app-store/apps/authentik/docker-compose.yml

version: "3.7"

services:
  authentik:
    image: ghcr.io/goauthentik/server:2023.10.5
    restart: unless-stopped
    command: server
    container_name: authentik
    environment:
      AUTHENTIK_REDIS__HOST: authentik-redis
      AUTHENTIK_POSTGRESQL__HOST: authentik-db
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
    volumes:
      - ${APP_DATA_DIR}/data/authentik-media:/media
      - ${APP_DATA_DIR}/data/authentik-custom-templates:/templates
    ports:
      - "8769:9000"
      - "${APP_PORT}:9443"
    depends_on:
      - authentik-db
      - authentik-redis
    networks:
      - tipi_main_network
    labels:
      # Main
      traefik.enable: true
      traefik.http.middlewares.authentik-web-redirect.redirectscheme.scheme: https
      traefik.http.services.authentik.loadbalancer.server.port: 9000
      # Web
      traefik.http.routers.authentik-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.authentik-insecure.entrypoints: web
      traefik.http.routers.authentik-insecure.service: authentik
      traefik.http.routers.authentik-insecure.middlewares: authentik-web-redirect
      # Websecure
      traefik.http.routers.authentik.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.authentik.entrypoints: websecure
      traefik.http.routers.authentik.service: authentik
      traefik.http.routers.authentik.tls.certresolver: myresolver
      # Local domain
      traefik.http.routers.authentik-local-insecure.rule: Host(`authentik.${LOCAL_DOMAIN}`)
      traefik.http.routers.authentik-local-insecure.entrypoints: web
      traefik.http.routers.authentik-local-insecure.service: authentik
      traefik.http.routers.authentik-local-insecure.middlewares: authentik-web-redirect
      # Local domain secure
      traefik.http.routers.authentik-local.rule: Host(`authentik.${LOCAL_DOMAIN}`)
      traefik.http.routers.authentik-local.entrypoints: websecure
      traefik.http.routers.authentik-local.service: authentik
      traefik.http.routers.authentik-local.tls: true
  authentik-worker:
    image: ghcr.io/goauthentik/server:2023.10.5
    restart: unless-stopped
    command: worker
    container_name: authentik-worker
    environment:
      AUTHENTIK_REDIS__HOST: authentik-redis
      AUTHENTIK_POSTGRESQL__HOST: authentik-db
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
    # `user: root` and the docker socket volume are optional.
    # See more for the docker socket integration here:
    # https://goauthentik.io/docs/outposts/integrations/docker
    # Removing `user: root` also prevents the worker from fixing the permissions
    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
    # (1000:1000 by default)
    user: root
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${APP_DATA_DIR}/data/authentik-media:/media
      - ${APP_DATA_DIR}/data/authentik-certs:/certs
      - ${APP_DATA_DIR}/data/authentik-custom-templates:/templates
    depends_on:
      - authentik-db
      - authentik-redis
    networks:
      - tipi_main_network

  authentik-db:
    container_name: authentik-db
    image: postgres:12-alpine
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - ${APP_DATA_DIR}/data/postgres:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD}
      POSTGRES_USER: authentik
      POSTGRES_DB: authentik
    networks:
      - tipi_main_network

  authentik-redis:
    image: redis:alpine
    command: --save 60 1 --loglevel warning
    container_name: authentik-redis
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - ${APP_DATA_DIR}/data/redis:/data
    networks:
      - tipi_main_network
Add Authentik (#1595) * Add Authentik * Update Missing Items From Tests * Update docker-compose.yml * Update config.json * Update docker-compose.yml * Update Envs * Update docker-compose.yml 2023-11-15 00:50:53 +00:00			`version: "3.7"`

