117 lines
3.5 KiB
Django/Jinja
117 lines
3.5 KiB
Django/Jinja
---
|
|
version: '3.4'
|
|
|
|
services:
|
|
postgresql:
|
|
image: docker.io/library/postgres:12-alpine
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 5s
|
|
volumes:
|
|
- {{ docker_volumes_dir }}/authentik/database:/var/lib/postgresql/data
|
|
environment:
|
|
- POSTGRES_PASSWORD=${PG_PASS:?database password required}
|
|
- POSTGRES_USER=${PG_USER:-authentik}
|
|
- POSTGRES_DB=${PG_DB:-authentik}
|
|
networks:
|
|
- authentik_net
|
|
env_file:
|
|
- .env
|
|
redis:
|
|
image: docker.io/library/redis:alpine
|
|
command: --save 60 1 --loglevel warning
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 3s
|
|
volumes:
|
|
- {{ docker_volumes_dir }}/authentik/redis:/data
|
|
networks:
|
|
- authentik_net
|
|
server:
|
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.11.3}
|
|
restart: unless-stopped
|
|
command: server
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: redis
|
|
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
VIRTUAL_HOST: {{ authentik_domain }}
|
|
VIRTUAL_PORT: {{ authentik_port_http }}
|
|
LETSENCRYPT_HOST: {{ authentik_domain }}
|
|
LETSENCRYPT_EMAIL: {{letsencrypt_email }}
|
|
volumes:
|
|
- {{ docker_volumes_dir }}/authentik/media:/media
|
|
- {{ docker_volumes_dir }}/authentik/custom-templates:/templates
|
|
- {{ docker_volumes_dir }}/authentik/geoip:/geoip
|
|
networks:
|
|
- authentik_net
|
|
- nginx_net
|
|
env_file:
|
|
- .env
|
|
expose:
|
|
- "${AUTHENTIK_PORT_HTTP:-9000}"
|
|
- "${AUTHENTIK_PORT_HTTPS:-9443}"
|
|
worker:
|
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.11.3}
|
|
restart: unless-stopped
|
|
command: worker
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: redis
|
|
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
# `user: root` and the docker socket volume are optional.
|
|
# See more for the docker socket integration here:
|
|
# https://goauthentik.io/docs/outposts/integrations/docker
|
|
# Removing `user: root` also prevents the worker from fixing the permissions
|
|
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
|
|
# (1000:1000 by default)
|
|
user: root
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- {{ docker_volumes_dir }}/authentik/media:/media
|
|
- {{ docker_volumes_dir }}/authentik/certs:/certs
|
|
- {{ docker_volumes_dir }}/authentik/custom-templates:/templates
|
|
- {{ docker_volumes_dir }}/authentik/geoip:/geoip
|
|
networks:
|
|
- authentik_net
|
|
env_file:
|
|
- .env
|
|
geoipupdate:
|
|
image: "maxmindinc/geoipupdate:latest"
|
|
volumes:
|
|
- "{{ docker_volumes_dir }}/authentik/geoip:/usr/share/GeoIP"
|
|
networks:
|
|
- authentik_net
|
|
environment:
|
|
GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
|
|
GEOIPUPDATE_FREQUENCY: "8"
|
|
env_file:
|
|
- .env
|
|
|
|
volumes:
|
|
database:
|
|
driver: local
|
|
redis:
|
|
driver: local
|
|
geoip:
|
|
driver: local
|
|
|
|
networks:
|
|
authentik_net:
|
|
external: false
|
|
name: authentik_net
|
|
nginx_net:
|
|
external: true
|
|
name: nginx_net
|