services: authentik_db: container_name: authentik_db image: docker.io/library/postgres:17.5-alpine restart: unless-stopped environment: # Database configuration - POSTGRES_USER=${POSTGRES_USER} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - POSTGRES_DB=${POSTGRES_DB} volumes: - ${APPDATA_PATH}/authentik/db:/var/lib/postgresql/data ports: - ${POSTGRES_PORT}:5432 healthcheck: test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s authentik_valkey: container_name: authentik_valkey image: docker.io/valkey/valkey:8.1.3-alpine restart: unless-stopped command: valkey-server --save 60 1 --requirepass ${VALKEY_PASSWORD} volumes: - ${APPDATA_PATH}/authentik/valkey:/data healthcheck: test: ["CMD-SHELL", "echo 'auth ${VALKEY_PASSWORD}\nping' | valkey-cli | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s authentik_server: container_name: authentik_server image: ghcr.io/goauthentik/server:2025.6.3 restart: unless-stopped depends_on: authentik_db: condition: service_healthy authentik_valkey: condition: service_healthy command: server environment: # Generic configuration - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} # Database configuration - AUTHENTIK_POSTGRESQL__HOST=authentik_db - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB} - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER} - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} # Valkey cache configuration - AUTHENTIK_REDIS__HOST=authentik_valkey - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD} # Email configuration - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST} - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT} - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME} - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD} - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS} - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL} - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT} - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM} volumes: - ${APPDATA_PATH}/authentik/media:/media - ${APPDATA_PATH}/authentik/custom-templates:/templates ports: - ${AUTHENTIK_HTTP_PORT}:9000 - ${AUTHENTIK_HTTPS_PORT}:9443 authentik_worker: container_name: authentik_worker image: ghcr.io/goauthentik/server:2025.6.3 restart: unless-stopped depends_on: authentik_db: condition: service_healthy authentik_valkey: condition: service_healthy command: worker user: ${PUID}:${PGID} environment: # Generic configuration - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} # Database configuration - AUTHENTIK_POSTGRESQL__HOST=authentik_db - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB} - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER} - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} # Valkey cache configuration - AUTHENTIK_REDIS__HOST=authentik_valkey - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD} # Email configuration - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST} - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT} - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME} - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD} - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS} - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL} - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT} - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM} volumes: - ${APPDATA_PATH}/authentik/media:/media - ${APPDATA_PATH}/authentik/certs:/certs - ${APPDATA_PATH}/authentik/custom-templates:/templates