docker-projects/authentik/compose.yml

# https://goauthentik.io/

# secure and flexible solution for managing your identity needs. It covers both B2B and B2C use cases, supports various protocols and workflows, and lets you own your data and control your infrastructure.
# To start the initial setup, navigate to http://<your server's IP or hostname>:9000/if/flow/initial-setup/.

name: authentik

services:
  postgres:
    image: docker.io/library/postgres:16.3
    container_name: authentik-db
    environment:
      - POSTGRES_USER=${POSTGRES_USER:-authentik}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-authentik}
      - POSTGRES_DB=${POSTGRES_DB:-authentik}
      - TZ=${TZ:-UTC}
    healthcheck:
      test:
        [
          'CMD-SHELL',
          'pg_isready -U "${POSTGRES_USER:-authentik}"'
        ]
      start_period: 30s
      interval: 10s
      timeout: 10s
      retries: 5
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped
    networks:
      - proxy
  redis:
    image: docker.io/library/redis:7.2.5
    container_name: authentik-redis
    command: --save 60 1 --loglevel warning
    healthcheck:
      test: [ "CMD-SHELL", "redis-cli ping | grep PONG" ]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - redis_data:/data
    restart: unless-stopped
    networks:
      - proxy
  server:
    image: ghcr.io/goauthentik/server:2024.6.1
    container_name: authentik-server
    command: server
    environment:
      - AUTHENTIK_REDIS__HOST=authentik-redis
      - AUTHENTIK_POSTGRESQL__HOST=authentik-db
      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:-authentik}
      # (Required)  To generate a secret key run the following command:
      #             echo $(openssl rand -base64 32)
      - AUTHENTIK_SECRET_KEY=MbcOqluK2LVkGtM9zI111PQSaGnqZvYEFnwf8EL8raA=
      # (Optional)  Enable Error Reporting
      # - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
      # (Optional)  Enable Email Sending
      # - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
      # - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
      # - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
      # - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
      # - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
      # - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
      # - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
      # - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
    ports:
      - 9001:9000
      - 9443:9443
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
    depends_on:
      - postgres
      - redis
    restart: unless-stopped
    networks:
      - proxy
  worker:
    image: ghcr.io/goauthentik/server:2024.6.1
    container_name: authentik-worker
    command: worker
    environment:
      - AUTHENTIK_REDIS__HOST=authentik-redis
      - AUTHENTIK_POSTGRESQL__HOST=authentik-db
      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:-authentik}
      # (Required)  To generate a secret key run the following command:
      #             echo $(openssl rand -base64 32)
      - AUTHENTIK_SECRET_KEY=MbcOqluK2LVkGtM9zI111PQSaGnqZvYEFnwf8EL8raA=
      # (Optional)  Enable Error Reporting
      # - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
      # (Optional)  Enable Email Sending
      # - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
      # - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
      # - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
      # - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
      # - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
      # - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
      # - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
      # - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
      # (Optional)  When using the docker socket integration
      #             See more for the docker socket integration here:
      #             https://goauthentik.io/docs/outposts/integrations/docker
      # user: root
    volumes:
      # (Optional)  When using the docker socket integration
      # - /run/docker.sock:/run/docker.sock
      - ./media:/media
      - ./certs:/certs
      - ./custom-templates:/templates
    depends_on:
      - postgres
      - redis
    restart: unless-stopped
    networks:
      - proxy

networks:
  proxy:
    external: true

volumes:
  postgres_data:
    driver: local
  redis_data:
    driver: local
added authentik 2024-07-29 20:31:23 +02:00			`# https://goauthentik.io/`

			`# secure and flexible solution for managing your identity needs. It covers both B2B and B2C use cases, supports various protocols and workflows, and lets you own your data and control your infrastructure.`
			`# To start the initial setup, navigate to http://<your server's IP or hostname>:9000/if/flow/initial-setup/.`

