* Switched from Authelia to Google OAuth. Authelia seemed to have too…

… much overhead for a single user environment.

* updated README

README.md

@@ -2,19 +2,23 @@
 
 This is the updated docker-compose repo of all the media and home server apps described in the following guides on our website:
 
-- Docker Media Server with Traefik 2 Reverse Proxy: [https://www.smarthomebeginner.com/traefik-2-docker-tutorial/](https://www.smarthomebeginner.com/traefik-2-docker-tutorial/)
-- Cloudflare Settings for Traefik Docker: DDNS, CNAMEs, & Tweaks: [https://www.smarthomebeginner.com/cloudflare-settings-for-traefik-docker/](https://www.smarthomebeginner.com/cloudflare-settings-for-traefik-docker/)
-- Synology Docker Media Server with Traefik, Docker Compose, and Cloudflare: [https://www.smarthomebeginner.com/synology-docker-media-server/](https://www.smarthomebeginner.com/synology-docker-media-server/)
-- Google OAuth 2 MFA Protection for Docker - [https://www.smarthomebeginner.com/google-oauth-with-traefik-docker/](https://www.smarthomebeginner.com/google-oauth-with-traefik-docker/)
-- Authelia MFA Protection for Docker - [https://www.smarthomebeginner.com/docker-authelia-tutorial/](https://www.smarthomebeginner.com/docker-authelia-tutorial/)
-- Traefik Docker Security Best Practices - [https://www.smarthomebeginner.com/traefik-docker-security-best-practices/](https://www.smarthomebeginner.com/traefik-docker-security-best-practices/)
+- [Docker Media Server with Traefik 2 Reverse Proxy](https://www.smarthomebeginner.com/traefik-2-docker-tutorial/)
+- [WordPress on Docker with Nginx, Traefik, LE SSL, Security, and Speed](https://www.smarthomebeginner.com/wordpress-on-docker-traefik/)
+- [Synology Docker Media Server with Traefik, Docker Compose, and Cloudflare](https://www.smarthomebeginner.com/synology-docker-media-server/)
 
-### Old Posts:
+<strong>Supporting Articles:</strong>
+
+- [Cloudflare Settings for Traefik Docker: DDNS, CNAMEs, & Tweaks](https://www.smarthomebeginner.com/cloudflare-settings-for-traefik-docker/)
+- [Google OAuth 2 MFA Protection for Docker](https://www.smarthomebeginner.com/google-oauth-with-traefik-docker/)
+- [Authelia MFA Protection for Docker](https://www.smarthomebeginner.com/docker-authelia-tutorial/)
+- [Traefik Docker Security Best Practices](https://www.smarthomebeginner.com/traefik-docker-security-best-practices/)
+
+### Obsolete Posts:
 
 The following posts have been combined and updated for Traefik v2 (linked above):
 
-- Docker Media Server without Reverse Proxy (- [https://www.smarthomebeginner.com/docker-home-media-server-2018-basic/](https://www.smarthomebeginner.com/docker-home-media-server-2018-basic/)
-- Docker Media Server with Traefik 1 Reverse Proxy - [https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/](https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/)
+- [Docker Media Server without Reverse Proxy ](https://www.smarthomebeginner.com/docker-home-media-server-2018-basic/)
+- [Docker Media Server with Traefik 1 Reverse Proxy](https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/)
 
 ## A Note on Traefik 1 vs Traefik 2?
 

docker-compose-t2.yml

@@ -98,7 +98,7 @@ services:
       # Automatically set Host rule for services
       # - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
       - --providers.docker.exposedByDefault=false
-      # - --entrypoints.https.http.middlewares=chain-authelia@file
+      # - --entrypoints.https.http.middlewares=chain-oauth@file
       - --entrypoints.https.http.tls.options=tls-opts@file
       # Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services
       - --entrypoints.https.http.tls.certresolver=dns-cloudflare
@@ -178,7 +178,7 @@ services:
       #- "traefik.http.routers.ping.tls=true"
       #- "traefik.http.routers.ping.service=ping@internal"
       ## Middlewares
-      - "traefik.http.routers.traefik-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.traefik-rtr.middlewares=chain-oauth@file"
 
