Authentik
Authentik is an open-source identity provider focused on flexibility and versatility. It supports SAML 2.0, OAuth 2.0/OpenID Connect, LDAP, SCIM, and proxy authentication, making it a comprehensive solution for single sign-on across all your applications. This stack deploys the Authentik server (handling both the web UI and API), a background worker for asynchronous tasks, PostgreSQL 16 for persistent data storage, and Redis 7 for caching and session management. Authentik provides a visual flow designer for building custom authentication workflows including MFA enrollment, passwordless login, and self-service registration. It also includes an outpost system for deploying LDAP servers and reverse-proxy authentication endpoints. After deployment, access the web UI on port 9000 and navigate to /if/flow/initial-setup/ to create your admin account.
शामिल सर्विसेज़
server
ghcr.io/goauthentik/server:2025.2
एनवायरनमेंट वेरिएबल्स:
worker
ghcr.io/goauthentik/server:2025.2
एनवायरनमेंट वेरिएबल्स:
postgres
postgres:16-alpine
एनवायरनमेंट वेरिएबल्स:
redis
redis:7-alpine
जनरेटेड YAML
# Generated by ComposeHub (composehub.dev)
name: authentik
services:
server:
image: ghcr.io/goauthentik/server:2025.2
restart: always
command:
- server
ports:
- 9000:9000
- 9443:9443
volumes:
- authentik_media:/media
- authentik_templates:/templates
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-changeme-generate-a-long-random-string}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgres
AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB:-authentik}
AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD:-changeme}
AUTHENTIK_ERROR_REPORTING__ENABLED: ${AUTHENTIK_ERROR_REPORTING:-false}
AUTHENTIK_LOG_LEVEL: ${AUTHENTIK_LOG_LEVEL:-info}
networks:
- authentik
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test:
- CMD-SHELL
- wget --no-verbose --tries=1 --spider http://localhost:9000/-/health/live/ || exit 1
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
deploy:
resources:
limits:
cpus: "2.00"
memory: 1024M
reservations:
cpus: "0.50"
memory: 256M
labels:
com.composehub.description: Authentik server — identity provider and SSO platform
worker:
image: ghcr.io/goauthentik/server:2025.2
restart: always
command:
- worker
volumes:
- authentik_media:/media
- authentik_certs:/certs
- authentik_templates:/templates
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-changeme-generate-a-long-random-string}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgres
AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB:-authentik}
AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD:-changeme}
networks:
- authentik
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
deploy:
resources:
limits:
cpus: "1.50"
memory: 1024M
reservations:
cpus: "0.25"
memory: 256M
labels:
com.composehub.description: Authentik background worker for async tasks
postgres:
image: postgres:16-alpine
restart: always
volumes:
- authentik_db:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${POSTGRES_DB:-authentik}
POSTGRES_USER: ${POSTGRES_USER:-authentik}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
networks:
- authentik
healthcheck:
test:
- CMD-SHELL
- pg_isready -U ${POSTGRES_USER:-authentik} -d ${POSTGRES_DB:-authentik}
interval: 5s
timeout: 5s
retries: 10
start_period: 30s
deploy:
resources:
limits:
cpus: "1.00"
memory: 512M
reservations:
cpus: "0.25"
memory: 128M
labels:
com.composehub.description: PostgreSQL 16 database for Authentik
redis:
image: redis:7-alpine
restart: always
command:
- redis-server
- "--save"
- "20"
- "1"
- "--loglevel"
- warning
- "--maxmemory"
- 256mb
- "--maxmemory-policy"
- allkeys-lru
volumes:
- authentik_redis:/data
networks:
- authentik
healthcheck:
test:
- CMD-SHELL
- redis-cli ping | grep PONG
interval: 5s
timeout: 5s
retries: 10
start_period: 10s
deploy:
resources:
limits:
cpus: "0.50"
memory: 320M
reservations:
cpus: "0.10"
memory: 64M
labels:
com.composehub.description: Redis 7 cache and session store for Authentik
networks:
authentik:
driver: bridge
volumes:
authentik_db:
driver: local
authentik_redis:
driver: local
authentik_media:
driver: local
authentik_certs:
driver: local
authentik_templates:
driver: local
त्वरित जानकारी
- सर्विसेज़
- 4
- नेटवर्क्स
- 1
- वॉल्यूम्स
- 5
कब उपयोग करें
यह टेम्पलेट एक authentik एनवायरनमेंट सेटअप के लिए आदर्श है। सभी सर्विसेज़ healthchecks, रिसोर्स लिमिट्स और उचित डिफ़ॉल्ट सेटिंग्स के साथ पहले से कॉन्फ़िगर्ड हैं। प्रोडक्शन में डिप्लॉय करने से पहले एनवायरनमेंट वेरिएबल्स कस्टमाइज़ करें।
सुझाव
- डिप्लॉय करने से पहले सभी डिफ़ॉल्ट पासवर्ड बदलें
- अपने हार्डवेयर के अनुसार रिसोर्स लिमिट्स की समीक्षा करें
- प्रोडक्शन HTTPS के लिए रिवर्स प्रॉक्सी जोड़ें
- डेटा वॉल्यूम्स के लिए बैकअप रणनीतियाँ कॉन्फ़िगर करें