b324ff09ef
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
CI/CD Pipeline / Policy Validation (push) Has been cancelled
CI/CD Pipeline / Test Suite (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Notifications (push) Has been cancelled
128 lines
4.5 KiB
YAML
128 lines
4.5 KiB
YAML
---
|
|
services:
|
|
authentik-server:
|
|
image: ghcr.io/goauthentik/server:2025.8.1
|
|
container_name: authentik-server
|
|
command: server
|
|
environment:
|
|
- AUTHENTIK_REDIS__HOST=authentik-redis
|
|
- AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
|
|
- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
|
|
- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
|
|
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:?error}
|
|
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?error}
|
|
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
|
|
|
|
labels:
|
|
# (Optional) Enable Traefik integration for the Authentik Web UI. For more information
|
|
# about integrating other services with Traefik and Authentik, see the
|
|
# documentation at https://goauthentik.io/docs/outposts/integrations/traefik
|
|
# and the middleware example files in `docker-compose/traefik/config`.
|
|
- traefik.enable=true
|
|
- traefik.http.services.authentik.loadbalancer.server.port=9000
|
|
- traefik.http.services.authentik.loadbalancer.server.scheme=http
|
|
- traefik.http.routers.authentik.entrypoints=websecure
|
|
- traefik.http.routers.authentik.rule=Host(`authentik.harkon.co.uk`)
|
|
- traefik.http.routers.authentik.tls=true
|
|
- traefik.http.routers.authentik.tls.certresolver=godaddy
|
|
- traefik.http.routers.authentik.service=authentik
|
|
volumes:
|
|
- ./media:/media
|
|
- ./custom-templates:/templates
|
|
depends_on:
|
|
- authentik-postgres
|
|
- authentik-redis
|
|
networks:
|
|
- frontend
|
|
- backend
|
|
restart: unless-stopped
|
|
|
|
authentik-worker:
|
|
image: ghcr.io/goauthentik/server:2025.8.1
|
|
container_name: authentik-worker
|
|
command: worker
|
|
environment:
|
|
- AUTHENTIK_REDIS__HOST=authentik-redis
|
|
- AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
|
|
- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER:-authentik}
|
|
- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB:-authentik}
|
|
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD:?error}
|
|
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?error}
|
|
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
|
|
# (Optional) Enable Email Sending
|
|
# Highly recommended to notify you about alerts and configuration issues.
|
|
# - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
|
|
# - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
|
|
# - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
|
|
# - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
|
|
# - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
|
|
# - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
|
|
# - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
|
|
# - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
|
|
# (Optional) See more for the docker socket integration here:
|
|
# https://goauthentik.io/docs/outposts/integrations/docker
|
|
user: root
|
|
volumes:
|
|
- /run/docker.sock:/run/docker.sock
|
|
- ./media:/media
|
|
- ./certs:/certs
|
|
- ./custom-templates:/templates
|
|
depends_on:
|
|
- authentik-postgres
|
|
- authentik-redis
|
|
networks:
|
|
- backend
|
|
restart: unless-stopped
|
|
|
|
authentik-redis:
|
|
image: docker.io/library/redis:8.2.1
|
|
container_name: authentik-redis
|
|
command: --save 60 1 --loglevel warning
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 3s
|
|
volumes:
|
|
- redis_data:/data
|
|
networks:
|
|
- backend
|
|
restart: unless-stopped
|
|
|
|
authentik-postgres:
|
|
# (Optional) Add a PostgreSQL Database for Authentik
|
|
# Alternatively, you can host your PostgreSQL database externally, and
|
|
# change the connection settings in the `authentik-server` and
|
|
# `authentik-worker`.
|
|
image: docker.io/library/postgres:17.6
|
|
container_name: authentik-db
|
|
environment:
|
|
- POSTGRES_USER=${POSTGRES_USER:-authentik}
|
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?error}
|
|
- POSTGRES_DB=${POSTGRES_DB:-authentik}
|
|
- TZ=${TZ:-UTC}
|
|
healthcheck:
|
|
test: ["CMD-SHELL", 'pg_isready -U "${POSTGRES_USER:-authentik}"']
|
|
start_period: 30s
|
|
interval: 10s
|
|
timeout: 10s
|
|
retries: 5
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
networks:
|
|
- backend
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
postgres_data:
|
|
driver: local
|
|
redis_data:
|
|
driver: local
|
|
|
|
networks:
|
|
frontend:
|
|
external: true
|
|
backend:
|
|
external: true
|