   # Docker Socket Proxy - Security Enchanced Proxy for Docker Socket
   socket-proxy:
@@ -343,7 +343,7 @@ services:
       - "traefik.http.routers.organizr-rtr.entrypoints=https"
       - "traefik.http.routers.organizr-rtr.rule=Host(`$DOMAINNAME`) || Host(`www.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.organizr-rtr.middlewares=organizr-redirect@docker,chain-authelia@file"
+      - "traefik.http.routers.organizr-rtr.middlewares=organizr-redirect@docker,chain-oauth@file"
         # Redirect non-www to www middleware
       - "traefik.http.middlewares.organizr-redirect.redirectregex.regex=^https?://$DOMAINNAME/(.*)"
       - "traefik.http.middlewares.organizr-redirect.redirectregex.replacement=https://www.$DOMAINNAME/$${1}"
@@ -376,7 +376,7 @@ services:
       - "traefik.http.routers.heimdall-rtr.entrypoints=https"
       - "traefik.http.routers.heimdall-rtr.rule=Host(`heimdall.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.heimdall-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.heimdall-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.heimdall-rtr.service=heimdall-svc"
       - "traefik.http.services.heimdall-svc.loadbalancer.server.port=80"
@@ -400,7 +400,7 @@ services:
       - "traefik.http.routers.autoindex-rtr.entrypoints=https"
       - "traefik.http.routers.autoindex-rtr.rule=Host(`index.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.autoindex-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.autoindex-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.autoindex-rtr.service=autoindex-svc"
       - "traefik.http.services.autoindex-svc.loadbalancer.server.port=80"
@@ -536,7 +536,7 @@ services:
       - "traefik.http.routers.phpmyadmin-rtr.entrypoints=https"
       - "traefik.http.routers.phpmyadmin-rtr.rule=Host(`pma.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.phpmyadmin-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.phpmyadmin-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.phpmyadmin-rtr.service=phpmyadmin-svc"
       - "traefik.http.services.phpmyadmin-svc.loadbalancer.server.port=80"
@@ -564,7 +564,7 @@ services:
       - "traefik.http.routers.rediscommander-rtr.entrypoints=https"
       - "traefik.http.routers.rediscommander-rtr.rule=Host(`rediscom.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.rediscommander-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.rediscommander-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.rediscommander-rtr.service=rediscommander-svc"
       - "traefik.http.services.rediscommander-svc.loadbalancer.server.port=8081"
@@ -591,7 +591,7 @@ services:
       - "traefik.http.routers.grafana-rtr.entrypoints=https"
       - "traefik.http.routers.grafana-rtr.rule=Host(`grafana.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.grafana-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.grafana-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.grafana-rtr.service=grafana-svc"
       - "traefik.http.services.grafana-svc.loadbalancer.server.port=3000"
@@ -628,7 +628,7 @@ services:
       - "traefik.http.routers.jdownloader-rtr.entrypoints=https"
       - "traefik.http.routers.jdownloader-rtr.rule=Host(`jdown.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.jdownloader-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.jdownloader-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.jdownloader-rtr.service=jdownloader-svc"
       - "traefik.http.services.jdownloader-svc.loadbalancer.server.port=5800"
@@ -734,7 +734,7 @@ services:
       - "traefik.http.routers.sabnzbd-rtr.priority=99"
       ## Middlewares
       - "traefik.http.routers.sabnzbd-rtr-bypass.middlewares=chain-no-auth@file"
-      - "traefik.http.routers.sabnzbd-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.sabnzbd-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.sabnzbd-rtr.service=sabnzbd-svc"
       - "traefik.http.routers.sabnzbd-rtr-bypass.service=sabnzbd-svc"
@@ -769,7 +769,7 @@ services:
       - "traefik.http.routers.jackett-rtr.entrypoints=https"
       - "traefik.http.routers.jackett-rtr.rule=Host(`jackett.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.jackett-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.jackett-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.jackett-rtr.service=jackett-svc"
       - "traefik.http.services.jackett-svc.loadbalancer.server.port=9117"
@@ -798,7 +798,7 @@ services:
       - "traefik.http.routers.hydra-rtr.entrypoints=https"
       - "traefik.http.routers.hydra-rtr.rule=Host(`hydra.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.hydra-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.hydra-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.hydra-rtr.service=hydra-svc"
       - "traefik.http.services.hydra-svc.loadbalancer.server.port=5076"
