Diese Version wurde durch eine neuere bestätigte Version ersetzt.DiffDiese Version (2025/03/28 20:27) wurde bestätigt durch Daniel.

Dies ist eine alte Version des Dokuments!

Docker: Authentik

Authentik is a middleware expanding the basic authentication- features of FreeIPA by many additional, modern ways of authentication which is used by modern Software. It will make SSO possible (Single-Sign-On: only logging into your pc will be enough to open all apps) by using the Kerberos-Credentials to login to authentik and than to authenticate the third-aprty app like Nextcloud without any user or Password.

TODO

Dockerfile

Usually, i link the env-File to some central File. This time, as there are Passwords included, i will setup an own file. File .env: 

#Common Docker-Parameters
COMPOSE_PROJECT_NAME=servername
COMPOSE_HTTP_TIMEOUT=180

#Authentik: https://goauthentik.io/docs/installation/docker-compose
AUTHENTIK_TAG=latest
AUTHENTIK_SECRET_KEY=SEEDOCS
AUTHENTIK_ERROR_REPORTING__ENABLED=true
#
#Postgres-DB Authentik
AUTHENTIK_POSTGRESQL__HOST=nextcloud-aio-database
AUTHENTIK_POSTGRESQL__USER=authentik
AUTHENTIK_POSTGRESQL__NAME=authentik
AUTHENTIK_POSTGRESQL__PASSWORD=YOURPGPASS
#
#Redis - we are using nextcloud here
AUTHENTIK_REDIS__HOST=nextcloud-aio-redis
AUTHENTIK_REDIS__PASSWORD=SeeInNextcloudSettings_nextcloud_data_config/config.php
#
## SMTP Host Emails are sent to
#AUTHENTIK_EMAIL__HOST=mailserver
#AUTHENTIK_EMAIL__PORT=465
## Optionally authenticate (don't add quotation marks to your password)
#AUTHENTIK_EMAIL__USERNAME=mailuser@host.de
#AUTHENTIK_EMAIL__PASSWORD=MAILPWD
## Use StartTLS
#AUTHENTIK_EMAIL__USE_TLS=false
## Use SSL
#AUTHENTIK_EMAIL__USE_SSL=true
#AUTHENTIK_EMAIL__TIMEOUT=10
## Email address authentik will send from, should have a correct @domain
#AUTHENTIK_EMAIL__FROM=mailuser@host.de

The File docker-compose.yml contains: 

# Source: https://docs.goauthentik.io/docs/releases/2024.10
# wget -O docker-compose.yml https://goauthentik.io/version/2024.10/docker-compose.yml

services:
  authentik_pgsql:
    image: docker.io/library/postgres:16-alpine
    restart: always
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - authentik_pgsql_data:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
      POSTGRES_USER: ${PG_USER:-authentik}
      POSTGRES_DB: ${PG_DB:-authentik}
    env_file:
      - .env

# Using nextcloud-aio-redis
#  redis:
#    image: docker.io/library/redis:alpine
#    command: --save 60 1 --loglevel warning
#    restart: unless-stopped
#    healthcheck:
#      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
#      start_period: 20s
#      interval: 30s
#      retries: 5
#      timeout: 3s
#    volumes:
#      - redis:/data

# Authentik Server
  authentik_server:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2.1}
    restart: always
    command: server
# When Upgrading: Check for new Parameters and add to env, not here
# Possible Parameters: https://docs.goauthentik.io/docs/install-config/configuration/
    environment:
#      AUTHENTIK_REDIS__HOST: nextcloud-aio-redis # see .env for password
#      AUTHENTIK_POSTGRESQL__HOST: nextcloud-aio-database
#      AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
#      AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
#      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
      KRB5_TRACE: /dev/stderr
    volumes:
      - authentik_media:/media
      - authentik_custom_templates:/templates
    env_file:
      - .env
# Caddy virtualised
#    ports:
#      - "${COMPOSE_PORT_HTTP:-9000}:9000"
#      - "${COMPOSE_PORT_HTTPS:-9443}:9443"

# Authentik Worker
  authentik_worker:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.10.0}
    restart: always
    command: worker
#Se above
#    environment:
#      AUTHENTIK_REDIS__HOST: nextcloud-aio-redis
#      AUTHENTIK_POSTGRESQL__HOST: nextcloud-aio-database
#      AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
#      AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
#      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
    # `user: root` and the docker socket volume are optional.
    # See more for the docker socket integration here:
    # https://goauthentik.io/docs/outposts/integrations/docker
    # Removing `user: root` also prevents the worker from fixing the permissions
    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
    # (1000:1000 by default)
    user: root
    volumes:
# No Docker integration / LDAP- Outpost not needed (will be freeipa)
#      - /var/run/docker.sock:/var/run/docker.sock
      - authentik_media:/media
      - authentik_certs:/certs
      - authentik_custom_templates:/templates
    depends_on:
      - authentik_server
    env_file:
      - .env

volumes:
  authentik_pgsql_data:
    driver: local
#  redis:
#    driver: local
  authentik_media:
    driver: local
  authentik_custom_templates:
    driver: local
  authentik_certs:
    driver: local
Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information
  • content/serverbasics/docker-authentik.1743193643.txt.gz
  • Zuletzt geändert: 2025/03/28 20:27
  • von Daniel