Authentik
Authentik is an open-source identity provider focused on flexibility and versatility. It supports SAML 2.0, OAuth 2.0/OpenID Connect, LDAP, SCIM, and proxy authentication, making it a comprehensive solution for single sign-on across all your applications. This stack deploys the Authentik server (handling both the web UI and API), a background worker for asynchronous tasks, PostgreSQL 16 for persistent data storage, and Redis 7 for caching and session management. Authentik provides a visual flow designer for building custom authentication workflows including MFA enrollment, passwordless login, and self-service registration. It also includes an outpost system for deploying LDAP servers and reverse-proxy authentication endpoints. After deployment, access the web UI on port 9000 and navigate to /if/flow/initial-setup/ to create your admin account.
Enthaltene Services
server
ghcr.io/goauthentik/server:2025.2
Umgebungsvariablen:
worker
ghcr.io/goauthentik/server:2025.2
Umgebungsvariablen:
postgres
postgres:16-alpine
Umgebungsvariablen:
redis
redis:7-alpine
Generiertes YAML
# Generated by ComposeHub (composehub.dev)
name: authentik
services:
server:
image: ghcr.io/goauthentik/server:2025.2
restart: always
command:
- server
ports:
- 9000:9000
- 9443:9443
volumes:
- authentik_media:/media
- authentik_templates:/templates
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-changeme-generate-a-long-random-string}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgres
AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB:-authentik}
AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD:-changeme}
AUTHENTIK_ERROR_REPORTING__ENABLED: ${AUTHENTIK_ERROR_REPORTING:-false}
AUTHENTIK_LOG_LEVEL: ${AUTHENTIK_LOG_LEVEL:-info}
networks:
- authentik
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test:
- CMD-SHELL
- wget --no-verbose --tries=1 --spider http://localhost:9000/-/health/live/ || exit 1
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
deploy:
resources:
limits:
cpus: "2.00"
memory: 1024M
reservations:
cpus: "0.50"
memory: 256M
labels:
com.composehub.description: Authentik server — identity provider and SSO platform
worker:
image: ghcr.io/goauthentik/server:2025.2
restart: always
command:
- worker
volumes:
- authentik_media:/media
- authentik_certs:/certs
- authentik_templates:/templates
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-changeme-generate-a-long-random-string}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgres
AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB:-authentik}
AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD:-changeme}
networks:
- authentik
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
deploy:
resources:
limits:
cpus: "1.50"
memory: 1024M
reservations:
cpus: "0.25"
memory: 256M
labels:
com.composehub.description: Authentik background worker for async tasks
postgres:
image: postgres:16-alpine
restart: always
volumes:
- authentik_db:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${POSTGRES_DB:-authentik}
POSTGRES_USER: ${POSTGRES_USER:-authentik}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
networks:
- authentik
healthcheck:
test:
- CMD-SHELL
- pg_isready -U ${POSTGRES_USER:-authentik} -d ${POSTGRES_DB:-authentik}
interval: 5s
timeout: 5s
retries: 10
start_period: 30s
deploy:
resources:
limits:
cpus: "1.00"
memory: 512M
reservations:
cpus: "0.25"
memory: 128M
labels:
com.composehub.description: PostgreSQL 16 database for Authentik
redis:
image: redis:7-alpine
restart: always
command:
- redis-server
- "--save"
- "20"
- "1"
- "--loglevel"
- warning
- "--maxmemory"
- 256mb
- "--maxmemory-policy"
- allkeys-lru
volumes:
- authentik_redis:/data
networks:
- authentik
healthcheck:
test:
- CMD-SHELL
- redis-cli ping | grep PONG
interval: 5s
timeout: 5s
retries: 10
start_period: 10s
deploy:
resources:
limits:
cpus: "0.50"
memory: 320M
reservations:
cpus: "0.10"
memory: 64M
labels:
com.composehub.description: Redis 7 cache and session store for Authentik
networks:
authentik:
driver: bridge
volumes:
authentik_db:
driver: local
authentik_redis:
driver: local
authentik_media:
driver: local
authentik_certs:
driver: local
authentik_templates:
driver: local
Kurzinfo
- Services
- 4
- Netzwerke
- 1
- Volumes
- 5
Wann verwenden
Dieses Template ist ideal für die Einrichtung einer authentik Umgebung. Alle Services sind mit Healthchecks, Ressourcenlimits und sinnvollen Standardwerten vorkonfiguriert. Passen Sie die Umgebungsvariablen an, bevor Sie in Produktion gehen.
Tipps
- Ändern Sie alle Standardpasswörter vor dem Deployment
- Überprüfen Sie die Ressourcenlimits für Ihre Hardware
- Fügen Sie einen Reverse Proxy für HTTPS in Produktion hinzu
- Konfigurieren Sie Backup-Strategien für Daten-Volumes