107 lines
3.0 KiB
YAML
107 lines
3.0 KiB
YAML
---
|
|
version: '3.4'
|
|
|
|
services:
|
|
# postgresql:
|
|
# image: postgres:12-alpine
|
|
# restart: unless-stopped
|
|
# healthcheck:
|
|
# test: ["CMD", "pg_isready"]
|
|
# start_period: 20s
|
|
# interval: 30s
|
|
# retries: 5
|
|
# timeout: 5s
|
|
# volumes:
|
|
# - database:/var/lib/postgresql/data
|
|
# environment:
|
|
# - POSTGRES_PASSWORD=${PG_PASS:?database password required}
|
|
# - POSTGRES_USER=${PG_USER:-authentik}
|
|
# - POSTGRES_DB=${PG_DB:-authentik}
|
|
# env_file:
|
|
# - .env
|
|
redis:
|
|
image: redis:alpine
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 3s
|
|
networks:
|
|
- internal
|
|
server:
|
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.6.2}
|
|
restart: unless-stopped
|
|
command: server
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: redis
|
|
AUTHENTIK_POSTGRESQL__HOST: ${PG_HOST:-postgres}
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
|
# WORKERS: 2
|
|
volumes:
|
|
- ./media:${DOCKER_STORAGE_PATH}/authentik/media
|
|
- ./custom-templates:${DOCKER_STORAGE_PATH}/authentik/templates
|
|
- geoip:/geoip
|
|
env_file:
|
|
- shared.env
|
|
- authentik.env
|
|
ports:
|
|
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
|
|
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
|
|
networks:
|
|
- internal
|
|
- postgres
|
|
worker:
|
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.6.2}
|
|
restart: unless-stopped
|
|
command: worker
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: redis
|
|
AUTHENTIK_POSTGRESQL__HOST: ${PG_HOST:-postgres}
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
|
|
# This is optional, and can be removed. If you remove this, the following will happen
|
|
# - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000
|
|
# - The docker socket can't be accessed anymore
|
|
user: root
|
|
volumes:
|
|
- ./media:${DOCKER_STORAGE_PATH}/authentik/media
|
|
- ./certs:${DOCKER_STORAGE_PATH}/authentik/certs
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./custom-templates:${DOCKER_STORAGE_PATH}/authentik/templates
|
|
- geoip:/geoip
|
|
env_file:
|
|
- .env
|
|
networks:
|
|
- internal
|
|
- postgres
|
|
geoipupdate:
|
|
image: "maxmindinc/geoipupdate:latest"
|
|
volumes:
|
|
- "geoip:/usr/share/GeoIP"
|
|
environment:
|
|
GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
|
|
GEOIPUPDATE_FREQUENCY: "8"
|
|
env_file:
|
|
- .env
|
|
networks:
|
|
- internal
|
|
|
|
volumes:
|
|
database:
|
|
driver: local
|
|
geoip:
|
|
driver: local
|
|
|
|
networks:
|
|
internal:
|
|
external: true
|
|
postgres:
|
|
external: true
|