diff --git a/docker-compose.yml b/docker-compose.yml index f157ab8..3a66741 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,84 +8,84 @@ services: image: ${REG}/${REPO_OWNER}/radiusnucleo:latest container_name: radiusnucleo-node-1 environment: - - VLAN_ID=2 - - MAX_UP=10000000 - - MAX_DOWN=10000000 - - RADIUS_HOST=freeradius - - RADIUS_AUTH_PORT=1812 - - RADIUS_SECRET=${RADIUS_SHARED_SECRET:-tamosbien} - - PGHOST=postgres - - PGPORT=5432 - - PGDATABASE=radius - - PGUSER=radius - - PGPASSWORD=radius + - VLAN_ID=2 + - MAX_UP=10000000 + - MAX_DOWN=10000000 + - RADIUS_HOST=freeradius + - RADIUS_AUTH_PORT=1812 + - RADIUS_SECRET=${RADIUS_SHARED_SECRET:-tamosbien} + - PGHOST=postgres + - PGPORT=5432 + - PGDATABASE=radius + - PGUSER=radius + - PGPASSWORD=radius networks: - principal: - radiusnucleo_radius_net: - aliases: - - node + principal: + radiusnucleo_radius_net: + aliases: + - node labels: - # Habilitar Traefik - - "traefik.enable=true" - - "traefik.docker.network=principal" + # Habilitar Traefik + - "traefik.enable=true" + - "traefik.docker.network=principal" - # Service - Puerto y configuraciones SSE (compartido por ambos routers) - - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.server.port=3000" - - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.passhostheader=true" - - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.responseforwarding.flushinterval=1ms" - - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.serverstransport=wifi-transport@file" + # Service - Puerto y configuraciones SSE (compartido por ambos routers) + - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.server.port=3000" + - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.passhostheader=true" + - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.responseforwarding.flushinterval=1ms" + - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.serverstransport=wifi-transport@file" - # Router 1: Público (assets, manifest, icons) - SIN autenticación - ALTA PRIORIDAD - # NOTA: /outpost.goauthentik.io NO debe estar aquí, lo maneja el middleware de Authentik - - "traefik.http.routers.wifi-nucleoriofrio-public.rule=Host(`wifi.nucleoriofrio.com`) && (PathPrefix(`/assets`) || PathPrefix(`/.well-known`) || PathPrefix(`/icons`) || Path(`/manifest.webmanifest`) || Path(`/manifest.json`) || Path(`/favicon.ico`) || Path(`/vite.svg`) || Path(`/sw.js`))" - - "traefik.http.routers.wifi-nucleoriofrio-public.entrypoints=websecure" - - "traefik.http.routers.wifi-nucleoriofrio-public.tls.certresolver=letsencrypt" - - "traefik.http.routers.wifi-nucleoriofrio-public.service=wifi-nucleoriofrio-service" - - "traefik.http.routers.wifi-nucleoriofrio-public.priority=100" - - "traefik.http.routers.wifi-nucleoriofrio-public.middlewares=wifi-headers@docker" + # Router 1: Público (assets, manifest, icons) - SIN autenticación - ALTA PRIORIDAD + # NOTA: /outpost.goauthentik.io NO debe estar aquí, lo maneja el middleware de Authentik + - "traefik.http.routers.wifi-nucleoriofrio-public.rule=Host(`wifi.nucleoriofrio.com`) && (PathPrefix(`/assets`) || PathPrefix(`/.well-known`) || PathPrefix(`/icons`) || Path(`/manifest.webmanifest`) || Path(`/manifest.json`) || Path(`/favicon.ico`) || Path(`/vite.svg`) || Path(`/sw.js`))" + - "traefik.http.routers.wifi-nucleoriofrio-public.entrypoints=websecure" + - "traefik.http.routers.wifi-nucleoriofrio-public.tls.certresolver=letsencrypt" + - "traefik.http.routers.wifi-nucleoriofrio-public.service=wifi-nucleoriofrio-service" + - "traefik.http.routers.wifi-nucleoriofrio-public.priority=100" + - "traefik.http.routers.wifi-nucleoriofrio-public.middlewares=wifi-headers@docker" - # Router 2: Principal (todo lo demás) - CON autenticación - BAJA PRIORIDAD - - "traefik.http.routers.wifi-nucleoriofrio.rule=Host(`wifi.nucleoriofrio.com`)" - - "traefik.http.routers.wifi-nucleoriofrio.entrypoints=websecure" - - "traefik.http.routers.wifi-nucleoriofrio.tls.certresolver=letsencrypt" - - "traefik.http.routers.wifi-nucleoriofrio.service=wifi-nucleoriofrio-service" - - "traefik.http.routers.wifi-nucleoriofrio.priority=10" - - "traefik.http.routers.wifi-nucleoriofrio.middlewares=authentik-forward-auth@file,wifi-headers@docker" + # Router 2: Principal (todo lo demás) - CON autenticación - BAJA PRIORIDAD + - "traefik.http.routers.wifi-nucleoriofrio.rule=Host(`wifi.nucleoriofrio.com`)" + - "traefik.http.routers.wifi-nucleoriofrio.entrypoints=websecure" + - "traefik.http.routers.wifi-nucleoriofrio.tls.certresolver=letsencrypt" + - "traefik.http.routers.wifi-nucleoriofrio.service=wifi-nucleoriofrio-service" + - "traefik.http.routers.wifi-nucleoriofrio.priority=10" + - "traefik.http.routers.wifi-nucleoriofrio.middlewares=authentik-forward-auth@file,wifi-headers@docker" - # Middleware: wifi-headers - - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https" - - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Scheme=https" + # Middleware: wifi-headers + - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Scheme=https" - freeradius: - build: ./freeradius - image: ${REG}/${REPO_OWNER}/radiusnucleo-freeradius:latest - depends_on: - - radiusnucleo-node - - postgres - restart: unless-stopped - ports: - - "1812:1812/udp" - - "1813:1813/udp" - - "3799:3799/udp" - environment: - - RADIUS_CLIENTS_CIDR=${RADIUS_CLIENTS_CIDR:-192.168.87.0/24} - - RADIUS_SHARED_SECRET=${RADIUS_SHARED_SECRET:-tamosbien} - networks: - - radiusnucleo_radius_net - - principal + freeradius: + build: ./freeradius + image: ${REG}/${REPO_OWNER}/radiusnucleo-freeradius:latest + depends_on: + - radiusnucleo-node + - postgres + restart: unless-stopped + ports: + - "1812:1812/udp" + - "1813:1813/udp" + - "3799:3799/udp" + environment: + - RADIUS_CLIENTS_CIDR=${RADIUS_CLIENTS_CIDR:-192.168.87.0/24} + - RADIUS_SHARED_SECRET=${RADIUS_SHARED_SECRET:-tamosbien} + networks: + - radiusnucleo_radius_net + - principal - postgres: - image: postgres:16-alpine - environment: - - POSTGRES_DB=radius - - POSTGRES_USER=radius - - POSTGRES_PASSWORD=radius - volumes: - - postgres_data:/var/lib/postgresql/data - - ./postgres/init:/docker-entrypoint-initdb.d:ro - networks: - - radiusnucleo_radius_net - - principal + postgres: + image: postgres:16-alpine + environment: + - POSTGRES_DB=radius + - POSTGRES_USER=radius + - POSTGRES_PASSWORD=radius + volumes: + - postgres_data:/var/lib/postgresql/data + - ./postgres/init:/docker-entrypoint-initdb.d:ro + networks: + - radiusnucleo_radius_net + - principal networks: principal: @@ -94,4 +94,4 @@ networks: external: true volumes: - postgres_data: \ No newline at end of file + postgres_data: