--- services: postgresql: image: docker.io/library/postgres:16-alpine restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - database:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${PG_PASS:?database password required} POSTGRES_USER: ${PG_USER:-authentik} POSTGRES_DB: ${PG_DB:-authentik} redis: image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - redis:/data server: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.3} restart: unless-stopped command: server environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST} AUTHENTIK_EMAIL__PORT: ${AUTHENTIK_EMAIL__PORT} AUTHENTIK_EMAIL__USERNAME: ${AUTHENTIK_EMAIL__USERNAME} AUTHENTIK_EMAIL__PASSWORD: ${AUTHENTIK_EMAIL__PASSWORD} AUTHENTIK_EMAIL__USE_TLS: ${AUTHENTIK_EMAIL__USE_TLS} AUTHENTIK_EMAIL__USE_SSL: ${AUTHENTIK_EMAIL__USE_SSL} AUTHENTIK_EMAIL__TIMEOUT: ${AUTHENTIK_EMAIL__TIMEOUT} AUTHENTIK_EMAIL__FROM: ${AUTHENTIK_EMAIL__FROM} volumes: - media:/media - custom-templates:/templates ports: - "${COMPOSE_PORT_HTTP:-9000}:9000" - "${COMPOSE_PORT_HTTPS:-9443}:9443" depends_on: postgresql: condition: service_healthy redis: condition: service_healthy worker: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.3} restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST} AUTHENTIK_EMAIL__PORT: ${AUTHENTIK_EMAIL__PORT} AUTHENTIK_EMAIL__USERNAME: ${AUTHENTIK_EMAIL__USERNAME} AUTHENTIK_EMAIL__PASSWORD: ${AUTHENTIK_EMAIL__PASSWORD} AUTHENTIK_EMAIL__USE_TLS: ${AUTHENTIK_EMAIL__USE_TLS} AUTHENTIK_EMAIL__USE_SSL: ${AUTHENTIK_EMAIL__USE_SSL} AUTHENTIK_EMAIL__TIMEOUT: ${AUTHENTIK_EMAIL__TIMEOUT} AUTHENTIK_EMAIL__FROM: ${AUTHENTIK_EMAIL__FROM} # `user: root` and the docker socket volume are optional. # See more for the docker socket integration here: # https://goauthentik.io/docs/outposts/integrations/docker # Removing `user: root` also prevents the worker from fixing the permissions # on the mounted folders, so when removing this make sure the folders have the correct UID/GID # (1000:1000 by default) user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - media:/media - certs:/certs - custom-templates:/templates depends_on: postgresql: condition: service_healthy redis: condition: service_healthy authentik_ldap: image: ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.12.3} restart: unless-stopped ports: - 3389:3389 - 6636:6636 environment: AUTHENTIK_HOST: https://auth.pcenicni.ca AUTHENTIK_INSECURE: "false" AUTHENTIK_TOKEN: 2OutrpIACRD41JdhjiZE6zSL8I48RpwkvnDRVbEPnllDnzdcxO9UJ26iS08Q depends_on: postgresql: condition: service_healthy volumes: database: driver: local redis: driver: local media: driver: local certs: driver: local custom-templates: driver: local