|
|
@@ -0,0 +1,110 @@
|
|
|
+---
|
|
|
+services:
|
|
|
+ postgres:
|
|
|
+ image: postgres:16.2
|
|
|
+ container_name: authentik-db
|
|
|
+ environment:
|
|
|
+ - POSTGRES_USER=${POSTGRES_USER:-authentik}
|
|
|
+ - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?error}
|
|
|
+ - POSTGRES_DB=${POSTGRES_DB:-authentik}
|
|
|
+ - TZ=${TZ:-UTC}
|
|
|
+ healthcheck:
|
|
|
+ test: ['CMD-SHELL', 'pg_isready -U "${POSTGRES_USER:-authentik}"']
|
|
|
+ start_period: 30s
|
|
|
+ interval: 10s
|
|
|
+ timeout: 10s
|
|
|
+ retries: 5
|
|
|
+ volumes:
|
|
|
+ - postgres_data:/var/lib/postgresql/data
|
|
|
+ restart: unless-stopped
|
|
|
+ redis:
|
|
|
+ image: redis:7.2.4
|
|
|
+ container_name: authentik-redis
|
|
|
+ command: --save 60 1 --loglevel warning
|
|
|
+ healthcheck:
|
|
|
+ test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
|
|
+ start_period: 20s
|
|
|
+ interval: 30s
|
|
|
+ retries: 5
|
|
|
+ timeout: 3s
|
|
|
+ volumes:
|
|
|
+ - redis_data:/data
|
|
|
+ restart: unless-stopped
|
|
|
+ server:
|
|
|
+ image: ghcr.io/goauthentik/server:2024.2.2
|
|
|
+ container_name: authentik-server
|
|
|
+ command: server
|
|
|
+ environment:
|
|
|
+ - AUTHENTIK_REDIS__HOST=authentik-redis
|
|
|
+ - AUTHENTIK_POSTGRESQL__HOST=authentik-db
|
|
|
+ - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
|
|
|
+ - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
|
|
|
+ - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:?error}
|
|
|
+ # (Required) To generate a secret key run the following command:
|
|
|
+ # echo $(openssl rand -base64 32)
|
|
|
+ - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?error}
|
|
|
+ # (Optional) Enable Error Reporting
|
|
|
+ # - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
|
|
|
+ # (Optional) Enable Email Sending
|
|
|
+ # - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
|
|
|
+ # - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
|
|
|
+ # - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
|
|
|
+ # - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
|
|
|
+ # - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
|
|
|
+ # - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
|
|
|
+ # - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
|
|
|
+ # - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
|
|
|
+ ports:
|
|
|
+ - 9000:9000
|
|
|
+ - 9443:9443
|
|
|
+ volumes:
|
|
|
+ - ./media:/media
|
|
|
+ - ./custom-templates:/templates
|
|
|
+ depends_on:
|
|
|
+ - postgres
|
|
|
+ - redis
|
|
|
+ restart: unless-stopped
|
|
|
+ worker:
|
|
|
+ image: ghcr.io/goauthentik/server:2024.2.2
|
|
|
+ container_name: authentik-worker
|
|
|
+ command: worker
|
|
|
+ environment:
|
|
|
+ - AUTHENTIK_REDIS__HOST=authentik-redis
|
|
|
+ - AUTHENTIK_POSTGRESQL__HOST=authentik-db
|
|
|
+ - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
|
|
|
+ - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
|
|
|
+ - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:?error}
|
|
|
+ # (Required) To generate a secret key run the following command:
|
|
|
+ # echo $(openssl rand -base64 32)
|
|
|
+ - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?error}
|
|
|
+ # (Optional) Enable Error Reporting
|
|
|
+ # - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
|
|
|
+ # (Optional) Enable Email Sending
|
|
|
+ # - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
|
|
|
+ # - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
|
|
|
+ # - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
|
|
|
+ # - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
|
|
|
+ # - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
|
|
|
+ # - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
|
|
|
+ # - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
|
|
|
+ # - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
|
|
|
+ # (Optional) When using the docker socket integration
|
|
|
+ # See more for the docker socket integration here:
|
|
|
+ # https://goauthentik.io/docs/outposts/integrations/docker
|
|
|
+ # user: root
|
|
|
+ volumes:
|
|
|
+ # (Optional) When using the docker socket integration
|
|
|
+ # - /var/run/docker.sock:/var/run/docker.sock
|
|
|
+ - ./media:/media
|
|
|
+ - ./certs:/certs
|
|
|
+ - ./custom-templates:/templates
|
|
|
+ depends_on:
|
|
|
+ - postgres
|
|
|
+ - redis
|
|
|
+ restart: unless-stopped
|
|
|
+
|
|
|
+volumes:
|
|
|
+ postgres_data:
|
|
|
+ driver: local
|
|
|
+ redis_data:
|
|
|
+ driver: local
|