2024-03-09 21:50:56 +00:00
|
|
|
# documentation: https://docs.goauthentik.io/docs/installation/docker-compose
|
2024-04-16 10:42:12 +00:00
|
|
|
# slogan: An open-source Identity Provider, focused on flexibility and versatility.
|
2024-03-09 21:50:56 +00:00
|
|
|
# tags: identity,login,user,oauth,openid,oidc,authentication,saml,auth0,okta
|
|
|
|
# logo: svgs/authentik.png
|
2024-04-16 10:42:12 +00:00
|
|
|
# port: 9000
|
2024-03-09 21:50:56 +00:00
|
|
|
|
|
|
|
services:
|
|
|
|
postgresql:
|
|
|
|
image: docker.io/library/postgres:12-alpine
|
|
|
|
restart: unless-stopped
|
|
|
|
healthcheck:
|
2024-06-20 17:39:41 +00:00
|
|
|
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
2024-04-16 10:42:12 +00:00
|
|
|
interval: 2s
|
|
|
|
timeout: 10s
|
|
|
|
retries: 15
|
2024-03-09 21:50:56 +00:00
|
|
|
volumes:
|
2024-04-16 10:42:12 +00:00
|
|
|
- authentik-db:/var/lib/postgresql/data
|
2024-03-09 21:50:56 +00:00
|
|
|
environment:
|
2024-04-16 10:42:12 +00:00
|
|
|
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}
|
|
|
|
- POSTGRES_USER=${SERVICE_USER_POSTGRESQL}
|
|
|
|
- POSTGRES_DB=authentik
|
2024-03-09 21:50:56 +00:00
|
|
|
redis:
|
|
|
|
image: docker.io/library/redis:alpine
|
|
|
|
command: --save 60 1 --loglevel warning
|
|
|
|
restart: unless-stopped
|
|
|
|
healthcheck:
|
|
|
|
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
2024-04-16 10:42:12 +00:00
|
|
|
interval: 2s
|
|
|
|
timeout: 10s
|
|
|
|
retries: 15
|
2024-03-09 21:50:56 +00:00
|
|
|
volumes:
|
|
|
|
- redis:/data
|
|
|
|
authentik-server:
|
|
|
|
image: ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.2.2}
|
|
|
|
restart: unless-stopped
|
|
|
|
command: server
|
|
|
|
environment:
|
2024-04-16 10:42:12 +00:00
|
|
|
- SERVICE_FQDN_AUTHENTIKSERVER_9000
|
|
|
|
- AUTHENTIK_REDIS__HOST=redis
|
|
|
|
- AUTHENTIK_POSTGRESQL__HOST=postgresql
|
|
|
|
- AUTHENTIK_POSTGRESQL__USER=${SERVICE_USER_POSTGRESQL}
|
|
|
|
- AUTHENTIK_POSTGRESQL__NAME=authentik
|
|
|
|
- AUTHENTIK_POSTGRESQL__PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}
|
|
|
|
- AUTHENTIK_SECRET_KEY=${SERVICE_PASSWORD_64_AUTHENTIKSERVER}
|
|
|
|
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED:-true}
|
|
|
|
- AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
|
|
|
|
- AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
|
|
|
|
- AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
|
|
|
|
- AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
|
|
|
|
- AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
|
|
|
|
- AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
|
|
|
|
- AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
|
|
|
|
- AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
|
2024-03-09 21:50:56 +00:00
|
|
|
volumes:
|
|
|
|
- ./media:/media
|
|
|
|
- ./custom-templates:/templates
|
|
|
|
depends_on:
|
2024-06-20 17:39:41 +00:00
|
|
|
postgresql:
|
|
|
|
condition: service_healthy
|
|
|
|
redis:
|
|
|
|
condition: service_healthy
|
2024-03-09 21:50:56 +00:00
|
|
|
authentik-worker:
|
|
|
|
image: ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.2.2}
|
|
|
|
restart: unless-stopped
|
|
|
|
command: worker
|
|
|
|
environment:
|
2024-04-16 10:42:12 +00:00
|
|
|
- AUTHENTIK_REDIS__HOST=redis
|
|
|
|
- AUTHENTIK_POSTGRESQL__HOST=postgresql
|
|
|
|
- AUTHENTIK_POSTGRESQL__USER=${SERVICE_USER_POSTGRESQL}
|
|
|
|
- AUTHENTIK_POSTGRESQL__NAME=authentik
|
|
|
|
- AUTHENTIK_POSTGRESQL__PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}
|
|
|
|
- AUTHENTIK_SECRET_KEY=${SERVICE_PASSWORD_64_AUTHENTIKSERVER}
|
|
|
|
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
|
|
|
|
- AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
|
|
|
|
- AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
|
|
|
|
- AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
|
|
|
|
- AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
|
|
|
|
- AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
|
|
|
|
- AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
|
|
|
|
- AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
|
|
|
|
- AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
|
2024-03-09 21:50:56 +00:00
|
|
|
# `user: root` and the docker socket volume are optional.
|
|
|
|
# See more for the docker socket integration here:
|
|
|
|
# https://goauthentik.io/docs/outposts/integrations/docker
|
|
|
|
# Removing `user: root` also prevents the worker from fixing the permissions
|
|
|
|
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
|
|
|
|
# (1000:1000 by default)
|
|
|
|
user: root
|
|
|
|
volumes:
|
|
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
- ./media:/media
|
|
|
|
- ./certs:/certs
|
|
|
|
- ./custom-templates:/templates
|
|
|
|
depends_on:
|
2024-06-20 17:39:41 +00:00
|
|
|
postgresql:
|
|
|
|
condition: service_healthy
|
|
|
|
redis:
|
|
|
|
condition: service_healthy
|