LBP
/
ChristianLempa_Boilerplates
cermin dari https://github.com/ChristianLempa/boilerplates.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141
							---
name: "Authentik"
description: "An open-source identity and access management solution"
version: "0.0.1"
date: "2023-10-01"
author: "Christian Lempa"
tags:
  - "authentik"
  - "identity"
  - "access"
  - "management"  
---
services:
  server:
    image: ghcr.io/goauthentik/server:2025.6.3
    container_name: authentik-server
    command: server
    environment:
      - AUTHENTIK_REDIS__HOST=authentik-redis
      - AUTHENTIK_POSTGRESQL__HOST=authentik-db
      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:?error}
      # (Required)  To generate a secret key run the following command:
      #             echo $(openssl rand -base64 32)
      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?error}
      # (Optional)  Enable Error Reporting
      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
      # (Optional)  Enable Email Sending
      #             Highly recommended to notify you about alerts and configuration issues.
      - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
      - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
      - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
      - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
      - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
      - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
      - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
      - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
    ports:
      # (Optional)  Remove these, if you're using a reverse proxy like Traefik.
      - 9000:9000
      - 9443:9443
    labels:
      # (Optional)  Enable Traefik integration for the Authentik Web UI. For more information
      #             about integrating other services with Traefik and Authentik, see the
      #             documentation at https://goauthentik.io/docs/outposts/integrations/traefik
      #             and the middleware example files in `docker-compose/traefik/config`.
      - traefik.enable=true
      - traefik.http.services.authentik.loadbalancer.server.port=9000
      - traefik.http.services.authentik.loadbalancer.server.scheme=http
      - traefik.http.routers.authentik.entrypoints=websecure
      - traefik.http.routers.authentik.rule=Host(`your-authentik-fqdn`)
      - traefik.http.routers.authentik.tls=true
      - traefik.http.routers.authentik.tls.certresolver=cloudflare
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
    depends_on:
      - postgres
      - redis
    restart: unless-stopped

  worker:
    image: ghcr.io/goauthentik/server:2025.6.3
    container_name: authentik-worker
    command: worker
    environment:
      - AUTHENTIK_REDIS__HOST=authentik-redis
      - AUTHENTIK_POSTGRESQL__HOST=authentik-db
      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:?error}
      # (Required)  To generate a secret key run the following command:
      #             echo $(openssl rand -base64 32)
      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?error}
      # (Optional)  Enable Error Reporting
      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
      # (Optional)  Enable Email Sending
      #             Highly recommended to notify you about alerts and configuration issues.
      - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
      - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
      - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
      - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
      - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
      - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
      - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
      - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
    # (Optional)  See more for the docker socket integration here:
    #             https://goauthentik.io/docs/outposts/integrations/docker
    user: root
    volumes:
      - /run/docker.sock:/run/docker.sock
      - ./media:/media
      - ./certs:/certs
      - ./custom-templates:/templates
    depends_on:
      - postgres
      - redis
    restart: unless-stopped

  redis:
    image: docker.io/library/redis:8.2.1
    container_name: authentik-redis
    command: --save 60 1 --loglevel warning
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - redis_data:/data
    restart: unless-stopped

  postgres:
    # (Optional) Add a PostgreSQL Database for Authentik
    #   Alternatively, you can host your PostgreSQL database externally, and
    #   change the connection settings in the `authentik-server` and
    #   `authentik-worker`.
    image: docker.io/library/postgres:17.6
    container_name: authentik-db
    environment:
      - POSTGRES_USER=${POSTGRES_USER:-authentik}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?error}
      - POSTGRES_DB=${POSTGRES_DB:-authentik}
      - TZ=${TZ:-UTC}
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U "${POSTGRES_USER:-authentik}"']
      start_period: 30s
      interval: 10s
      timeout: 10s
      retries: 5
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped

volumes:
  postgres_data:
    driver: local
  redis_data:
    driver: local