@@ -838,7 +838,7 @@ services:
       - "traefik.http.routers.lidarr-rtr.priority=99"
       ## Middlewares
       - "traefik.http.routers.lidarr-rtr-bypass.middlewares=chain-no-auth@file"
-      - "traefik.http.routers.lidarr-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.lidarr-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.lidarr-rtr.service=lidarr-svc"
       - "traefik.http.routers.lidarr-rtr-bypass.service=lidarr-svc"
@@ -879,7 +879,7 @@ services:
       - "traefik.http.routers.radarr-rtr.priority=99"
       ## Middlewares
       - "traefik.http.routers.radarr-rtr-bypass.middlewares=chain-no-auth@file"
-      - "traefik.http.routers.radarr-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.radarr-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.radarr-rtr.service=radarr-svc"
       - "traefik.http.routers.radarr-rtr-bypass.service=radarr-svc"
@@ -920,7 +920,7 @@ services:
       - "traefik.http.routers.sonarr-rtr.priority=99"
       ## Middlewares
       - "traefik.http.routers.sonarr-rtr-bypass.middlewares=chain-no-auth@file"
-      - "traefik.http.routers.sonarr-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.sonarr-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.sonarr-rtr.service=sonarr-svc"
       - "traefik.http.routers.sonarr-rtr-bypass.service=sonarr-svc"
@@ -954,7 +954,7 @@ services:
       - "traefik.http.routers.lazylibrarian-rtr.entrypoints=https"
       - "traefik.http.routers.lazylibrarian-rtr.rule=Host(`lazy.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.lazylibrarian-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.lazylibrarian-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.lazylibrarian-rtr.service=lazylibrarian-svc"
       - "traefik.http.services.lazylibrarian-svc.loadbalancer.server.port=5299"
@@ -989,7 +989,7 @@ services:
       - "traefik.http.routers.calibre-web-rtr.entrypoints=https"
       - "traefik.http.routers.calibre-web-rtr.rule=Host(`calweb.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.calibre-web-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.calibre-web-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.calibre-web-rtr.service=calibre-web-svc"
       - "traefik.http.services.calibre-web-svc.loadbalancer.server.port=8083"
@@ -1024,7 +1024,7 @@ services:
       - "traefik.http.routers.calibre-rtr.entrypoints=https"
       - "traefik.http.routers.calibre-rtr.rule=Host(`calibre.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.calibre-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.calibre-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.calibre-rtr.service=calibre-svc"
       - "traefik.http.services.calibre-svc.loadbalancer.server.port=8080"
@@ -1236,7 +1236,7 @@ services:
       - "traefik.http.routers.tautulli-rtr.entrypoints=https"
       - "traefik.http.routers.tautulli-rtr.rule=Host(`tautulli.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.tautulli-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.tautulli-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.tautulli-rtr.service=tautulli-svc"
       - "traefik.http.services.tautulli-svc.loadbalancer.server.port=8181"
@@ -1279,7 +1279,7 @@ services:
       - "traefik.http.routers.photoshow-rtr.entrypoints=https"
       - "traefik.http.routers.photoshow-rtr.rule=Host(`photoshow.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.photoshow-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.photoshow-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.photoshow-rtr.service=photoshow-svc"
       - "traefik.http.services.photoshow-svc.loadbalancer.server.port=80"
@@ -1310,7 +1310,7 @@ services:
       - "traefik.http.routers.bazarr-rtr.entrypoints=https"
       - "traefik.http.routers.bazarr-rtr.rule=Host(`bazarr.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.bazarr-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.bazarr-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.bazarr-rtr.service=bazarr-svc"
       - "traefik.http.services.bazarr-svc.loadbalancer.server.port=6767"
@@ -1344,7 +1344,7 @@ services:
       - "traefik.http.routers.picard-rtr.entrypoints=https"
       - "traefik.http.routers.picard-rtr.rule=Host(`picard.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.picard-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.picard-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.picard-rtr.service=picard-svc"
       - "traefik.http.services.picard-svc.loadbalancer.server.port=5800"
@@ -1382,7 +1382,7 @@ services:
       - "traefik.http.routers.handbrake-rtr.entrypoints=https"
       - "traefik.http.routers.handbrake-rtr.rule=Host(`handbrake.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.handbrake-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.handbrake-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.handbrake-rtr.service=handbrake-svc"
