135 lines
4.6 KiB
Markdown
135 lines
4.6 KiB
Markdown
---
|
|
obj: application
|
|
repo: https://github.com/goauthentik/authentik
|
|
website: https://goauthentik.io
|
|
---
|
|
|
|
# Authentik
|
|
Authentik is an open-source Identity Provider (IDP) that aims to unify your identity needs into a single platform. It can replace Okta, Active Directory, and Auth0, offering a comprehensive solution for managing user identities. Built with the public benefit in mind, Authentik Security Inc. has developed this product on top of the open-source project.
|
|
|
|
## Features
|
|
- **Self-host anywhere**: Authentik allows you to self-host your identity provider, giving you complete control over your data and infrastructure.
|
|
- **Multi-Factor Authentication (MFA)**: This feature helps ensure the security of your user accounts by requiring multiple forms of identification before granting access.
|
|
- **Conditional Access**: Authentik enables you to set conditions for accessing specific resources based on factors such as location, device, or time.
|
|
- **Open-source and source available**: The project is fully open-source, with its source code available for anyone to inspect and contribute to.
|
|
- **Application Proxy**: This feature allows you to securely connect your applications to Authentik without the need to modify them.
|
|
- **Enterprise support**: Authentik offers dedicated enterprise-level support to ensure smooth deployment and operation of the product within your organization.
|
|
|
|
### Supported Protocols
|
|
- **SAML 2.0**
|
|
- **OAuth 2.0 and OIDC**
|
|
- **SCIM**
|
|
- **LDAP**
|
|
- **RADIUS**
|
|
|
|
## Docker-Compose
|
|
`docker-compose.yml`:
|
|
```yml
|
|
---
|
|
services:
|
|
postgresql:
|
|
image: docker.io/library/postgres:16-alpine
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 5s
|
|
volumes:
|
|
- ./db:/var/lib/postgresql/data
|
|
environment:
|
|
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
|
|
POSTGRES_USER: ${PG_USER:-authentik}
|
|
POSTGRES_DB: ${PG_DB:-authentik}
|
|
env_file:
|
|
- .env
|
|
redis:
|
|
image: docker.io/library/redis:alpine
|
|
command: --save 60 1 --loglevel warning
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 3s
|
|
volumes:
|
|
- ./redis:/data
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 512M
|
|
|
|
server:
|
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8}
|
|
restart: unless-stopped
|
|
command: server
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: redis
|
|
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
volumes:
|
|
- ./media:/media
|
|
- ./custom-templates:/templates
|
|
env_file:
|
|
- .env
|
|
ports:
|
|
- "${COMPOSE_PORT_HTTP:-9000}:9000"
|
|
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
|
|
depends_on:
|
|
- postgresql
|
|
- redis
|
|
worker:
|
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.6.4}
|
|
restart: unless-stopped
|
|
command: worker
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: redis
|
|
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
# `user: root` and the docker socket volume are optional.
|
|
# See more for the docker socket integration here:
|
|
# https://goauthentik.io/docs/outposts/integrations/docker
|
|
# Removing `user: root` also prevents the worker from fixing the permissions
|
|
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
|
|
# (1000:1000 by default)
|
|
user: root
|
|
volumes:
|
|
# - /var/run/docker.sock:/var/run/docker.sock
|
|
- ./media:/media
|
|
- ./certs:/certs
|
|
- ./custom-templates:/templates
|
|
env_file:
|
|
- .env
|
|
depends_on:
|
|
- postgresql
|
|
- redis
|
|
```
|
|
|
|
`.env`:
|
|
````
|
|
PG_PASS=<PASSWORD>
|
|
AUTHENTIK_SECRET_KEY=<SECRET>
|
|
|
|
# SMTP Host Emails are sent to
|
|
AUTHENTIK_EMAIL__HOST=<HOST>
|
|
AUTHENTIK_EMAIL__PORT=465
|
|
# Optionally authenticate (don't add quotation marks to your password)
|
|
AUTHENTIK_EMAIL__USERNAME=<USER>
|
|
AUTHENTIK_EMAIL__PASSWORD=<PASS>
|
|
# Use StartTLS
|
|
AUTHENTIK_EMAIL__USE_TLS=false
|
|
# Use SSL
|
|
AUTHENTIK_EMAIL__USE_SSL=true
|
|
AUTHENTIK_EMAIL__TIMEOUT=10
|
|
# Email address authentik will send from, should have a correct @domain
|
|
AUTHENTIK_EMAIL__FROM=<FROM>
|
|
|
|
COMPOSE_PORT_HTTP=9020
|
|
COMPOSE_PORT_HTTPS=9021
|
|
```
|