Главная Обзор Помощь
Вход
LBP
/
ChristianLempa_Boilerplates
зеркало из https://github.com/ChristianLempa/boilerplates.git
4
0
Ответвить 0
Файлы Задачи 0 Вики
Ветка: backup/boilerplates-v1
Ветки Метки
ChristianLempa_...
/
docker-compose
/
authentik
/
compose.yaml

compose.yaml 5.1 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 
  1. ---
    2. 

  2. services:
    3. 

  3.   server:
    4. 

  4.     image: ghcr.io/goauthentik/server:2025.6.3
    5. 

  5.     container_name: authentik-server
    6. 

  6.     command: server
    7. 

  7.     environment:
    8. 

  8.       - AUTHENTIK_REDIS__HOST=authentik-redis
    9. 

  9.       - AUTHENTIK_POSTGRESQL__HOST=authentik-db
    10. 

  10.       - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
    11. 

  11.       - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
    12. 

  12.       - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:?error}
    13. 

  13.       # (Required)  To generate a secret key run the following command:
    14. 

  14.       #             echo $(openssl rand -base64 32)
    15. 

  15.       - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?error}
    16. 

  16.       # (Optional)  Enable Error Reporting
    17. 

  17.       - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
    18. 

  18.       # (Optional)  Enable Email Sending
    19. 

  19.       #             Highly recommended to notify you about alerts and configuration issues.
    20. 

  20.       - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
    21. 

  21.       - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
    22. 

  22.       - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
    23. 

  23.       - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
    24. 

  24.       - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
    25. 

  25.       - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
    26. 

  26.       - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
    27. 

  27.       - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
    28. 

  28.     ports:
    29. 

  29.       # (Optional)  Remove these, if you're using a reverse proxy like Traefik.
    30. 

  30.       - 9000:9000
    31. 

  31.       - 9443:9443
    32. 

  32.     labels:
    33. 

  33.       # (Optional)  Enable Traefik integration for the Authentik Web UI. For more information
    34. 

  34.       #             about integrating other services with Traefik and Authentik, see the
    35. 

  35.       #             documentation at https://goauthentik.io/docs/outposts/integrations/traefik
    36. 

  36.       #             and the middleware example files in `docker-compose/traefik/config`.
    37. 

  37.       - traefik.enable=true
    38. 

  38.       - traefik.http.services.authentik.loadbalancer.server.port=9000
    39. 

  39.       - traefik.http.services.authentik.loadbalancer.server.scheme=http
    40. 

  40.       - traefik.http.routers.authentik.entrypoints=websecure
    41. 

  41.       - traefik.http.routers.authentik.rule=Host(`your-authentik-fqdn`)
    42. 

  42.       - traefik.http.routers.authentik.tls=true
    43. 

  43.       - traefik.http.routers.authentik.tls.certresolver=cloudflare
    44. 

  44.     volumes:
    45. 

  45.       - ./media:/media
    46. 

  46.       - ./custom-templates:/templates
    47. 

  47.     depends_on:
    48. 

  48.       - postgres
    49. 

  49.       - redis
    50. 

  50.     restart: unless-stopped
    51. 

  51. 

  52.   worker:
    53. 

  53.     image: ghcr.io/goauthentik/server:2025.6.3
    54. 

  54.     container_name: authentik-worker
    55. 

  55.     command: worker
    56. 

  56.     environment:
    57. 

  57.       - AUTHENTIK_REDIS__HOST=authentik-redis
    58. 

  58.       - AUTHENTIK_POSTGRESQL__HOST=authentik-db
    59. 

  59.       - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
    60. 

  60.       - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
    61. 

  61.       - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:?error}
    62. 

  62.       # (Required)  To generate a secret key run the following command:
    63. 

  63.       #             echo $(openssl rand -base64 32)
    64. 

  64.       - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?error}
    65. 

  65.       # (Optional)  Enable Error Reporting
    66. 

  66.       - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
    67. 

  67.       # (Optional)  Enable Email Sending
    68. 

  68.       #             Highly recommended to notify you about alerts and configuration issues.
    69. 

  69.       - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
    70. 

  70.       - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
    71. 

  71.       - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
    72. 

  72.       - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
    73. 

  73.       - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
    74. 

  74.       - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
    75. 

  75.       - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
    76. 

  76.       - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
    77. 

  77.     # (Optional)  See more for the docker socket integration here:
    78. 

  78.     #             https://goauthentik.io/docs/outposts/integrations/docker
    79. 

  79.     user: root
    80. 

  80.     volumes:
    81. 

  81.       - /run/docker.sock:/run/docker.sock
    82. 

  82.       - ./media:/media
    83. 

  83.       - ./certs:/certs
    84. 

  84.       - ./custom-templates:/templates
    85. 

  85.     depends_on:
    86. 

  86.       - postgres
    87. 

  87.       - redis
    88. 

  88.     restart: unless-stopped
    89. 

  89. 

  90.   redis:
    91. 

  91.     image: docker.io/library/redis:8.2.1
    92. 

  92.     container_name: authentik-redis
    93. 

  93.     command: --save 60 1 --loglevel warning
    94. 

  94.     healthcheck:
    95. 

  95.       test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
    96. 

  96.       start_period: 20s
    97. 

  97.       interval: 30s
    98. 

  98.       retries: 5
    99. 

  99.       timeout: 3s
    100. 

  100.     volumes:
    101. 

  101.       - redis_data:/data
    102. 

  102.     restart: unless-stopped
    103. 

  103. 

  104.   postgres:
    105. 

  105.     # (Optional) Add a PostgreSQL Database for Authentik
    106. 

  106.     #   Alternatively, you can host your PostgreSQL database externally, and
    107. 

  107.     #   change the connection settings in the `authentik-server` and
    108. 

  108.     #   `authentik-worker`.
    109. 

  109.     image: docker.io/library/postgres:17.6
    110. 

  110.     container_name: authentik-db
    111. 

  111.     environment:
    112. 

  112.       - POSTGRES_USER=${POSTGRES_USER:-authentik}
    113. 

  113.       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?error}
    114. 

  114.       - POSTGRES_DB=${POSTGRES_DB:-authentik}
    115. 

  115.       - TZ=${TZ:-UTC}
    116. 

  116.     healthcheck:
    117. 

  117.       test: ['CMD-SHELL', 'pg_isready -U "${POSTGRES_USER:-authentik}"']
    118. 

  118.       start_period: 30s
    119. 

  119.       interval: 10s
    120. 

  120.       timeout: 10s
    121. 

  121.       retries: 5
    122. 

  122.     volumes:
    123. 

  123.       - postgres_data:/var/lib/postgresql/data
    124. 

  124.     restart: unless-stopped
    125. 

  125. 

  126. volumes:
    127. 

  127.   postgres_data:
    128. 

  128.     driver: local
    129. 

  129.   redis_data:
    130. 

  130.     driver: local
    131.