120 lines
3.3 KiB
Markdown
120 lines
3.3 KiB
Markdown
---
|
|
title: Authentik
|
|
visible: false
|
|
---
|
|
|
|
[toc]
|
|
|
|
## Podman
|
|
|
|
### Network and Pod
|
|
|
|
```sh
|
|
podman network create net_authentik
|
|
podman pod create --name pod_authentik --network net_authentik -p 9000:9000 -p 9443:9443
|
|
```
|
|
|
|
#### Port Mappings
|
|
|
|
```
|
|
9000: Authentik HTTP
|
|
9443: Authentik HTTPS
|
|
```
|
|
|
|
### Database
|
|
|
|
```sh
|
|
podman run --name authentik_db \
|
|
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
|
-e POSTGRES_USER={DB USER} \
|
|
-e POSTGRES_PASSWORD={DB PASS} \
|
|
-e POSTGRES_DB={DB NAME} \
|
|
-v /mnt/authentik_db:/var/lib/postgresql/data \
|
|
--pod pod_authentik \
|
|
-d docker.io/postgres:14
|
|
```
|
|
|
|
### Redis
|
|
|
|
```sh
|
|
podman run --name authentik_redis \
|
|
-v /mnt/authentik_redis:/data \
|
|
--pod pod_authentik \
|
|
-d docker.io/redis:7 \
|
|
redis-server --save 60 1 --loglevel warning
|
|
```
|
|
|
|
### Application Server
|
|
|
|
https://goauthentik.io/docs/installation/docker-compose
|
|
|
|
Generate `PG_PASS` and `AUTHENTIK_SECRET_KEY` using `openssl rand -base64 40 / 50`
|
|
|
|
```sh
|
|
podman run --name authentik_server \
|
|
-e PG_PASS={RANDOM PASS} \
|
|
-e AUTHENTIK_SECRET_KEY={RANDOM SECRET} \
|
|
-e AUTHENTIK_REDIS__HOST=authentik_redis \
|
|
-e AUTHENTIK_POSTGRESQL__HOST=authentik_db \
|
|
-e AUTHENTIK_POSTGRESQL__USER={DB USER} \
|
|
-e AUTHENTIK_POSTGRESQL__NAME={DB NAME} \
|
|
-e AUTHENTIK_POSTGRESQL__PASSWORD={DB PASS} \
|
|
# SMTP Host Emails are sent to
|
|
-e AUTHENTIK_EMAIL__HOST={SMTP SERVER} \
|
|
-e AUTHENTIK_EMAIL__PORT=465 \
|
|
# Optionally authenticate (don't add quotation marks to your password)
|
|
-e AUTHENTIK_EMAIL__USERNAME={SMTP USER} \
|
|
-e AUTHENTIK_EMAIL__PASSWORD={SMTP PASS} \
|
|
# Use StartTLS
|
|
-e AUTHENTIK_EMAIL__USE_TLS=false \
|
|
# Use SSL
|
|
-e AUTHENTIK_EMAIL__USE_SSL=true \
|
|
-e AUTHENTIK_EMAIL__TIMEOUT=10 \
|
|
# Email address authentik will send from, should have a correct @domain
|
|
-e AUTHENTIK_EMAIL__FROM={EMAIL} \
|
|
-v /mnt/authentik/media:/media \
|
|
-v /mnt/authentik/templates:/templates \
|
|
-v /mnt/authentik/geoip:/geoip \
|
|
--pod pod_authentik \
|
|
-d ghcr.io/goauthentik/server:latest \
|
|
server
|
|
```
|
|
|
|
### Application Worker
|
|
|
|
```sh
|
|
podman run --name authentik_worker \
|
|
-e PG_PASS={RANDOM PASS} \
|
|
-e AUTHENTIK_SECRET_KEY={RANDOM SECRET} \
|
|
-e AUTHENTIK_REDIS__HOST=authentik_redis \
|
|
-e AUTHENTIK_POSTGRESQL__HOST=authentik_db \
|
|
-e AUTHENTIK_POSTGRESQL__USER={DB USER} \
|
|
-e AUTHENTIK_POSTGRESQL__NAME={DB NAME} \
|
|
-e AUTHENTIK_POSTGRESQL__PASSWORD={DB PASS} \
|
|
# SMTP Host Emails are sent to
|
|
-e AUTHENTIK_EMAIL__HOST={SMTP SERVER} \
|
|
-e AUTHENTIK_EMAIL__PORT=465 \
|
|
# Optionally authenticate (don't add quotation marks to your password)
|
|
-e AUTHENTIK_EMAIL__USERNAME={SMTP USER} \
|
|
-e AUTHENTIK_EMAIL__PASSWORD={SMTP PASS} \
|
|
# Use StartTLS
|
|
-e AUTHENTIK_EMAIL__USE_TLS=false \
|
|
# Use SSL
|
|
-e AUTHENTIK_EMAIL__USE_SSL=true \
|
|
-e AUTHENTIK_EMAIL__TIMEOUT=10 \
|
|
# Email address authentik will send from, should have a correct @domain
|
|
-e AUTHENTIK_EMAIL__FROM={EMAIL} \
|
|
-v /mnt/authentik/media:/media \
|
|
-v /mnt/authentik/certs:/certs \
|
|
-v /mnt/authentik/templates:/templates \
|
|
-v /mnt/authentik/geoip:/geoip \
|
|
--pod pod_authentik \
|
|
-d ghcr.io/goauthentik/server:latest \
|
|
worker
|
|
```
|
|
|
|
## Setup
|
|
|
|
After starting all containers, visit the path `https://{SERVER IP}:{PORT}/if/flow/initial-setup/` in your browser.
|
|
The default user is called `akadmin`
|