version: "3.7" services: authentik: image: ghcr.io/goauthentik/server:2023.10.4 restart: unless-stopped command: server container_name: authentik environment: AUTHENTIK_REDIS__HOST: authentik-redis AUTHENTIK_POSTGRESQL__HOST: authentik-db AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} volumes: - ${APP_DATA_DIR}/data/authentik-media:/media - ${APP_DATA_DIR}/data/authentik-custom-templates:/templates ports: - "8769:9000" - "${APP_PORT}:9443" depends_on: - authentik-db - authentik-redis networks: - tipi_main_network labels: # Main traefik.enable: true traefik.http.middlewares.authentik-web-redirect.redirectscheme.scheme: https traefik.http.services.authentik.loadbalancer.server.port: 9000 # Web traefik.http.routers.authentik-insecure.rule: Host(`${APP_DOMAIN}`) traefik.http.routers.authentik-insecure.entrypoints: web traefik.http.routers.authentik-insecure.service: authentik traefik.http.routers.authentik-insecure.middlewares: authentik-web-redirect # Websecure traefik.http.routers.authentik.rule: Host(`${APP_DOMAIN}`) traefik.http.routers.authentik.entrypoints: websecure traefik.http.routers.authentik.service: authentik traefik.http.routers.authentik.tls.certresolver: myresolver # Local domain traefik.http.routers.authentik-local-insecure.rule: Host(`authentik.${LOCAL_DOMAIN}`) traefik.http.routers.authentik-local-insecure.entrypoints: web traefik.http.routers.authentik-local-insecure.service: authentik traefik.http.routers.authentik-local-insecure.middlewares: authentik-web-redirect # Local domain secure traefik.http.routers.authentik-local.rule: Host(`authentik.${LOCAL_DOMAIN}`) traefik.http.routers.authentik-local.entrypoints: websecure traefik.http.routers.authentik-local.service: authentik traefik.http.routers.authentik-local.tls: true authentik-worker: image: ghcr.io/goauthentik/server:2023.10.4 restart: unless-stopped command: worker container_name: authentik-worker environment: AUTHENTIK_REDIS__HOST: authentik-redis AUTHENTIK_POSTGRESQL__HOST: authentik-db AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} # `user: root` and the docker socket volume are optional. # See more for the docker socket integration here: # https://goauthentik.io/docs/outposts/integrations/docker # Removing `user: root` also prevents the worker from fixing the permissions # on the mounted folders, so when removing this make sure the folders have the correct UID/GID # (1000:1000 by default) user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ${APP_DATA_DIR}/data/authentik-media:/media - ${APP_DATA_DIR}/data/authentik-certs:/certs - ${APP_DATA_DIR}/data/authentik-custom-templates:/templates depends_on: - authentik-db - authentik-redis networks: - tipi_main_network authentik-db: container_name: authentik-db image: docker.io/library/postgres:12-alpine restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - ${APP_DATA_DIR}/data/postgres:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD} POSTGRES_USER: authentik POSTGRES_DB: authentik networks: - tipi_main_network authentik-redis: image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning container_name: authentik-redis restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - ${APP_DATA_DIR}/data/redis:/data networks: - tipi_main_network