--- obj: application repo: https://github.com/goauthentik/authentik website: https://goauthentik.io --- # Authentik Authentik is an open-source Identity Provider (IDP) that aims to unify your identity needs into a single platform. It can replace Okta, Active Directory, and Auth0, offering a comprehensive solution for managing user identities. Built with the public benefit in mind, Authentik Security Inc. has developed this product on top of the open-source project. ## Features - **Self-host anywhere**: Authentik allows you to self-host your identity provider, giving you complete control over your data and infrastructure. - **Multi-Factor Authentication (MFA)**: This feature helps ensure the security of your user accounts by requiring multiple forms of identification before granting access. - **Conditional Access**: Authentik enables you to set conditions for accessing specific resources based on factors such as location, device, or time. - **Open-source and source available**: The project is fully open-source, with its source code available for anyone to inspect and contribute to. - **Application Proxy**: This feature allows you to securely connect your applications to Authentik without the need to modify them. - **Enterprise support**: Authentik offers dedicated enterprise-level support to ensure smooth deployment and operation of the product within your organization. ### Supported Protocols - **SAML 2.0** - **OAuth 2.0 and OIDC** - **SCIM** - **LDAP** - **RADIUS** ## Docker-Compose `docker-compose.yml`: ```yml --- services: postgresql: image: docker.io/library/postgres:16-alpine restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - ./db:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${PG_PASS:?database password required} POSTGRES_USER: ${PG_USER:-authentik} POSTGRES_DB: ${PG_DB:-authentik} env_file: - .env redis: image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - ./redis:/data deploy: resources: limits: memory: 512M server: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8} restart: unless-stopped command: server environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} volumes: - ./media:/media - ./custom-templates:/templates env_file: - .env ports: - "${COMPOSE_PORT_HTTP:-9000}:9000" - "${COMPOSE_PORT_HTTPS:-9443}:9443" depends_on: - postgresql - redis worker: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.6.4} restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} # `user: root` and the docker socket volume are optional. # See more for the docker socket integration here: # https://goauthentik.io/docs/outposts/integrations/docker # Removing `user: root` also prevents the worker from fixing the permissions # on the mounted folders, so when removing this make sure the folders have the correct UID/GID # (1000:1000 by default) user: root volumes: # - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates env_file: - .env depends_on: - postgresql - redis ``` `.env`: ```` PG_PASS= AUTHENTIK_SECRET_KEY= # SMTP Host Emails are sent to AUTHENTIK_EMAIL__HOST= AUTHENTIK_EMAIL__PORT=465 # Optionally authenticate (don't add quotation marks to your password) AUTHENTIK_EMAIL__USERNAME= AUTHENTIK_EMAIL__PASSWORD= # Use StartTLS AUTHENTIK_EMAIL__USE_TLS=false # Use SSL AUTHENTIK_EMAIL__USE_SSL=true AUTHENTIK_EMAIL__TIMEOUT=10 # Email address authentik will send from, should have a correct @domain AUTHENTIK_EMAIL__FROM= COMPOSE_PORT_HTTP=9020 COMPOSE_PORT_HTTPS=9021 ```