			`services:`
			`authentik:`
chore(deps): update ghcr.io/goauthentik/server docker tag to v2023.10.5 (#1870) 2023-12-21 17:07:46 +00:00			`image: ghcr.io/goauthentik/server:2023.10.5`
Add Authentik (#1595) * Add Authentik * Update Missing Items From Tests * Update docker-compose.yml * Update config.json * Update docker-compose.yml * Update Envs * Update docker-compose.yml 2023-11-15 00:50:53 +00:00			`restart: unless-stopped`
			`command: server`
			`container_name: authentik`
			`environment:`
			`AUTHENTIK_REDIS__HOST: authentik-redis`
			`AUTHENTIK_POSTGRESQL__HOST: authentik-db`
			`AUTHENTIK_POSTGRESQL__USER: authentik`
			`AUTHENTIK_POSTGRESQL__NAME: authentik`
			`AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}`
			`AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}`
			`volumes:`
			`- ${APP_DATA_DIR}/data/authentik-media:/media`
			`- ${APP_DATA_DIR}/data/authentik-custom-templates:/templates`
			`ports:`
			`- "8769:9000"`
			`- "${APP_PORT}:9443"`
			`depends_on:`
			`- authentik-db`
			`- authentik-redis`
			`networks:`
			`- tipi_main_network`
			`labels:`
			`# Main`
			`traefik.enable: true`
			`traefik.http.middlewares.authentik-web-redirect.redirectscheme.scheme: https`
			`traefik.http.services.authentik.loadbalancer.server.port: 9000`
			`# Web`
			traefik.http.routers.authentik-insecure.rule: Host(`${APP_DOMAIN}`)
			`traefik.http.routers.authentik-insecure.entrypoints: web`
			`traefik.http.routers.authentik-insecure.service: authentik`
			`traefik.http.routers.authentik-insecure.middlewares: authentik-web-redirect`
			`# Websecure`
			traefik.http.routers.authentik.rule: Host(`${APP_DOMAIN}`)
			`traefik.http.routers.authentik.entrypoints: websecure`
			`traefik.http.routers.authentik.service: authentik`
			`traefik.http.routers.authentik.tls.certresolver: myresolver`
			`# Local domain`
			traefik.http.routers.authentik-local-insecure.rule: Host(`authentik.${LOCAL_DOMAIN}`)
			`traefik.http.routers.authentik-local-insecure.entrypoints: web`
			`traefik.http.routers.authentik-local-insecure.service: authentik`
			`traefik.http.routers.authentik-local-insecure.middlewares: authentik-web-redirect`
			`# Local domain secure`
			traefik.http.routers.authentik-local.rule: Host(`authentik.${LOCAL_DOMAIN}`)
			`traefik.http.routers.authentik-local.entrypoints: websecure`
			`traefik.http.routers.authentik-local.service: authentik`
			`traefik.http.routers.authentik-local.tls: true`
			`authentik-worker:`
chore(deps): update ghcr.io/goauthentik/server docker tag to v2023.10.5 (#1870) 2023-12-21 17:07:46 +00:00			`image: ghcr.io/goauthentik/server:2023.10.5`
Add Authentik (#1595) * Add Authentik * Update Missing Items From Tests * Update docker-compose.yml * Update config.json * Update docker-compose.yml * Update Envs * Update docker-compose.yml 2023-11-15 00:50:53 +00:00			`restart: unless-stopped`
			`command: worker`
			`container_name: authentik-worker`
			`environment:`
			`AUTHENTIK_REDIS__HOST: authentik-redis`
			`AUTHENTIK_POSTGRESQL__HOST: authentik-db`
			`AUTHENTIK_POSTGRESQL__USER: authentik`
			`AUTHENTIK_POSTGRESQL__NAME: authentik`
			`AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}`
			`AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}`
			# `user: root` and the docker socket volume are optional.
			`# See more for the docker socket integration here:`
			`# https://goauthentik.io/docs/outposts/integrations/docker`
			# Removing `user: root` also prevents the worker from fixing the permissions
			`# on the mounted folders, so when removing this make sure the folders have the correct UID/GID`
			`# (1000:1000 by default)`
			`user: root`
			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock`
			`- ${APP_DATA_DIR}/data/authentik-media:/media`
			`- ${APP_DATA_DIR}/data/authentik-certs:/certs`
			`- ${APP_DATA_DIR}/data/authentik-custom-templates:/templates`
			`depends_on:`
			`- authentik-db`
			`- authentik-redis`
			`networks:`
			`- tipi_main_network`

			`authentik-db:`
			`container_name: authentik-db`
Fix Docker Postgres Changes (#1678) 2023-11-23 05:38:43 +00:00			`image: postgres:12-alpine`
Add Authentik (#1595) * Add Authentik * Update Missing Items From Tests * Update docker-compose.yml * Update config.json * Update docker-compose.yml * Update Envs * Update docker-compose.yml 2023-11-15 00:50:53 +00:00			`restart: unless-stopped`
			`healthcheck:`
			`test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]`
			`start_period: 20s`
			`interval: 30s`
			`retries: 5`
			`timeout: 5s`
			`volumes:`
			`- ${APP_DATA_DIR}/data/postgres:/var/lib/postgresql/data`
			`environment:`
			`POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD}`
			`POSTGRES_USER: authentik`
			`POSTGRES_DB: authentik`
			`networks:`
			`- tipi_main_network`

			`authentik-redis:`
Fix Docker Postgres Changes (#1678) 2023-11-23 05:38:43 +00:00			`image: redis:alpine`
Add Authentik (#1595) * Add Authentik * Update Missing Items From Tests * Update docker-compose.yml * Update config.json * Update docker-compose.yml * Update Envs * Update docker-compose.yml 2023-11-15 00:50:53 +00:00			`command: --save 60 1 --loglevel warning`
			`container_name: authentik-redis`
			`restart: unless-stopped`
			`healthcheck:`
			`test: ["CMD-SHELL", "redis-cli ping \| grep PONG"]`
			`start_period: 20s`
			`interval: 30s`
			`retries: 5`
			`timeout: 3s`
			`volumes:`
			`- ${APP_DATA_DIR}/data/redis:/data`
			`networks:`
			`- tipi_main_network`