docker-compose/archived/authentik/docker-compose.yaml

services:
  authentik_postgres:
    image: docker.io/library/postgres:17.5
    container_name: authentik_postgres
    environment:
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
    volumes:
      - ${APPDATA_PATH}/authentik/db:/var/lib/postgresql/data
    ports:
      - ${POSTGRES_PORT}:5432
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s

  authentik_valkey:
    image: docker.io/valkey/valkey:8.1.2
    container_name: authentik_valkey
    command: valkey-server --save 60 1 --loglevel warning --requirepass ${VALKEY_PASSWORD}
    volumes:
      - ${APPDATA_PATH}/authentik/valkey:/data
    ports:
      - ${VALKEY_PORT}:6379
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "echo 'auth ${VALKEY_PASSWORD}\nping' | valkey-cli | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s

  authentik_server:
    image: ghcr.io/goauthentik/server:2025.6.2
    container_name: authentik_server
    depends_on:
      authentik_postgres:
        condition: service_healthy
      authentik_valkey:
        condition: service_healthy
    command: server
    environment:
      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres
      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
      - AUTHENTIK_REDIS__HOST=authentik_valkey
      - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
    volumes:
      - ${APPDATA_PATH}/authentik/media:/media
      - ${APPDATA_PATH}/authentik/custom-templates:/templates
    ports:
      - ${AUTHENTIK_HTTP_PORT}:9000
      - ${AUTHENTIK_HTTPS_PORT}:9443
    restart: unless-stopped

  authentik_worker:
    image: ghcr.io/goauthentik/server:2025.6.2
    container_name: authentik_worker
    depends_on:
      authentik_postgres:
        condition: service_healthy
      authentik_valkey:
        condition: service_healthy
    command: worker
    environment:
      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres
      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
      - AUTHENTIK_REDIS__HOST=authentik_valkey
      - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
    volumes:
      - ${APPDATA_PATH}/authentik/media:/media
      - ${APPDATA_PATH}/authentik/certs:/certs
      - ${APPDATA_PATH}/authentik/custom-templates:/templates
    restart: unless-stopped