-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.authentik.yml
More file actions
109 lines (99 loc) · 3.52 KB
/
docker-compose.authentik.yml
File metadata and controls
109 lines (99 loc) · 3.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
volumes:
authentik-db-data:
services:
model-registration:
depends_on:
authentik-server:
condition: service_healthy
authentik-worker:
condition: service_healthy
authentik-db:
restart: always
image: postgres:15-alpine
environment:
POSTGRES_DB: ${AUTHENTIK_DB_NAME}
POSTGRES_USER: ${AUTHENTIK_DB_USER}
POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD}
volumes:
- authentik-db-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${AUTHENTIK_DB_USER}"]
interval: 10s
timeout: 5s
retries: 5
authentik-server:
restart: always
image: ghcr.io/goauthentik/server:2025.6.4
command: server
ports:
- "${AUTHENTIK_PORT:-9000}:9000"
labels:
- "traefik.enable=true"
- "traefik.http.routers.authentik.rule=PathPrefix(`/authentik`)"
- "traefik.http.services.authentik.loadbalancer.server.port=9000"
- "traefik.http.routers.authentik.entrypoints=web"
- "traefik.http.routers.authentik-secure.rule=PathPrefix(`/authentik`)"
- "traefik.http.routers.authentik-secure.entrypoints=websecure"
- "traefik.http.routers.authentik-secure.tls=true"
- "traefik.http.routers.authentik-secure.service=authentik"
environment:
# Bootstrap configuration
AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD}
AUTHENTIK_BOOTSTRAP_EMAIL: ${AUTHENTIK_BOOTSTRAP_EMAIL}
AUTHENTIK_BOOTSTRAP_TOKEN: ${AUTHENTIK_BOOTSTRAP_TOKEN}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
# Database configuration
AUTHENTIK_POSTGRESQL__HOST: authentik-db
AUTHENTIK_POSTGRESQL__PORT: 5432
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_DB_NAME}
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_DB_USER}
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
# Redis configuration (reuses main channel-layer)
AUTHENTIK_REDIS__HOST: channel-layer
AUTHENTIK_REDIS__PORT: 6379
# Authentik configuration
AUTHENTIK_LOG_LEVEL: info
AUTHENTIK_WEB__PATH: /authentik/
AUTHENTIK_DISABLE_UPDATE_CHECK: "true"
depends_on:
authentik-db:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "ak healthcheck || exit 1"]
interval: 10s
timeout: 5s
retries: 30
start_period: 90s
authentik-worker:
restart: always
image: ghcr.io/goauthentik/server:2025.6.4
command: worker
environment:
# Bootstrap configuration
AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD}
AUTHENTIK_BOOTSTRAP_EMAIL: ${AUTHENTIK_BOOTSTRAP_EMAIL}
AUTHENTIK_BOOTSTRAP_TOKEN: ${AUTHENTIK_BOOTSTRAP_TOKEN}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
# Database configuration
AUTHENTIK_POSTGRESQL__HOST: authentik-db
AUTHENTIK_POSTGRESQL__PORT: 5432
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_DB_NAME}
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_DB_USER}
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
# Redis configuration
AUTHENTIK_REDIS__HOST: channel-layer
AUTHENTIK_REDIS__PORT: 6379
# Authentik configuration
AUTHENTIK_LOG_LEVEL: info
AUTHENTIK_DISABLE_UPDATE_CHECK: "true"
volumes:
- ./oidc/authentik/generated/oasis-blueprint.yaml:/blueprints/oasis-blueprint.yaml:ro
depends_on:
authentik-db:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "ak healthcheck || exit 1"]
interval: 10s
timeout: 5s
retries: 10
start_period: 60s