docker-projects/authentik/compose.yml

# https://goauthentik.io/

# secure and flexible solution for managing your identity needs. It covers both B2B and B2C use cases, supports various protocols and workflows, and lets you own your data and control your infrastructure.
# To start the initial setup, navigate to http://<your server's IP or hostname>:9000/if/flow/initial-setup/.

name: authentik

services:
  postgres:
    image: docker.io/library/postgres:16.3
    container_name: authentik-db
    environment:
      - POSTGRES_USER=${POSTGRES_USER:-authentik}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-authentik}
      - POSTGRES_DB=${POSTGRES_DB:-authentik}
      - TZ=${TZ:-UTC}
    healthcheck:
      test:
        [
          'CMD-SHELL',
          'pg_isready -U "${POSTGRES_USER:-authentik}"'
        ]
      start_period: 30s
      interval: 10s
      timeout: 10s
      retries: 5
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped
    networks:
      - proxy
  redis:
    image: docker.io/library/redis:7.2.5
    container_name: authentik-redis
    command: --save 60 1 --loglevel warning
    healthcheck:
      test: [ "CMD-SHELL", "redis-cli ping | grep PONG" ]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - redis_data:/data
    restart: unless-stopped
    networks:
      - proxy
  server:
    image: ghcr.io/goauthentik/server:2024.6.1
    container_name: authentik-server
    command: server
    environment:
      - AUTHENTIK_REDIS__HOST=authentik-redis
      - AUTHENTIK_POSTGRESQL__HOST=authentik-db
      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:-authentik}
      # (Required)  To generate a secret key run the following command:
      #             echo $(openssl rand -base64 32)
      - AUTHENTIK_SECRET_KEY=MbcOqluK2LVkGtM9zI111PQSaGnqZvYEFnwf8EL8raA=
      # (Optional)  Enable Error Reporting
      # - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
      # (Optional)  Enable Email Sending
      # - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
      # - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
      # - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
      # - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
      # - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
      # - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
      # - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
      # - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
    ports:
      - 9001:9000
      - 9443:9443
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
    depends_on:
      - postgres
      - redis
    restart: unless-stopped
    networks:
      - proxy
  worker:
    image: ghcr.io/goauthentik/server:2024.6.1
    container_name: authentik-worker
    command: worker
    environment:
      - AUTHENTIK_REDIS__HOST=authentik-redis
      - AUTHENTIK_POSTGRESQL__HOST=authentik-db
      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:-authentik}
      # (Required)  To generate a secret key run the following command:
      #             echo $(openssl rand -base64 32)
      - AUTHENTIK_SECRET_KEY=MbcOqluK2LVkGtM9zI111PQSaGnqZvYEFnwf8EL8raA=
      # (Optional)  Enable Error Reporting
      # - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
      # (Optional)  Enable Email Sending
      # - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
      # - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
      # - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
      # - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
      # - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
      # - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
      # - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
      # - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
      # (Optional)  When using the docker socket integration
      #             See more for the docker socket integration here:
      #             https://goauthentik.io/docs/outposts/integrations/docker
      # user: root
    volumes:
      # (Optional)  When using the docker socket integration
      # - /run/docker.sock:/run/docker.sock
      - ./media:/media
      - ./certs:/certs
      - ./custom-templates:/templates
    depends_on:
      - postgres
      - redis
    restart: unless-stopped
    networks:
      - proxy

networks:
  proxy:
    external: true

volumes:
  postgres_data:
    driver: local
  redis_data:
    driver: local