Vadym/OVHserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
OVHserver/opt/01-security/authentik/docker-compose.yml
SamoilenkoVadym a987d45fbc chore: initial infrastructure setup with Syncthing, Git and documentation 
Set up three-tier synchronization: Syncthing (real-time), GitHub (version control), rsync (disaster recovery). Includes complete documentation for future Claude sessions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-05 16:41:12 +00:00

139 lines
4.2 KiB
YAML
Raw Permalink Blame History

version: "3.8"
services:
postgresql:
image: postgres:16-alpine
container_name: authentik-postgres
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- authentik-postgres-data:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_DB: ${POSTGRES_DB}
networks:
- authentik-internal
redis:
image: redis:alpine
container_name: authentik-redis
command: --save 60 1 --loglevel warning --requirepass ${REDIS_PASSWORD}
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli --pass ${REDIS_PASSWORD} ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- authentik-redis-data:/data
networks:
- authentik-internal
server:
image: ghcr.io/goauthentik/server:2025.10.1
container_name: authentik-server
restart: unless-stopped
command: server
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
AUTHENTIK_ERROR_REPORTING__ENABLED: ${AUTHENTIK_ERROR_REPORTING__ENABLED}
AUTHENTIK_LOG_LEVEL: ${AUTHENTIK_LOG_LEVEL}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_REDIS__PASSWORD: ${REDIS_PASSWORD}
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER}
AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB}
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- ./media:/media
- ./custom-templates:/templates
- ./blueprints:/blueprints/custom
ports:
- "9000:9000"
- "9443:9443"
healthcheck:
test: ["CMD-SHELL", "python -c 'import urllib.request; urllib.request.urlopen(\"http://localhost:9000/-/health/ready/\")' || exit 1"]
start_period: 90s
interval: 30s
retries: 5
timeout: 5s
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
- authentik-internal
- traefik-public
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik-public"
- "traefik.http.routers.authentik.rule=Host(`auth.ai-impress.com`)"
- "traefik.http.routers.authentik.entrypoints=websecure"
- "traefik.http.routers.authentik.tls.certresolver=cloudflare"
- "traefik.http.services.authentik.loadbalancer.server.port=9000"
worker:
image: ghcr.io/goauthentik/server:2025.10.1
container_name: authentik-worker
restart: unless-stopped
command: worker
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
AUTHENTIK_ERROR_REPORTING__ENABLED: ${AUTHENTIK_ERROR_REPORTING__ENABLED}
AUTHENTIK_LOG_LEVEL: ${AUTHENTIK_LOG_LEVEL}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_REDIS__PASSWORD: ${REDIS_PASSWORD}
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER}
AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB}
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD}
user: root
volumes:
- ./media:/media
- ./custom-templates:/templates
- ./blueprints:/blueprints/custom
- /var/run/docker.sock:/var/run/docker.sock
- ./certs:/certs
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
- authentik-internal
proxy:
image: ghcr.io/goauthentik/proxy:2025.10.1
container_name: authentik-proxy
restart: unless-stopped
environment:
AUTHENTIK_HOST: http://authentik-server:9000
AUTHENTIK_HOST_BROWSER: https://auth.ai-impress.com
AUTHENTIK_INSECURE: "false"
AUTHENTIK_TOKEN: 07EyrIosrXyWjPO8Mk3QbSMm1JZI3gUIwaFKsbNXbJSv7WAOeI1MCBxnOW5Y
networks:
- traefik-public
- authentik-internal
depends_on:
server:
condition: service_healthy
volumes:
authentik-postgres-data:
driver: local
authentik-redis-data:
driver: local
networks:
authentik-internal:
driver: bridge
traefik-public:
external: true
Reference in a new issue View git blame Copy permalink