valknar/stacks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add api stack with freepik and facefusion behind forwardAuth

Browse Source 
Traefik routes api.pivoine.art/freepik and /facefusion to their
respective containers with path rewriting, shared API token auth
via an nginx sidecar, and api-rate-limit middleware.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Sebastian Krüger
2026-02-16 15:51:06 +01:00
parent cd46be7d45
commit 4a09dce2c0
2 changed files with 83 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
api/auth.conf.template Normal file
View File

@@ -0,0 +1,9 @@
server {
listen 8080;
location / {
if ($http_x_api_key != '${API_TOKEN}') {
return 401;
}
return 200;
}
}

74
api/compose.yml Normal file
View File

@@ -0,0 +1,74 @@
services:
auth:
image: nginx:alpine
container_name: api_auth
volumes:
- ./auth.conf.template:/etc/nginx/templates/default.conf.template:ro
environment:
- API_TOKEN=${API_TOKEN}
restart: always
networks:
- compose_network
freepik:
image: dev.pivoine.art/valknar/freepik-api:latest
container_name: api_freepik
environment:
- FP_FREEPIK_API_KEY=${FP_FREEPIK_API_KEY}
- FP_WEBHOOK_SECRET=${FP_WEBHOOK_SECRET}
volumes:
- ../.data/api/freepik/outputs:/app/outputs
- ../.data/api/freepik/temp:/app/temp
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.api-redirect-web-secure.redirectscheme.scheme=https"
- "traefik.http.middlewares.api-auth.forwardauth.address=http://api_auth:8080"
- "traefik.http.middlewares.api-freepik-strip.stripprefix.prefixes=/freepik"
- "traefik.http.middlewares.api-freepik-addprefix.addprefix.prefix=/api/v1"
- "traefik.http.routers.api-freepik-web.rule=Host(`${TRAEFIK_HOST}`) && PathPrefix(`/freepik`)"
- "traefik.http.routers.api-freepik-web.entrypoints=web"
- "traefik.http.routers.api-freepik-web.middlewares=api-redirect-web-secure"
- "traefik.http.routers.api-freepik-web-secure.rule=Host(`${TRAEFIK_HOST}`) && PathPrefix(`/freepik`)"
- "traefik.http.routers.api-freepik-web-secure.entrypoints=web-secure"
- "traefik.http.routers.api-freepik-web-secure.tls.certresolver=resolver"
- "traefik.http.routers.api-freepik-web-secure.middlewares=api-auth,api-freepik-strip,api-freepik-addprefix,api-rate-limit@file"
- "traefik.http.services.api-freepik-web-secure.loadbalancer.server.port=8000"
- "traefik.docker.network=${NETWORK_NAME}"
- "com.centurylinklabs.watchtower.enable=true"
networks:
- compose_network
facefusion:
image: dev.pivoine.art/valknar/facefusion-api:latest
container_name: api_facefusion
environment:
- FF_EXECUTION_PROVIDERS=["cpu"]
volumes:
- ../.data/api/facefusion/uploads:/app/uploads
- ../.data/api/facefusion/outputs:/app/outputs
- ../.data/api/facefusion/models:/app/models
- ../.data/api/facefusion/temp:/app/temp
- ../.data/api/facefusion/jobs:/app/jobs
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.api-facefusion-strip.stripprefix.prefixes=/facefusion"
- "traefik.http.middlewares.api-facefusion-addprefix.addprefix.prefix=/api/v1"
- "traefik.http.routers.api-facefusion-web.rule=Host(`${TRAEFIK_HOST}`) && PathPrefix(`/facefusion`)"
- "traefik.http.routers.api-facefusion-web.entrypoints=web"
- "traefik.http.routers.api-facefusion-web.middlewares=api-redirect-web-secure"
- "traefik.http.routers.api-facefusion-web-secure.rule=Host(`${TRAEFIK_HOST}`) && PathPrefix(`/facefusion`)"
- "traefik.http.routers.api-facefusion-web-secure.entrypoints=web-secure"
- "traefik.http.routers.api-facefusion-web-secure.tls.certresolver=resolver"
- "traefik.http.routers.api-facefusion-web-secure.middlewares=api-auth,api-facefusion-strip,api-facefusion-addprefix,api-rate-limit@file"
- "traefik.http.services.api-facefusion-web-secure.loadbalancer.server.port=8000"
- "traefik.docker.network=${NETWORK_NAME}"
- "com.centurylinklabs.watchtower.enable=true"
networks:
- compose_network
networks:
compose_network:
name: ${NETWORK_NAME}
external: true