# https://goauthentik.io/ # secure and flexible solution for managing your identity needs. It covers both B2B and B2C use cases, supports various protocols and workflows, and lets you own your data and control your infrastructure. # To start the initial setup, navigate to http://:9000/if/flow/initial-setup/. name: authentik services: postgres: image: docker.io/library/postgres:16.3 container_name: authentik-db environment: - POSTGRES_USER=${POSTGRES_USER:-authentik} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-authentik} - POSTGRES_DB=${POSTGRES_DB:-authentik} - TZ=${TZ:-UTC} healthcheck: test: [ 'CMD-SHELL', 'pg_isready -U "${POSTGRES_USER:-authentik}"' ] start_period: 30s interval: 10s timeout: 10s retries: 5 volumes: - postgres_data:/var/lib/postgresql/data restart: unless-stopped networks: - proxy redis: image: docker.io/library/redis:7.2.5 container_name: authentik-redis command: --save 60 1 --loglevel warning healthcheck: test: [ "CMD-SHELL", "redis-cli ping | grep PONG" ] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - redis_data:/data restart: unless-stopped networks: - proxy server: image: ghcr.io/goauthentik/server:2024.6.1 container_name: authentik-server command: server environment: - AUTHENTIK_REDIS__HOST=authentik-redis - AUTHENTIK_POSTGRESQL__HOST=authentik-db - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik} - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik} - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:-authentik} # (Required) To generate a secret key run the following command: # echo $(openssl rand -base64 32) - AUTHENTIK_SECRET_KEY=MbcOqluK2LVkGtM9zI111PQSaGnqZvYEFnwf8EL8raA= # (Optional) Enable Error Reporting # - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false} # (Optional) Enable Email Sending # - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error} # - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25} # - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error} # - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error} # - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false} # - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false} # - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10} # - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error} ports: - 9001:9000 - 9443:9443 volumes: - ./media:/media - ./custom-templates:/templates depends_on: - postgres - redis restart: unless-stopped networks: - proxy worker: image: ghcr.io/goauthentik/server:2024.6.1 container_name: authentik-worker command: worker environment: - AUTHENTIK_REDIS__HOST=authentik-redis - AUTHENTIK_POSTGRESQL__HOST=authentik-db - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik} - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik} - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:-authentik} # (Required) To generate a secret key run the following command: # echo $(openssl rand -base64 32) - AUTHENTIK_SECRET_KEY=MbcOqluK2LVkGtM9zI111PQSaGnqZvYEFnwf8EL8raA= # (Optional) Enable Error Reporting # - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false} # (Optional) Enable Email Sending # - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error} # - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25} # - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error} # - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error} # - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false} # - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false} # - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10} # - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error} # (Optional) When using the docker socket integration # See more for the docker socket integration here: # https://goauthentik.io/docs/outposts/integrations/docker # user: root volumes: # (Optional) When using the docker socket integration # - /run/docker.sock:/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates depends_on: - postgres - redis restart: unless-stopped networks: - proxy networks: proxy: external: true volumes: postgres_data: driver: local redis_data: driver: local