services:
rauthy:
image: ghcr.io/sebadob/rauthy:latest
container_name: rauthy
networks:
rauthy_net:
ipv4_address: 10.11.1.2
restart: unless-stopped
ports:
- 45800:8080
volumes:
- /etc/localtime:/etc/localtime:ro
- ./config.toml:/app/config.toml
- ./data:/app/data
logging:
driver: json-file
options:
max-size: 10m
max-file: 2
networks:
rauthy_net:
ipam:
config:
- subnet: 10.11.1.0/24
sudo rm -rf data/
mkdir data/
sudo chmod 0600 config.toml
sudo chmod 0700 data
sudo chown -R 10001:10001 config.toml data
sudo chmod a+w data/
[bootstrap]
admin_email = "xxxx@523860.xyz"
[cluster]
node_id = 1
nodes = ["1 localhost:8100 localhost:8200"]
secret_raft = "c757ea664c9aaa34a80cbc8d9a75168cef40b76bd5f54f6dbe5e9b92218b2de4"
secret_api = "c757ea664c9aaa34a80cbc8d9a75168cef40b76bd5f54f6dbe5e9b92218b2de4"
wal_ignore_lock = true
[email]
smtp_url = "mail.xxx.xxx"
smtp_port = 465
smtp_username = "user-name"
smtp_password = "password"
smtp_from = "Rauthy <mlinux@523860.xyz>"
[encryption]
keys = ["975d1f46/dzkkwFa1xwYnb1I00YWn7FeBvhhHgkPttLRiZvwDtLA="]
key_active = "975d1f46"
[events]
email = "xxxxx@523860.xyz"
[server]
scheme = "http"
pub_url = "rau.pearlau.eu.org"
proxy_mode = true
trusted_proxies = ['10.11.1.1/32']
[webauthn]
rp_id = "rau.pearlau.eu.org"
rp_origin = "https://rau.pearlau.eu.org:443"
[mfa]
admin_force_mfa = false
[i18n]
filter_lang_common = ['en', 'de', 'zhhans', 'ko']
filter_lang_admin = ['en', 'de', 'zhhans', 'ko']
[user_registration]
enable = true
domain_restriction = "523860.xyz"
rauthy.137800.xyz {
encode
tls {
protocols tls1.3
curves x25519
}
route {
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
Referrer-Policy no-referrer-when-downgrade
}
reverse_proxy localhost:45800 {
header_up Host {host}
header_up X-Real-IP {remote}
}
}
}
