docker-compose-collection/authentik/docker-compose.yml

---
services:
  postgresql:
    image: docker.io/library/postgres:${AUTHENTIK_POSTGRESQL_VERSION:-16}
    container_name: authentik-db
    restart: unless-stopped
    env_file:
      - .env
    networks:
      - authentik
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - database:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${AUTHENTIK_POSTGRES_PASSWORD:?database password required}
      POSTGRES_USER: ${AUTHENTIK_POSTGRES_USER:-authentik}
      POSTGRES_DB: ${AUTHENTIK_POSTGRES_DATABASE:-authentik}

  redis:
    image: docker.io/library/redis:${AUTHENTIK_REDIS_VERSION:-alpine}
    container_name: authentik-redis
    restart: unless-stopped
    command: --save 60 1 --loglevel warning
    volumes:
      - redis:/data
    networks:
      - authentik
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s

  server:
    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.12.3}
    container_name: authentik-server
    restart: unless-stopped
    command: server
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
    networks:
      - traefik
      - authentik
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRES_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRES_DATABASE:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_POSTGRES_PASSWORD:?database password required}
    env_file:
      - .env
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.authentik.entrypoints=http"
      - "traefik.http.routers.authentik.rule=Host(`${AUTHENTIK_DOMAIN:?error}`)"
      - "traefik.http.middlewares.authentik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.authentik.middlewares=authentik-https-redirect"
      - "traefik.http.routers.authentik-secure.entrypoints=https"
      - "traefik.http.routers.authentik-secure.rule=Host(`${AUTHENTIK_DOMAIN:?error}`)"
      - "traefik.http.routers.authentik-secure.tls=true"
      - "traefik.http.routers.authentik-secure.service=authentik"
      - "traefik.http.services.authentik.loadbalancer.server.port=9000"
    depends_on:
      postgresql:
        condition: service_healthy
      redis:
        condition: service_healthy

  worker:
    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.12.3}
    container_name: authentik-worker
    restart: unless-stopped
    command: worker
    networks:
      - authentik
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./media:/media
      - ./certs:/certs
      - ./custom-templates:/templates
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRES_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRES_DATABASE:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_POSTGRES_PASSWORD:?database password required}
    env_file:
      - .env
    depends_on:
      postgresql:
        condition: service_healthy
      redis:
        condition: service_healthy

volumes:
  database:
    driver: local
  redis:
    driver: local

networks:
  traefik:
    external: true
  authentik:
    driver: bridge
Add Authentik container 2025-03-28 20:15:40 +00:00			`---`
			`services:`
			`postgresql:`
			`image: docker.io/library/postgres:${AUTHENTIK_POSTGRESQL_VERSION:-16}`
			`container_name: authentik-db`
			`restart: unless-stopped`
			`env_file:`
			`- .env`
			`networks:`
			`- authentik`
			`healthcheck:`
			`test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]`
			`start_period: 20s`
			`interval: 30s`
			`retries: 5`
			`timeout: 5s`
			`volumes:`
			`- database:/var/lib/postgresql/data`
			`environment:`
			`POSTGRES_PASSWORD: ${AUTHENTIK_POSTGRES_PASSWORD:?database password required}`
			`POSTGRES_USER: ${AUTHENTIK_POSTGRES_USER:-authentik}`
			`POSTGRES_DB: ${AUTHENTIK_POSTGRES_DATABASE:-authentik}`

			`redis:`
			`image: docker.io/library/redis:${AUTHENTIK_REDIS_VERSION:-alpine}`
			`container_name: authentik-redis`
			`restart: unless-stopped`
			`command: --save 60 1 --loglevel warning`
			`volumes:`
			`- redis:/data`
			`networks:`
			`- authentik`
			`healthcheck:`
			`test: ["CMD-SHELL", "redis-cli ping \| grep PONG"]`
			`start_period: 20s`
			`interval: 30s`
			`retries: 5`
			`timeout: 3s`

			`server:`
			`image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.12.3}`
			`container_name: authentik-server`
			`restart: unless-stopped`
			`command: server`
			`volumes:`
			`- ./media:/media`
			`- ./custom-templates:/templates`
			`networks:`
			`- traefik`
			`- authentik`
			`environment:`
			`AUTHENTIK_REDIS__HOST: redis`
			`AUTHENTIK_POSTGRESQL__HOST: postgresql`
			`AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRES_USER:-authentik}`
			`AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRES_DATABASE:-authentik}`
			`AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_POSTGRES_PASSWORD:?database password required}`
			`env_file:`
			`- .env`
			`labels:`
			`- "traefik.enable=true"`
			`- "traefik.docker.network=traefik"`
			`- "traefik.http.routers.authentik.entrypoints=http"`
			- "traefik.http.routers.authentik.rule=Host(`${AUTHENTIK_DOMAIN:?error}`)"
			`- "traefik.http.middlewares.authentik-https-redirect.redirectscheme.scheme=https"`
			`- "traefik.http.routers.authentik.middlewares=authentik-https-redirect"`
			`- "traefik.http.routers.authentik-secure.entrypoints=https"`
			- "traefik.http.routers.authentik-secure.rule=Host(`${AUTHENTIK_DOMAIN:?error}`)"
			`- "traefik.http.routers.authentik-secure.tls=true"`
			`- "traefik.http.routers.authentik-secure.service=authentik"`
			`- "traefik.http.services.authentik.loadbalancer.server.port=9000"`
			`depends_on:`
			`postgresql:`
			`condition: service_healthy`
			`redis:`
			`condition: service_healthy`

			`worker:`
			`image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.12.3}`
			`container_name: authentik-worker`
			`restart: unless-stopped`
			`command: worker`
			`networks:`
			`- authentik`
			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock`
			`- ./media:/media`
			`- ./certs:/certs`
			`- ./custom-templates:/templates`
			`environment:`
			`AUTHENTIK_REDIS__HOST: redis`
			`AUTHENTIK_POSTGRESQL__HOST: postgresql`
			`AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRES_USER:-authentik}`
			`AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRES_DATABASE:-authentik}`
			`AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_POSTGRES_PASSWORD:?database password required}`
			`env_file:`
			`- .env`
			`depends_on:`
			`postgresql:`
			`condition: service_healthy`
			`redis:`
			`condition: service_healthy`

			`volumes:`
			`database:`
			`driver: local`
			`redis:`
			`driver: local`

			`networks:`
			`traefik:`
			`external: true`
			`authentik:`
			`driver: bridge`