# ------------------------------ # -- authentik (Identity Provider / SSO) # -- Updated/Created 2024-July-02 # ------------------------------ name: authentik # Project Name networks: authentik-backend: name: authentik-backend services: authentik_postgresql: image: docker.io/library/postgres:16-alpine container_name: authentik_postgresql shm_size: 128mb # https://hub.docker.com/_/postgres restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s networks: - authentik-backend volumes: - "$DOCKERDIR/appdata/authentik/postgresql/data:/var/lib/postgresql/data" secrets: - authentik_postgresql_db - authentik_postgresql_user - authentik_postgresql_password environment: - POSTGRES_PASSWORD_FILE - POSTGRES_USER_FILE - POSTGRES_DB_FILE authentik_redis: image: docker.io/library/redis:alpine container_name: authentik_redis command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s networks: - authentik-backend volumes: - "$DOCKERDIR/appdata/authentik/redis/data:/data" authentik_server: image: ghcr.io/goauthentik/server:latest container_name: authentik_server restart: unless-stopped command: server depends_on: - authentik_postgresql - authentik_redis - traefik - crowdsec networks: - traefik - socket_proxy - authentik-backend secrets: - authentik_postgresql_db - authentik_postgresql_user - authentik_postgresql_password - authentik_secret_key environment: - AUTHENTIK_REDIS__HOST - AUTHENTIK_POSTGRESQL__HOST - AUTHENTIK_POSTGRESQL__NAME - AUTHENTIK_POSTGRESQL__USER - AUTHENTIK_POSTGRESQL__PASSWORD - AUTHENTIK_DISABLE_STARTUP_ANALYTICS - AUTHENTIK_DISABLE_UPDATE_CHECK - AUTHENTIK_ERROR_REPORTING__ENABLED - AUTHENTIK_LOG_LEVEL - AUTHENTIK_SECRET_KEY - AUTHENTIK_COOKIE_DOMAIN volumes: - "$DOCKERDIR/appdata/authentik/media:/media" - "$DOCKERDIR/appdata/authentik/custom-templates:/templates" - "$DOCKERDIR/appdata/authentik/geoip/data:/geoip" authentik_worker: image: ghcr.io/goauthentik/server:latest container_name: authentik_worker restart: unless-stopped user: 1000:1000 command: worker depends_on: - authentik_postgresql - authentik_redis networks: - socket_proxy - authentik-backend secrets: - authentik_postgresql_db - authentik_postgresql_user - authentik_postgresql_password - authentik_secret_key - gmail_smtp_username - gmail_smtp_password environment: - DOCKER_HOST - AUTHENTIK_REDIS__HOST - AUTHENTIK_POSTGRESQL__HOST - AUTHENTIK_POSTGRESQL__NAME - AUTHENTIK_POSTGRESQL__USER - AUTHENTIK_POSTGRESQL__PASSWORD - AUTHENTIK_DISABLE_STARTUP_ANALYTICS - AUTHENTIK_DISABLE_UPDATE_CHECK - AUTHENTIK_ERROR_REPORTING__ENABLED - AUTHENTIK_SECRET_KEY - AUTHENTIK_COOKIE_DOMAIN - AUTHENTIK_LOG_LEVEL - AUTHENTIK_EMAIL__HOST - AUTHENTIK_EMAIL__PORT - AUTHENTIK_EMAIL__USERNAME - AUTHENTIK_EMAIL__PASSWORD - AUTHENTIK_EMAIL__USE_TLS - AUTHENTIK_EMAIL__USE_SSL - AUTHENTIK_EMAIL__TIMEOUT - AUTHENTIK_EMAIL__FROM volumes: - "$DOCKERDIR/appdata/authentik/media:/media" - "$DOCKERDIR/appdata/authentik/custom-templates:/templates" - "$DOCKERDIR/appdata/authentik/geoip/data:/geoip" geoipupdate: image: ghcr.io/maxmind/geoipupdate:latest container_name: geoipupdate restart: unless-stopped user: ${PUID}:${PGID} volumes: - "$DOCKERDIR/appdata/authentik/geoip/data:/usr/share/GeoIP" networks: - authentik-backend secrets: - geoip_account_id - geoip_license_key environment: - GEOIPUPDATE_EDITION_IDS - GEOIPUPDATE_FREQUENCY - GEOIPUPDATE_ACCOUNT_ID_FILE - GEOIPUPDATE_LICENSE_KEY_FILE whoami-individual: image: traefik/whoami:latest container_name: whoami-individual restart: unless-stopped security_opt: - no-new-privileges:true depends_on: - traefik - authentik_server - authentik_worker networks: - traefik environment: - TZ whoami-catchall: image: traefik/whoami:latest container_name: whoami-catchall restart: unless-stopped security_opt: - no-new-privileges:true depends_on: - traefik - authentik_server - authentik_worker networks: - traefik environment: - TZ