2022-10-10 19:17:35 +02:00
|
|
|
---
|
|
|
|
title: Authentik
|
|
|
|
visible: false
|
|
|
|
---
|
|
|
|
|
|
|
|
[toc]
|
2022-12-16 11:46:32 +01:00
|
|
|
|
2022-10-10 19:17:35 +02:00
|
|
|
## Podman
|
2022-12-16 11:46:32 +01:00
|
|
|
|
2022-10-10 19:17:35 +02:00
|
|
|
### Network and Pod
|
2022-12-16 11:46:32 +01:00
|
|
|
|
2022-10-10 19:17:35 +02:00
|
|
|
`# podman network create net_authentik`
|
2022-12-16 11:46:32 +01:00
|
|
|
`# podman pod create --name pod_authentik --network net_authentik -p `
|
2022-10-10 19:17:35 +02:00
|
|
|
|
|
|
|
#### Port Mappings
|
2022-12-16 11:46:32 +01:00
|
|
|
|
2022-10-10 19:17:35 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
### Database
|
2022-12-16 11:46:32 +01:00
|
|
|
|
|
|
|
```sh
|
2022-10-10 19:17:35 +02:00
|
|
|
# podman run --name authentik_db \
|
|
|
|
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
|
|
|
-e POSTGRES_USER=authentik \
|
|
|
|
-e POSTGRES_PASSWORD=authentik \
|
|
|
|
-e POSTGRES_DB=authentik \
|
|
|
|
-v /mnt/authentik_db:/var/lib/postgresql/data \
|
|
|
|
--pod pod_authentik \
|
|
|
|
-d docker.io/postgres:14
|
|
|
|
```
|
|
|
|
|
|
|
|
### Redis
|
2022-12-16 11:46:32 +01:00
|
|
|
|
|
|
|
```sh
|
2022-10-10 19:17:35 +02:00
|
|
|
# podman run --name authentik_redis \
|
|
|
|
-v /mnt/authentik_redis:/data \
|
|
|
|
--pod pod_authentik \
|
|
|
|
-d docker.io/redis:7 \
|
|
|
|
redis-server --save 60 1 --loglevel warning
|
|
|
|
```
|
|
|
|
|
|
|
|
### Application Server
|
2022-12-16 11:46:32 +01:00
|
|
|
|
2022-10-10 19:17:35 +02:00
|
|
|
https://goauthentik.io/docs/installation/docker-compose
|
2022-12-16 11:46:32 +01:00
|
|
|
|
2022-10-10 19:17:35 +02:00
|
|
|
```
|
|
|
|
server:
|
|
|
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
|
|
|
restart: unless-stopped
|
|
|
|
command: server
|
|
|
|
environment:
|
|
|
|
AUTHENTIK_REDIS__HOST: redis
|
|
|
|
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
|
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
|
|
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
|
|
|
volumes:
|
|
|
|
- ./media:/media
|
|
|
|
- ./custom-templates:/templates
|
|
|
|
- geoip:/geoip
|
|
|
|
env_file:
|
|
|
|
- .env
|
|
|
|
ports:
|
|
|
|
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
|
|
|
|
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
|
|
|
|
```
|
2022-12-16 11:46:32 +01:00
|
|
|
|
2022-10-10 19:17:35 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
### Application Worker
|
2022-12-16 11:46:32 +01:00
|
|
|
|
2022-10-10 19:17:35 +02:00
|
|
|
```
|
|
|
|
worker:
|
|
|
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
|
|
|
restart: unless-stopped
|
|
|
|
command: worker
|
|
|
|
environment:
|
|
|
|
AUTHENTIK_REDIS__HOST: redis
|
|
|
|
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
|
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
|
|
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
|
|
|
# This is optional, and can be removed. If you remove this, the following will happen
|
|
|
|
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
|
|
|
|
# - The docker socket can't be accessed anymore
|
|
|
|
user: root
|
|
|
|
volumes:
|
|
|
|
- ./media:/media
|
|
|
|
- ./certs:/certs
|
|
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
- ./custom-templates:/templates
|
|
|
|
- geoip:/geoip
|
|
|
|
env_file:
|
|
|
|
- .env
|
|
|
|
```
|
2022-12-16 11:46:32 +01:00
|
|
|
|
2022-10-10 19:17:35 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
```
|