authentik_traefik/minimal_compose.yaml at traefik3 · brokenscripts/authentik_traefik · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# compose.yaml
# -----------------------
# Preparation
# -----------------------
## Create all required folders
# mkdir -p ./authentik/{redis,postgresql,media,custom-templates}
## Pull all images before running this file
# grep "image:" compose.yaml | cut -d":" -f2 | xargs -I {} docker pull "{}"
## Set the value of PUID and PGID to current user if not already set using bash interpolation
# export PUID="${PUID:-$(id -u)}"
# export PGID="${PGID:-$(id -g)}"
# docker compose up -d


# authentik_server      | {"error":"authentik starting","event":"failed to proxy to backend","level":"warning","logger":"authentik.router","timestamp":"2024-12-15T14:23:08Z"}
#
# navigate to http://{IP}/if/flow/initial-setup/


name: authentik # Project Name

networks:
  authentik-backend:
    name: authentik-backend
  t3_proxy:
    name: t3_proxy
    driver: bridge
    ipam:
      config:
        - subnet: 10.255.224.0/20  # 10.255.224.1 - 10.255.239.254
          # ip_range specifies the "dhcp scope" for containers
          ip_range: 10.255.224.0/21  # 10.255.224.1 - 10.255.231.254
          # stack IPs will be in 10.255.232.x subnet


services:
  authentik_postgresql:
    image: docker.io/library/postgres:16-alpine
    container_name: authentik_postgresql
    shm_size: 128mb
    restart: unless-stopped
    user: ${PUID}:${PGID}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    networks:
      - authentik-backend
    volumes:
      - "./authentik/postgresql:/var/lib/postgresql/data"
    environment:
      - POSTGRES_PASSWORD=postgresql_password
      - POSTGRES_USER=authentik_db_user
      - POSTGRES_DB=authentik

  authentik_redis:
    image: docker.io/library/redis:alpine
    container_name: authentik_redis
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    networks:
      - authentik-backend
    volumes:
      - "./authentik/redis:/data"

  # Use the embedded outpost (2021.8.1+) instead of the seperate Forward Auth / Proxy Provider container
  authentik_server:
    image: ghcr.io/goauthentik/server:latest
    container_name: authentik_server
    restart: unless-stopped
    command: server
    user: ${PUID}:${PGID}
    depends_on:
      - authentik_postgresql
      - authentik_redis
    networks:
      - t3_proxy
      - authentik-backend
    ports:
      - 9000:9000
    environment:
      - AUTHENTIK_REDIS__HOST=authentik_redis
      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgresql
      - AUTHENTIK_POSTGRESQL__NAME=authentik
      - AUTHENTIK_POSTGRESQL__USER=authentik_db_user
      - AUTHENTIK_POSTGRESQL__PASSWORD=postgresql_password
      - AUTHENTIK_LOG_LEVEL=warning
      - AUTHENTIK_SECRET_KEY=authentik_secret_key__authentik_secret_key
    volumes:
      - ./authentik/media:/media"
      - "./authentik/custom-templates:/templates"

  authentik_worker:
    image: ghcr.io/goauthentik/server:latest
    container_name: authentik_worker
    restart: unless-stopped
    # Removing `user: root` also prevents the worker from fixing the permissions
    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
    # (1000:1000 by default)
    # user: root
    user: ${PUID}:${PGID}
    command: worker
    depends_on:
      - authentik_postgresql
      - authentik_redis
    networks:
      - authentik-backend
    environment:
      - AUTHENTIK_REDIS__HOST=authentik_redis
      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgresql
      - AUTHENTIK_POSTGRESQL__NAME=authentik
      - AUTHENTIK_POSTGRESQL__USER=authentik_db_user
      - AUTHENTIK_POSTGRESQL__PASSWORD=postgresql_password
      - AUTHENTIK_LOG_LEVEL=warning
      - AUTHENTIK_SECRET_KEY=authentik_secret_key__authentik_secret_key
    volumes:
      - "./authentik/media:/media"
      - "./authentik/custom-templates:/templates"
      - /var/run/docker.sock:/var/run/docker.sock