middlewares=auth@file"
+#     traefik.enable: true
+#     traefik.http.routers.wai-auth.rule: Host(`wai-auth.${PRIVATE_DOMAIN}`)
+#     traefik.http.routers.wai-auth.tls.certResolver: le
+#     traefik.http.routers.wai-auth.middlewares: auth@file