feat: SeaweedFS 替代 MinIO,Authentik ForwardAuth,多服务升级
新增: - SeaweedFS v4.28 替代 MinIO (域名 file.xiteng.site) - Authentik Outpost (Uptime Kuma + SeaweedFS 独立实例) - ForwardAuth 为 Uptime Kuma 和 SeaweedFS 提供认证 - gpu-exporter.py 监控脚本 升级: - Traefik v3.6 → v3.7 - Authentik 固定版本 2026.5.0 + trusted proxy CIDR - HedgeDoc PG 11 → 16,添加 OIDC 认证 - Homepage 添加 OIDC 认证 安全: - Outpost token 迁移至 .env 引用(不再硬编码) - .gitignore 扩展覆盖数据/缓存/旧 MinIO - security.toml 清理注释掉的旧密钥 移除: - MinIO(已全部迁移至 SeaweedFS)
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
authentik:
|
||||
image: ghcr.io/goauthentik/server:latest
|
||||
image: ghcr.io/goauthentik/server:2026.5.0
|
||||
container_name: authentik
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
@@ -14,6 +14,7 @@ services:
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
|
||||
AUTHENTIK_AVATARS: none
|
||||
AUTHENTIK_LOG_LEVEL: info
|
||||
AUTHENTIK_SECURITY__TRUSTED_PROXY_CIDR: 172.18.0.0/16
|
||||
volumes:
|
||||
- ./media:/media
|
||||
- ./custom-templates:/templates
|
||||
@@ -25,6 +26,10 @@ services:
|
||||
- "traefik.http.routers.authentik.entrypoints=websecure"
|
||||
- "traefik.http.routers.authentik.tls=true"
|
||||
- "traefik.http.routers.authentik.tls.certresolver=cfresolver"
|
||||
# 强制 X-Forwarded-Proto 为 https(Tunnel 走 HTTP:80 入口,Traefik 不知道外层是 HTTPS)
|
||||
- "traefik.http.middlewares.force-https-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
||||
- "traefik.http.routers.authentik.middlewares=force-https-headers"
|
||||
- "traefik.http.routers.authentik-http.middlewares=force-https-headers"
|
||||
# --- HTTP 入口 ---
|
||||
- "traefik.http.routers.authentik-http.rule=Host(`auth.xiteng.site`)"
|
||||
- "traefik.http.routers.authentik-http.service=authentik"
|
||||
|
||||
Reference in New Issue
Block a user