version: "3.8" services: postgresql: image: postgres:16-alpine container_name: authentik-postgres restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - authentik-postgres-data:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_USER: ${POSTGRES_USER} POSTGRES_DB: ${POSTGRES_DB} networks: - authentik-internal redis: image: redis:alpine container_name: authentik-redis command: --save 60 1 --loglevel warning --requirepass ${REDIS_PASSWORD} restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli --pass ${REDIS_PASSWORD} ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - authentik-redis-data:/data networks: - authentik-internal server: image: ghcr.io/goauthentik/server:2025.10.1 container_name: authentik-server restart: unless-stopped command: server environment: AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} AUTHENTIK_ERROR_REPORTING__ENABLED: ${AUTHENTIK_ERROR_REPORTING__ENABLED} AUTHENTIK_LOG_LEVEL: ${AUTHENTIK_LOG_LEVEL} AUTHENTIK_REDIS__HOST: redis AUTHENTIK_REDIS__PASSWORD: ${REDIS_PASSWORD} AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER} AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB} AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD} volumes: - ./media:/media - ./custom-templates:/templates - ./blueprints:/blueprints/custom ports: - "9000:9000" - "9443:9443" healthcheck: test: ["CMD-SHELL", "python -c 'import urllib.request; urllib.request.urlopen(\"http://localhost:9000/-/health/ready/\")' || exit 1"] start_period: 90s interval: 30s retries: 5 timeout: 5s depends_on: postgresql: condition: service_healthy redis: condition: service_healthy networks: - authentik-internal - traefik-public labels: - "traefik.enable=true" - "traefik.docker.network=traefik-public" - "traefik.http.routers.authentik.rule=Host(`auth.ai-impress.com`)" - "traefik.http.routers.authentik.entrypoints=websecure" - "traefik.http.routers.authentik.tls.certresolver=cloudflare" - "traefik.http.services.authentik.loadbalancer.server.port=9000" worker: image: ghcr.io/goauthentik/server:2025.10.1 container_name: authentik-worker restart: unless-stopped command: worker environment: AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} AUTHENTIK_ERROR_REPORTING__ENABLED: ${AUTHENTIK_ERROR_REPORTING__ENABLED} AUTHENTIK_LOG_LEVEL: ${AUTHENTIK_LOG_LEVEL} AUTHENTIK_REDIS__HOST: redis AUTHENTIK_REDIS__PASSWORD: ${REDIS_PASSWORD} AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER} AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB} AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD} user: root volumes: - ./media:/media - ./custom-templates:/templates - ./blueprints:/blueprints/custom - /var/run/docker.sock:/var/run/docker.sock - ./certs:/certs depends_on: postgresql: condition: service_healthy redis: condition: service_healthy networks: - authentik-internal proxy: image: ghcr.io/goauthentik/proxy:2025.10.1 container_name: authentik-proxy restart: unless-stopped environment: AUTHENTIK_HOST: http://authentik-server:9000 AUTHENTIK_HOST_BROWSER: https://auth.ai-impress.com AUTHENTIK_INSECURE: "false" AUTHENTIK_TOKEN: 07EyrIosrXyWjPO8Mk3QbSMm1JZI3gUIwaFKsbNXbJSv7WAOeI1MCBxnOW5Y networks: - traefik-public - authentik-internal depends_on: server: condition: service_healthy volumes: authentik-postgres-data: driver: local authentik-redis-data: driver: local networks: authentik-internal: driver: bridge traefik-public: external: true