jmarya/knowledge
jmarya/knowledge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add authentik

Browse source
This commit is contained in:
JMARyA 2024-09-26 21:56:39 +02:00
parent cfb23e66e2
commit c091d75bc1
Signed by: jmarya
GPG key ID: 901B2ADDF27C2263
2 changed files with 129 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
technology/applications/Applications.md
View file

@ -131,6 +131,7 @@ rev: 2024-07-14
# Web # Web
- [Authelia](./web/Authelia.md) - [Authelia](./web/Authelia.md)
- [Authentik](./web/Authentik.md)
- [Bitwarden](./web/Bitwarden.md) - [Bitwarden](./web/Bitwarden.md)
- [AdGuard](./web/AdGuard.md) - [AdGuard](./web/AdGuard.md)
- [Gitea](./web/Gitea.md) - [Gitea](./web/Gitea.md)

129
technology/applications/web/Authentik.md
View file

@ -5,4 +5,131 @@ website: https://goauthentik.io
--- ---
# Authentik # Authentik
#wip Authentik is an open-source Identity Provider (IDP) that aims to unify your identity needs into a single platform. It can replace Okta, Active Directory, and Auth0, offering a comprehensive solution for managing user identities. Built with the public benefit in mind, Authentik Security Inc. has developed this product on top of the open-source project.
## Features
- **Self-host anywhere**: Authentik allows you to self-host your identity provider, giving you complete control over your data and infrastructure.
- **Multi-Factor Authentication (MFA)**: This feature helps ensure the security of your user accounts by requiring multiple forms of identification before granting access.
- **Conditional Access**: Authentik enables you to set conditions for accessing specific resources based on factors such as location, device, or time.
- **Open-source and source available**: The project is fully open-source, with its source code available for anyone to inspect and contribute to.
- **Application Proxy**: This feature allows you to securely connect your applications to Authentik without the need to modify them.
- **Enterprise support**: Authentik offers dedicated enterprise-level support to ensure smooth deployment and operation of the product within your organization.
### Supported Protocols
- **SAML 2.0**
- **OAuth 2.0 and OIDC**
- **SCIM**
- **LDAP**
- **RADIUS**
## Docker-Compose
`docker-compose.yml`:
```yml
---
services:
postgresql:
image: docker.io/library/postgres:16-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- ./db:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
POSTGRES_USER: ${PG_USER:-authentik}
POSTGRES_DB: ${PG_DB:-authentik}
env_file:
- .env
redis:
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- ./redis:/data
deploy:
resources:
limits:
memory: 512M
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8}
restart: unless-stopped
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
volumes:
- ./media:/media
- ./custom-templates:/templates
env_file:
- .env
ports:
- "${COMPOSE_PORT_HTTP:-9000}:9000"
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
depends_on:
- postgresql
- redis
worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.6.4}
restart: unless-stopped
command: worker
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# `user: root` and the docker socket volume are optional.
# See more for the docker socket integration here:
# https://goauthentik.io/docs/outposts/integrations/docker
# Removing `user: root` also prevents the worker from fixing the permissions
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
# (1000:1000 by default)
user: root
volumes:
# - /var/run/docker.sock:/var/run/docker.sock
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
env_file:
- .env
depends_on:
- postgresql
- redis
```
`.env`:
````
PG_PASS=<PASSWORD>
AUTHENTIK_SECRET_KEY=<SECRET>
# SMTP Host Emails are sent to
AUTHENTIK_EMAIL__HOST=<HOST>
AUTHENTIK_EMAIL__PORT=465
# Optionally authenticate (don't add quotation marks to your password)
AUTHENTIK_EMAIL__USERNAME=<USER>
AUTHENTIK_EMAIL__PASSWORD=<PASS>
# Use StartTLS
AUTHENTIK_EMAIL__USE_TLS=false
# Use SSL
AUTHENTIK_EMAIL__USE_SSL=true
AUTHENTIK_EMAIL__TIMEOUT=10
# Email address authentik will send from, should have a correct @domain
AUTHENTIK_EMAIL__FROM=<FROM>
COMPOSE_PORT_HTTP=9020
COMPOSE_PORT_HTTPS=9021
```