services:
  lldap:
    image: "lldap/lldap:latest"
    container_name: "Lldap"
    hostname: "lldap"
    restart: "unless-stopped"
    #user: "10001:10001"
    environment:
      UID: "10001"
      GID: "10001"
      #LLDAP_LDAP_BASE_DN: "dc=unixyourbrain,dc=org"
      #LLDAP_LDAPS_OPTIONS__ENABLED: true
      #LLDAP_LDAPS_OPTIONS__CERT_FILE: "/ssl/cert.crt"
      #LLDAP_LDAPS_OPTIONS__KEY_FILE: "/ssl/key.pem"
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "/data/docker/lldap-prod-3/data:/data:rw"
      #- "/data/docker/lldap-prod-1/ssl:/ssl:ro"
    ports:
      - "127.0.0.1:3890:3890"
      - "10.0.0.1:17170:17170"
    networks:
      lldap-authelia:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.lldap.entrypoints=websecure"
      - "traefik.http.routers.lldap.rule=Host(`lldap.unixyourbrain.org`)"
      - "traefik.http.routers.lldap.tls=true"
      - "traefik.http.routers.lldap.tls.certresolver=letsencrypt"
      - "traefik.http.routers.lldap.middlewares=authelia"
      - "traefik.http.services.lldap.loadbalancer.server.port=17170"
      - "traefik.http.services.lldap.loadbalancer.server.scheme=http"   

  authelia:
    image: "authelia/authelia:latest"
    container_name: "Authelia"
    hostname: "authelia"
    restart: "unless-stopped"
    user: "10002:10002"
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "/data/docker/authelia-prod-3/config/:/config:rw"
      - "/data/docker/authelia-prod-3/data/:/data:rw"
    ports:
      - "127.0.0.1:9091:9091"
    networks:
      lldap-authelia:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.authelia.entrypoints=websecure"
      - "traefik.http.routers.authelia.rule=Host(`accounts.unixyourbrain.org`)"
      - "traefik.http.routers.authelia.tls.certresolver=letsencrypt"
      - "traefik.http.services.authelia.loadbalancer.server.port=9091"
      - "traefik.http.services.authelia.loadbalancer.server.scheme=http"
      - 'traefik.http.middlewares.authelia.forwardAuth.address=http://127.0.0.1:9091/api/authz/forward-auth'
      - 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
      - "traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true"
      - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name'

networks:
  lldap-authelia:
    name: lldap-authelia