| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 |
- services:
- {{ service_name | default('authentik-server') }}:
- image: ghcr.io/goauthentik/server:2025.6.3
- container_name: {{ container_name | default('authentik-server') }}
- command: server
- env_file:
- - .env.authentik
- {% if ports_enabled %}
- ports:
- - "{{ ports_http | default(9000) }}:9000"
- - "{{ ports_https | default(9443) }}:9443"
- {% endif %}
- {% if network_enabled %}
- networks:
- - {{ network_name | default('bridge') }}
- {% endif %}
- {% if traefik_enabled %}
- labels:
- - traefik.enable=true
- - traefik.http.services.{{ service_name | default('authentik') }}.loadbalancer.server.port=9000
- - traefik.http.services.{{ service_name | default('authentik') }}.loadbalancer.server.scheme=http
- - traefik.http.routers.{{ service_name | default('authentik') }}-http.rule=Host(`{{ traefik_host }}`)
- - traefik.http.routers.{{ service_name | default('authentik') }}-http.entrypoints={{ traefik_entrypoint | default('web') }}
- {% if traefik_tls_enabled %}
- - traefik.http.routers.{{ service_name | default('authentik') }}-https.rule=Host(`{{ traefik_host }}`)
- - traefik.http.routers.{{ service_name | default('authentik') }}-https.entrypoints={{ traefik_tls_entrypoint | default('websecure') }}
- - traefik.http.routers.{{ service_name | default('authentik') }}-https.tls=true
- - traefik.http.routers.{{ service_name | default('authentik') }}-https.tls.certresolver={{ traefik_tls_certresolver }}
- {% endif %}
- {% endif %}
- volumes:
- - ./media:/media
- - ./custom-templates:/templates
- depends_on:
- - {{ service_name | default('authentik') }}-postgres
- - {{ service_name | default('authentik') }}-redis
- restart: {{ restart_policy | default('unless-stopped') }}
- {{ service_name | default('authentik') }}-worker:
- image: ghcr.io/goauthentik/server:2025.6.3
- container_name: {{ service_name | default('authentik') }}-worker
- command: worker
- env_file:
- - .env.authentik
- user: root
- volumes:
- - /run/docker.sock:/run/docker.sock
- - ./media:/media
- - ./certs:/certs
- - ./custom-templates:/templates
- {% if network_enabled %}
- networks:
- - {{ network_name | default('bridge') }}
- {% endif %}
- depends_on:
- - {{ service_name | default('authentik') }}-postgres
- - {{ service_name | default('authentik') }}-redis
- restart: {{ restart_policy | default('unless-stopped') }}
- {{ service_name | default('authentik') }}-redis:
- image: docker.io/library/redis:8.2.1
- container_name: {{ service_name | default('authentik') }}-redis
- command: --save 60 1 --loglevel warning
- healthcheck:
- test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
- start_period: 20s
- interval: 30s
- retries: 5
- timeout: 3s
- volumes:
- - redis_data:/data
- {% if network_enabled %}
- networks:
- - {{ network_name | default('bridge') }}
- {% endif %}
- restart: {{ restart_policy | default('unless-stopped') }}
- {% if not database_external %}
- {{ service_name | default('authentik') }}-postgres:
- image: docker.io/library/postgres:17.6
- container_name: {{ service_name | default('authentik') }}-db
- env_file:
- - .env.postgres
- healthcheck:
- test: ["CMD-SHELL", "pg_isready -U {{ database_user | default('authentik') }}"]
- start_period: 30s
- interval: 10s
- timeout: 10s
- retries: 5
- volumes:
- - database_data:/var/lib/postgresql/data
- {% if network_enabled %}
- networks:
- - {{ network_name | default('bridge') }}
- {% endif %}
- restart: {{ restart_policy | default('unless-stopped') }}
- {% endif %}
- volumes:
- database_data:
- driver: local
- redis_data:
- driver: local
- {% if network_enabled %}
- networks:
- {{ network_name | default('bridge') }}:
- {% if network_external %}
- external: true
- {% endif %}
- {% endif %}
|
