Update authentik page

This commit is contained in:
RealStickman 2023-02-26 21:18:12 +01:00
parent cfcc605cf8
commit a21edb357f

View File

@ -11,13 +11,14 @@ visible: false
```sh ```sh
podman network create net_authentik podman network create net_authentik
podman pod create --name pod_authentik --network net_authentik -p podman pod create --name pod_authentik --network net_authentik -p 9000:9000 -p 9443:9443
``` ```
#### Port Mappings #### Port Mappings
``` ```
9000: Authentik HTTP
9443: Authentik HTTPS
``` ```
### Database ### Database
@ -25,9 +26,9 @@ podman pod create --name pod_authentik --network net_authentik -p
```sh ```sh
podman run --name authentik_db \ podman run --name authentik_db \
-e PGDATA=/var/lib/postgresql/data/pgdata \ -e PGDATA=/var/lib/postgresql/data/pgdata \
-e POSTGRES_USER=authentik \ -e POSTGRES_USER={DB USER} \
-e POSTGRES_PASSWORD=authentik \ -e POSTGRES_PASSWORD={DB PASS} \
-e POSTGRES_DB=authentik \ -e POSTGRES_DB={DB NAME} \
-v /mnt/authentik_db:/var/lib/postgresql/data \ -v /mnt/authentik_db:/var/lib/postgresql/data \
--pod pod_authentik \ --pod pod_authentik \
-d docker.io/postgres:14 -d docker.io/postgres:14
@ -47,61 +48,72 @@ podman run --name authentik_redis \
https://goauthentik.io/docs/installation/docker-compose https://goauthentik.io/docs/installation/docker-compose
```yaml Generate `PG_PASS` and `AUTHENTIK_SECRET_KEY` using `openssl rand -base64 40 / 50`
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
restart: unless-stopped
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
volumes:
- ./media:/media
- ./custom-templates:/templates
- geoip:/geoip
env_file:
- .env
ports:
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
```
```
```sh
podman run --name authentik_server \
-e PG_PASS={RANDOM PASS} \
-e AUTHENTIK_SECRET_KEY={RANDOM SECRET} \
-e AUTHENTIK_REDIS__HOST=authentik_redis \
-e AUTHENTIK_POSTGRESQL__HOST=authentik_db \
-e AUTHENTIK_POSTGRESQL__USER={DB USER} \
-e AUTHENTIK_POSTGRESQL__NAME={DB NAME} \
-e AUTHENTIK_POSTGRESQL__PASSWORD={DB PASS} \
# SMTP Host Emails are sent to
-e AUTHENTIK_EMAIL__HOST={SMTP SERVER} \
-e AUTHENTIK_EMAIL__PORT=465 \
# Optionally authenticate (don't add quotation marks to your password)
-e AUTHENTIK_EMAIL__USERNAME={SMTP USER} \
-e AUTHENTIK_EMAIL__PASSWORD={SMTP PASS} \
# Use StartTLS
-e AUTHENTIK_EMAIL__USE_TLS=false \
# Use SSL
-e AUTHENTIK_EMAIL__USE_SSL=true \
-e AUTHENTIK_EMAIL__TIMEOUT=10 \
# Email address authentik will send from, should have a correct @domain
-e AUTHENTIK_EMAIL__FROM={EMAIL} \
-v /mnt/authentik/media:/media \
-v /mnt/authentik/templates:/templates \
-v /mnt/authentik/geoip:/geoip \
--pod pod_authentik \
-d ghcr.io/goauthentik/server:latest \
server
``` ```
### Application Worker ### Application Worker
```yaml ```sh
worker: podman run --name authentik_worker \
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0} -e PG_PASS={RANDOM PASS} \
restart: unless-stopped -e AUTHENTIK_SECRET_KEY={RANDOM SECRET} \
command: worker -e AUTHENTIK_REDIS__HOST=authentik_redis \
environment: -e AUTHENTIK_POSTGRESQL__HOST=authentik_db \
AUTHENTIK_REDIS__HOST: redis -e AUTHENTIK_POSTGRESQL__USER={DB USER} \
AUTHENTIK_POSTGRESQL__HOST: postgresql -e AUTHENTIK_POSTGRESQL__NAME={DB NAME} \
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} -e AUTHENTIK_POSTGRESQL__PASSWORD={DB PASS} \
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} # SMTP Host Emails are sent to
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} -e AUTHENTIK_EMAIL__HOST={SMTP SERVER} \
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true" -e AUTHENTIK_EMAIL__PORT=465 \
# This is optional, and can be removed. If you remove this, the following will happen # Optionally authenticate (don't add quotation marks to your password)
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000 -e AUTHENTIK_EMAIL__USERNAME={SMTP USER} \
# - The docker socket can't be accessed anymore -e AUTHENTIK_EMAIL__PASSWORD={SMTP PASS} \
user: root # Use StartTLS
volumes: -e AUTHENTIK_EMAIL__USE_TLS=false \
- ./media:/media # Use SSL
- ./certs:/certs -e AUTHENTIK_EMAIL__USE_SSL=true \
- /var/run/docker.sock:/var/run/docker.sock -e AUTHENTIK_EMAIL__TIMEOUT=10 \
- ./custom-templates:/templates # Email address authentik will send from, should have a correct @domain
- geoip:/geoip -e AUTHENTIK_EMAIL__FROM={EMAIL} \
env_file: -v /mnt/authentik/media:/media \
- .env -v /mnt/authentik/certs:/certs \
-v /mnt/authentik/templates:/templates \
-v /mnt/authentik/geoip:/geoip \
--pod pod_authentik \
-d ghcr.io/goauthentik/server:latest \
worker
``` ```
``` ## Setup
``` After starting all containers, visit the path `https://{SERVER IP}:{PORT}/if/flow/initial-setup/` in your browser.
The default user is called `akadmin`