Update authentik page
This commit is contained in:
parent
cfcc605cf8
commit
a21edb357f
@ -11,13 +11,14 @@ visible: false
|
||||
|
||||
```sh
|
||||
podman network create net_authentik
|
||||
podman pod create --name pod_authentik --network net_authentik -p
|
||||
podman pod create --name pod_authentik --network net_authentik -p 9000:9000 -p 9443:9443
|
||||
```
|
||||
|
||||
#### Port Mappings
|
||||
|
||||
```
|
||||
|
||||
9000: Authentik HTTP
|
||||
9443: Authentik HTTPS
|
||||
```
|
||||
|
||||
### Database
|
||||
@ -25,9 +26,9 @@ podman pod create --name pod_authentik --network net_authentik -p
|
||||
```sh
|
||||
podman run --name authentik_db \
|
||||
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
||||
-e POSTGRES_USER=authentik \
|
||||
-e POSTGRES_PASSWORD=authentik \
|
||||
-e POSTGRES_DB=authentik \
|
||||
-e POSTGRES_USER={DB USER} \
|
||||
-e POSTGRES_PASSWORD={DB PASS} \
|
||||
-e POSTGRES_DB={DB NAME} \
|
||||
-v /mnt/authentik_db:/var/lib/postgresql/data \
|
||||
--pod pod_authentik \
|
||||
-d docker.io/postgres:14
|
||||
@ -47,61 +48,72 @@ podman run --name authentik_redis \
|
||||
|
||||
https://goauthentik.io/docs/installation/docker-compose
|
||||
|
||||
```yaml
|
||||
server:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
||||
volumes:
|
||||
- ./media:/media
|
||||
- ./custom-templates:/templates
|
||||
- geoip:/geoip
|
||||
env_file:
|
||||
- .env
|
||||
ports:
|
||||
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
|
||||
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
|
||||
```
|
||||
|
||||
```
|
||||
Generate `PG_PASS` and `AUTHENTIK_SECRET_KEY` using `openssl rand -base64 40 / 50`
|
||||
|
||||
```sh
|
||||
podman run --name authentik_server \
|
||||
-e PG_PASS={RANDOM PASS} \
|
||||
-e AUTHENTIK_SECRET_KEY={RANDOM SECRET} \
|
||||
-e AUTHENTIK_REDIS__HOST=authentik_redis \
|
||||
-e AUTHENTIK_POSTGRESQL__HOST=authentik_db \
|
||||
-e AUTHENTIK_POSTGRESQL__USER={DB USER} \
|
||||
-e AUTHENTIK_POSTGRESQL__NAME={DB NAME} \
|
||||
-e AUTHENTIK_POSTGRESQL__PASSWORD={DB PASS} \
|
||||
# SMTP Host Emails are sent to
|
||||
-e AUTHENTIK_EMAIL__HOST={SMTP SERVER} \
|
||||
-e AUTHENTIK_EMAIL__PORT=465 \
|
||||
# Optionally authenticate (don't add quotation marks to your password)
|
||||
-e AUTHENTIK_EMAIL__USERNAME={SMTP USER} \
|
||||
-e AUTHENTIK_EMAIL__PASSWORD={SMTP PASS} \
|
||||
# Use StartTLS
|
||||
-e AUTHENTIK_EMAIL__USE_TLS=false \
|
||||
# Use SSL
|
||||
-e AUTHENTIK_EMAIL__USE_SSL=true \
|
||||
-e AUTHENTIK_EMAIL__TIMEOUT=10 \
|
||||
# Email address authentik will send from, should have a correct @domain
|
||||
-e AUTHENTIK_EMAIL__FROM={EMAIL} \
|
||||
-v /mnt/authentik/media:/media \
|
||||
-v /mnt/authentik/templates:/templates \
|
||||
-v /mnt/authentik/geoip:/geoip \
|
||||
--pod pod_authentik \
|
||||
-d ghcr.io/goauthentik/server:latest \
|
||||
server
|
||||
```
|
||||
|
||||
### Application Worker
|
||||
|
||||
```yaml
|
||||
worker:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
||||
# This is optional, and can be removed. If you remove this, the following will happen
|
||||
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
|
||||
# - The docker socket can't be accessed anymore
|
||||
user: root
|
||||
volumes:
|
||||
- ./media:/media
|
||||
- ./certs:/certs
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./custom-templates:/templates
|
||||
- geoip:/geoip
|
||||
env_file:
|
||||
- .env
|
||||
```sh
|
||||
podman run --name authentik_worker \
|
||||
-e PG_PASS={RANDOM PASS} \
|
||||
-e AUTHENTIK_SECRET_KEY={RANDOM SECRET} \
|
||||
-e AUTHENTIK_REDIS__HOST=authentik_redis \
|
||||
-e AUTHENTIK_POSTGRESQL__HOST=authentik_db \
|
||||
-e AUTHENTIK_POSTGRESQL__USER={DB USER} \
|
||||
-e AUTHENTIK_POSTGRESQL__NAME={DB NAME} \
|
||||
-e AUTHENTIK_POSTGRESQL__PASSWORD={DB PASS} \
|
||||
# SMTP Host Emails are sent to
|
||||
-e AUTHENTIK_EMAIL__HOST={SMTP SERVER} \
|
||||
-e AUTHENTIK_EMAIL__PORT=465 \
|
||||
# Optionally authenticate (don't add quotation marks to your password)
|
||||
-e AUTHENTIK_EMAIL__USERNAME={SMTP USER} \
|
||||
-e AUTHENTIK_EMAIL__PASSWORD={SMTP PASS} \
|
||||
# Use StartTLS
|
||||
-e AUTHENTIK_EMAIL__USE_TLS=false \
|
||||
# Use SSL
|
||||
-e AUTHENTIK_EMAIL__USE_SSL=true \
|
||||
-e AUTHENTIK_EMAIL__TIMEOUT=10 \
|
||||
# Email address authentik will send from, should have a correct @domain
|
||||
-e AUTHENTIK_EMAIL__FROM={EMAIL} \
|
||||
-v /mnt/authentik/media:/media \
|
||||
-v /mnt/authentik/certs:/certs \
|
||||
-v /mnt/authentik/templates:/templates \
|
||||
-v /mnt/authentik/geoip:/geoip \
|
||||
--pod pod_authentik \
|
||||
-d ghcr.io/goauthentik/server:latest \
|
||||
worker
|
||||
```
|
||||
|
||||
```
|
||||
## Setup
|
||||
|
||||
```
|
||||
After starting all containers, visit the path `https://{SERVER IP}:{PORT}/if/flow/initial-setup/` in your browser.
|
||||
The default user is called `akadmin`
|
||||
|
Loading…
Reference in New Issue
Block a user