Authentik
Authentik is an open-source identity provider focused on flexibility and versatility. It supports SAML 2.0, OAuth 2.0/OpenID Connect, LDAP, SCIM, and proxy authentication, making it a comprehensive solution for single sign-on across all your applications. This stack deploys the Authentik server (handling both the web UI and API), a background worker for asynchronous tasks, PostgreSQL 16 for persistent data storage, and Redis 7 for caching and session management. Authentik provides a visual flow designer for building custom authentication workflows including MFA enrollment, passwordless login, and self-service registration. It also includes an outpost system for deploying LDAP servers and reverse-proxy authentication endpoints. After deployment, access the web UI on port 9000 and navigate to /if/flow/initial-setup/ to create your admin account.
Servizi Inclusi
server
ghcr.io/goauthentik/server:2025.2
Variabili d'Ambiente:
worker
ghcr.io/goauthentik/server:2025.2
Variabili d'Ambiente:
postgres
postgres:16-alpine
Variabili d'Ambiente:
redis
redis:7-alpine
YAML Generato
# Generated by ComposeHub (composehub.dev)
name: authentik
services:
server:
image: ghcr.io/goauthentik/server:2025.2
restart: always
command:
- server
ports:
- 9000:9000
- 9443:9443
volumes:
- authentik_media:/media
- authentik_templates:/templates
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-changeme-generate-a-long-random-string}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgres
AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB:-authentik}
AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD:-changeme}
AUTHENTIK_ERROR_REPORTING__ENABLED: ${AUTHENTIK_ERROR_REPORTING:-false}
AUTHENTIK_LOG_LEVEL: ${AUTHENTIK_LOG_LEVEL:-info}
networks:
- authentik
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test:
- CMD-SHELL
- wget --no-verbose --tries=1 --spider http://localhost:9000/-/health/live/ || exit 1
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
deploy:
resources:
limits:
cpus: "2.00"
memory: 1024M
reservations:
cpus: "0.50"
memory: 256M
labels:
com.composehub.description: Authentik server — identity provider and SSO platform
worker:
image: ghcr.io/goauthentik/server:2025.2
restart: always
command:
- worker
volumes:
- authentik_media:/media
- authentik_certs:/certs
- authentik_templates:/templates
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-changeme-generate-a-long-random-string}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgres
AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB:-authentik}
AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD:-changeme}
networks:
- authentik
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
deploy:
resources:
limits:
cpus: "1.50"
memory: 1024M
reservations:
cpus: "0.25"
memory: 256M
labels:
com.composehub.description: Authentik background worker for async tasks
postgres:
image: postgres:16-alpine
restart: always
volumes:
- authentik_db:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${POSTGRES_DB:-authentik}
POSTGRES_USER: ${POSTGRES_USER:-authentik}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
networks:
- authentik
healthcheck:
test:
- CMD-SHELL
- pg_isready -U ${POSTGRES_USER:-authentik} -d ${POSTGRES_DB:-authentik}
interval: 5s
timeout: 5s
retries: 10
start_period: 30s
deploy:
resources:
limits:
cpus: "1.00"
memory: 512M
reservations:
cpus: "0.25"
memory: 128M
labels:
com.composehub.description: PostgreSQL 16 database for Authentik
redis:
image: redis:7-alpine
restart: always
command:
- redis-server
- "--save"
- "20"
- "1"
- "--loglevel"
- warning
- "--maxmemory"
- 256mb
- "--maxmemory-policy"
- allkeys-lru
volumes:
- authentik_redis:/data
networks:
- authentik
healthcheck:
test:
- CMD-SHELL
- redis-cli ping | grep PONG
interval: 5s
timeout: 5s
retries: 10
start_period: 10s
deploy:
resources:
limits:
cpus: "0.50"
memory: 320M
reservations:
cpus: "0.10"
memory: 64M
labels:
com.composehub.description: Redis 7 cache and session store for Authentik
networks:
authentik:
driver: bridge
volumes:
authentik_db:
driver: local
authentik_redis:
driver: local
authentik_media:
driver: local
authentik_certs:
driver: local
authentik_templates:
driver: local
Informazioni Rapide
- Servizi
- 4
- Reti
- 1
- Volumi
- 5
Quando Usarlo
Questo template è ideale per configurare un ambiente authentik Tutti i servizi sono preconfigurati con healthchecks, limiti di risorse e valori predefiniti sensati. Personalizza le variabili d'ambiente prima di fare il deploy in produzione.
Consigli
- Cambia tutte le password predefinite prima del deploy
- Verifica i limiti di risorse per il tuo hardware
- Aggiungi un reverse proxy per HTTPS in produzione
- Configura strategie di backup per i volumi di dati