			`name: authentik`

			`services:`
			`postgres:`
			`image: docker.io/library/postgres:16.3`
			`container_name: authentik-db`
			`environment:`
			`- POSTGRES_USER=${POSTGRES_USER:-authentik}`
			`- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-authentik}`
			`- POSTGRES_DB=${POSTGRES_DB:-authentik}`
			`- TZ=${TZ:-UTC}`
			`healthcheck:`
added proxy network updated services in readme updated homepage 2024-07-30 15:53:31 +02:00			`test:`
			`[`
			`'CMD-SHELL',`
			`'pg_isready -U "${POSTGRES_USER:-authentik}"'`
			`]`
added authentik 2024-07-29 20:31:23 +02:00			`start_period: 30s`
			`interval: 10s`
			`timeout: 10s`
			`retries: 5`
			`volumes:`
			`- postgres_data:/var/lib/postgresql/data`
			`restart: unless-stopped`
added proxy network updated services in readme updated homepage 2024-07-30 15:53:31 +02:00			`networks:`
			`- proxy`
added authentik 2024-07-29 20:31:23 +02:00			`redis:`
			`image: docker.io/library/redis:7.2.5`
			`container_name: authentik-redis`
			`command: --save 60 1 --loglevel warning`
			`healthcheck:`
added proxy network updated services in readme updated homepage 2024-07-30 15:53:31 +02:00			`test: [ "CMD-SHELL", "redis-cli ping \| grep PONG" ]`
added authentik 2024-07-29 20:31:23 +02:00			`start_period: 20s`
			`interval: 30s`
			`retries: 5`
			`timeout: 3s`
			`volumes:`
			`- redis_data:/data`
			`restart: unless-stopped`
added proxy network updated services in readme updated homepage 2024-07-30 15:53:31 +02:00			`networks:`
			`- proxy`
added authentik 2024-07-29 20:31:23 +02:00			`server:`
			`image: ghcr.io/goauthentik/server:2024.6.1`
			`container_name: authentik-server`
			`command: server`
			`environment:`
			`- AUTHENTIK_REDIS__HOST=authentik-redis`
			`- AUTHENTIK_POSTGRESQL__HOST=authentik-db`
			`- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}`
			`- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}`
			`- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:-authentik}`
			`# (Required) To generate a secret key run the following command:`
			`# echo $(openssl rand -base64 32)`
			`- AUTHENTIK_SECRET_KEY=MbcOqluK2LVkGtM9zI111PQSaGnqZvYEFnwf8EL8raA=`
			`# (Optional) Enable Error Reporting`
			`# - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}`
			`# (Optional) Enable Email Sending`
			`# - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}`
			`# - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}`
			`# - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}`
			`# - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}`
			`# - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}`
			`# - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}`
			`# - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}`
			`# - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}`
			`ports:`
			`- 9001:9000`
			`- 9443:9443`
			`volumes:`
			`- ./media:/media`
			`- ./custom-templates:/templates`
			`depends_on:`
			`- postgres`
			`- redis`
			`restart: unless-stopped`
added proxy network updated services in readme updated homepage 2024-07-30 15:53:31 +02:00			`networks:`
			`- proxy`
added authentik 2024-07-29 20:31:23 +02:00			`worker:`
			`image: ghcr.io/goauthentik/server:2024.6.1`
			`container_name: authentik-worker`
			`command: worker`
			`environment:`
			`- AUTHENTIK_REDIS__HOST=authentik-redis`
			`- AUTHENTIK_POSTGRESQL__HOST=authentik-db`
			`- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}`
			`- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}`
			`- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:-authentik}`
			`# (Required) To generate a secret key run the following command:`
			`# echo $(openssl rand -base64 32)`
			`- AUTHENTIK_SECRET_KEY=MbcOqluK2LVkGtM9zI111PQSaGnqZvYEFnwf8EL8raA=`
			`# (Optional) Enable Error Reporting`
			`# - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}`
			`# (Optional) Enable Email Sending`
			`# - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}`
			`# - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}`
			`# - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}`
			`# - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}`
			`# - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}`
			`# - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}`
			`# - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}`
			`# - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}`
added proxy network updated services in readme updated homepage 2024-07-30 15:53:31 +02:00			`# (Optional) When using the docker socket integration`
			`# See more for the docker socket integration here:`
			`# https://goauthentik.io/docs/outposts/integrations/docker`
			`# user: root`
added authentik 2024-07-29 20:31:23 +02:00			`volumes:`
			`# (Optional) When using the docker socket integration`
			`# - /run/docker.sock:/run/docker.sock`
			`- ./media:/media`
			`- ./certs:/certs`
			`- ./custom-templates:/templates`
			`depends_on:`
			`- postgres`
			`- redis`
			`restart: unless-stopped`
added proxy network updated services in readme updated homepage 2024-07-30 15:53:31 +02:00			`networks:`
			`- proxy`

			`networks:`
			`proxy:`
			`external: true`
added authentik 2024-07-29 20:31:23 +02:00
			`volumes:`
			`postgres_data:`
			`driver: local`
			`redis_data:`
added proxy network updated services in readme updated homepage 2024-07-30 15:53:31 +02:00			`driver: local`