Micha
dc26eb313c
Mealie-Container konnte auth.kaleschke.info nicht aufloesen/erreichen (httpx.ConnectTimeout beim OIDC-Discovery). extra_hosts-Muster wie Komodo. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
85 lines
2.5 KiB
YAML
85 lines
2.5 KiB
YAML
services:
|
|
mealie:
|
|
image: ghcr.io/mealie-recipes/mealie:v3.19.2@sha256:f68e959bf66f4f458893ea58facac71690fe6f2ac7a31466b5cecb41b4e99c02
|
|
container_name: mealie
|
|
restart: unless-stopped
|
|
|
|
# OIDC: Authelia ueber Host-LAN-IP -> Traefik erreichbar (Container-DNS loest
|
|
# auth.kaleschke.info sonst nicht; gleiches Muster wie Komodo. SNI bleibt der
|
|
# Hostname, Let's-Encrypt-Cert validiert weiter.
|
|
extra_hosts:
|
|
- "auth.kaleschke.info:192.168.178.58"
|
|
|
|
environment:
|
|
TZ: Europe/Berlin
|
|
ALLOW_SIGNUP: "false"
|
|
PUID: "99"
|
|
PGID: "100"
|
|
|
|
DB_ENGINE: postgres
|
|
POSTGRES_SERVER: mealie-postgres
|
|
POSTGRES_DB: mealie
|
|
POSTGRES_USER: mealie
|
|
POSTGRES_PASSWORD: ${MEALIE_POSTGRES_PASSWORD}
|
|
|
|
BASE_URL: https://mealie.kaleschke.info
|
|
|
|
# --- Authelia OIDC SSO (additiv, 2026-06-06; lokaler Login bleibt) ---
|
|
OIDC_AUTH_ENABLED: "true"
|
|
OIDC_PROVIDER_NAME: Authelia
|
|
OIDC_CONFIGURATION_URL: https://auth.kaleschke.info/.well-known/openid-configuration
|
|
OIDC_CLIENT_ID: mealie
|
|
OIDC_CLIENT_SECRET: ${MEALIE_OIDC_CLIENT_SECRET}
|
|
OIDC_SIGNUP_ENABLED: "true"
|
|
OIDC_AUTO_REDIRECT: "false"
|
|
OIDC_REMEMBER_ME: "true"
|
|
|
|
volumes:
|
|
- /mnt/user/appdata/mealie/data:/app/data
|
|
|
|
networks:
|
|
- frontend_net
|
|
- mealie_internal
|
|
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.docker.network=frontend_net
|
|
- traefik.http.routers.mealie.rule=Host(`mealie.kaleschke.info`)
|
|
- traefik.http.routers.mealie.entrypoints=websecure
|
|
- traefik.http.routers.mealie.tls=true
|
|
- traefik.http.routers.mealie.tls.certresolver=le
|
|
- traefik.http.services.mealie.loadbalancer.server.port=9000
|
|
|
|
mealie-postgres:
|
|
image: postgres:18.4@sha256:8ff36f3c66371cba71d20ceedccfc3de9669a68737607888c4ef0af93abe8e39
|
|
container_name: mealie-postgres
|
|
restart: unless-stopped
|
|
|
|
environment:
|
|
TZ: Europe/Berlin
|
|
POSTGRES_USER: mealie
|
|
POSTGRES_DB: mealie
|
|
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
|
|
PGDATA: /var/lib/postgresql/18/docker
|
|
|
|
volumes:
|
|
- /mnt/user/appdata/mealie/postgres18:/var/lib/postgresql
|
|
- /mnt/user/appdata/secrets/mealie_postgres_password.txt:/run/secrets/postgres_password:ro
|
|
|
|
networks:
|
|
- mealie_internal
|
|
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
networks:
|
|
frontend_net:
|
|
external: true
|
|
|
|
mealie_internal:
|
|
driver: bridge
|
|
internal: true
|