# documentation: https://docs.goauthentik.io/docs/installation/docker-compose # slogan: An open-source Identity Provider, focused on flexibility and versatility. # tags: identity,login,user,oauth,openid,oidc,authentication,saml,auth0,okta # logo: svgs/authentik.png # port: 9000 version: "3.4" services: postgresql: image: docker.io/library/postgres:12-alpine restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d authentik -U $${SERVICE_USER_POSTGRESQL}"] interval: 2s timeout: 10s retries: 15 volumes: - authentik-db:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL} - POSTGRES_USER=${SERVICE_USER_POSTGRESQL} - POSTGRES_DB=authentik redis: image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] interval: 2s timeout: 10s retries: 15 volumes: - redis:/data authentik-server: image: ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.2.2} restart: unless-stopped command: server environment: - SERVICE_FQDN_AUTHENTIKSERVER_9000 - AUTHENTIK_REDIS__HOST=redis - AUTHENTIK_POSTGRESQL__HOST=postgresql - AUTHENTIK_POSTGRESQL__USER=${SERVICE_USER_POSTGRESQL} - AUTHENTIK_POSTGRESQL__NAME=authentik - AUTHENTIK_POSTGRESQL__PASSWORD=${SERVICE_PASSWORD_POSTGRESQL} - AUTHENTIK_SECRET_KEY=${SERVICE_PASSWORD_64_AUTHENTIKSERVER} - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED:-true} - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST} - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT} - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME} - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD} - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS} - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL} - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT} - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM} volumes: - ./media:/media - ./custom-templates:/templates depends_on: - postgresql - redis authentik-worker: image: ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.2.2} restart: unless-stopped command: worker environment: - AUTHENTIK_REDIS__HOST=redis - AUTHENTIK_POSTGRESQL__HOST=postgresql - AUTHENTIK_POSTGRESQL__USER=${SERVICE_USER_POSTGRESQL} - AUTHENTIK_POSTGRESQL__NAME=authentik - AUTHENTIK_POSTGRESQL__PASSWORD=${SERVICE_PASSWORD_POSTGRESQL} - AUTHENTIK_SECRET_KEY=${SERVICE_PASSWORD_64_AUTHENTIKSERVER} - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED} - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST} - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT} - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME} - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD} - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS} - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL} - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT} - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM} # `user: root` and the docker socket volume are optional. # See more for the docker socket integration here: # https://goauthentik.io/docs/outposts/integrations/docker # Removing `user: root` also prevents the worker from fixing the permissions # on the mounted folders, so when removing this make sure the folders have the correct UID/GID # (1000:1000 by default) user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates depends_on: - postgresql - redis