       - "traefik.http.services.handbrake-svc.loadbalancer.server.port=5800"
@@ -1417,7 +1417,7 @@ services:
       - "traefik.http.routers.mkvtoolnix-rtr.entrypoints=https"
       - "traefik.http.routers.mkvtoolnix-rtr.rule=Host(`mkvtoolnix.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.mkvtoolnix-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.mkvtoolnix-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.mkvtoolnix-rtr.service=mkvtoolnix-svc"
       - "traefik.http.services.mkvtoolnix-svc.loadbalancer.server.port=5800"
@@ -1454,7 +1454,7 @@ services:
       - "traefik.http.routers.makemkv-rtr.entrypoints=https"
       - "traefik.http.routers.makemkv-rtr.rule=Host(`makemkv.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.makemkv-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.makemkv-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.makemkv-rtr.service=makemkv-svc"
       - "traefik.http.services.makemkv-svc.loadbalancer.server.port=5800"
@@ -1492,7 +1492,7 @@ services:
       - "traefik.http.routers.filebot-rtr.entrypoints=https"
       - "traefik.http.routers.filebot-rtr.rule=Host(`filebot.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.filebot-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.filebot-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.filebot-rtr.service=filebot-svc"
       - "traefik.http.services.filebot-svc.loadbalancer.server.port=5800"
@@ -1525,7 +1525,7 @@ services:
       - "traefik.http.routers.duplicati-rtr.entrypoints=https"
       - "traefik.http.routers.duplicati-rtr.rule=Host(`duplicati.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.duplicati-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.duplicati-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.duplicati-rtr.service=duplicati-svc"
       - "traefik.http.services.duplicati-svc.loadbalancer.server.port=8200"
@@ -1564,7 +1564,7 @@ services:
       - "traefik.http.routers.firefox-rtr.entrypoints=https"
       - "traefik.http.routers.firefox-rtr.rule=Host(`firefox.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.firefox-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.firefox-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.firefox-rtr.service=firefox-svc"
       - "traefik.http.services.firefox-svc.loadbalancer.server.port=5800"
@@ -1599,7 +1599,7 @@ services:
       - "traefik.http.routers.glances-rtr.entrypoints=https"
       - "traefik.http.routers.glances-rtr.rule=Host(`nglances.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.glances-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.glances-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.glances-rtr.service=glances-svc"
       - "traefik.http.services.glances-svc.loadbalancer.server.port=61208"
@@ -1655,7 +1655,7 @@ services:
       - "traefik.http.routers.qdirstat-rtr.entrypoints=https"
       - "traefik.http.routers.qdirstat-rtr.rule=Host(`qdirstat.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.qdirstat-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.qdirstat-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.qdirstat-rtr.service=qdirstat-svc"
       - "traefik.http.services.qdirstat-svc.loadbalancer.server.port=5800"
@@ -1689,7 +1689,7 @@ services:
       - "traefik.http.routers.guacamole-rtr.entrypoints=https"
       - "traefik.http.routers.guacamole-rtr.rule=Host(`guac.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.guacamole-rtr.middlewares=chain-authelia@file,add-guacamole"
+      - "traefik.http.routers.guacamole-rtr.middlewares=chain-oauth@file,add-guacamole"
       - "traefik.http.middlewares.add-guacamole.addPrefix.prefix=/guacamole"
       ## HTTP Services
       - "traefik.http.routers.guacamole-rtr.service=guacamole-svc"
@@ -1733,7 +1733,7 @@ services:
       - "traefik.http.routers.dozzle-rtr.entrypoints=https"
       - "traefik.http.routers.dozzle-rtr.rule=Host(`dozzle.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.dozzle-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.dozzle-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.dozzle-rtr.service=dozzle-svc"
       - "traefik.http.services.dozzle-svc.loadbalancer.server.port=8080"
@@ -1802,7 +1802,7 @@ services:
       - "traefik.http.routers.vscode-rtr.entrypoints=https"
       - "traefik.http.routers.vscode-rtr.rule=Host(`code.$DOMAINNAME`)"
       ## Middlewares
-      - "traefik.http.routers.vscode-rtr.middlewares=chain-authelia@file"
+      - "traefik.http.routers.vscode-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.vscode-rtr.service=vscode-svc"
       - "traefik.http.services.vscode-svc.loadbalancer.server.port=8080"