services: authentik-server: image: ghcr.io/goauthentik/server:2025.2.2 container_name: authentik-server command: server environment: - AUTHENTIK_REDIS__HOST=authentik-redis - AUTHENTIK_POSTGRESQL__HOST=authentik-postgres - AUTHENTIK_POSTGRESQL__USER=authentik - AUTHENTIK_POSTGRESQL__NAME=authentik - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST} - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT} - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME} - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD} - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS} - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL} - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT} - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM} ports: - 9000:9000 - 9443:9443 networks: - authentik - reverseproxy volumes: - ./config/authentik/media:/media - ./config/authentik/custom-templates:/templates depends_on: - authentik-postgres - authentik-redis restart: unless-stopped authentik-worker: image: ghcr.io/goauthentik/server:2025.2.2 container_name: authentik-worker command: worker environment: - AUTHENTIK_REDIS__HOST=authentik-redis - AUTHENTIK_POSTGRESQL__HOST=authentik-postgres - AUTHENTIK_POSTGRESQL__USER=authentik - AUTHENTIK_POSTGRESQL__NAME=authentik - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST} - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT} - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME} - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD} - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS} - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL} - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT} - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM} networks: - authentik - reverseproxy user: root volumes: - /run/docker.sock:/run/docker.sock - ./config/authentik/media:/media - ./config/authentik/certs:/certs - ./config/authentik/custom-templates:/templates depends_on: - authentik-postgres - authentik-redis restart: unless-stopped authentik-redis: image: docker.io/library/redis:7.4.2 container_name: authentik-redis command: --save 60 1 --loglevel warning healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s networks: - authentik volumes: - ./config/authentik/redis:/data restart: unless-stopped authentik-postgres: image: docker.io/library/postgres:17.4 container_name: authentik-postgres environment: - POSTGRES_USER=authentik - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - POSTGRES_DB=authentik - TZ=${TZ} healthcheck: test: ['CMD-SHELL', 'pg_isready -U "authentik"'] start_period: 30s interval: 10s timeout: 10s retries: 5 networks: - authentik volumes: - ./config/authentik/postgres:/var/lib/postgresql/data restart: unless-stopped pangolin: image: fosrl/pangolin:1.3.1 container_name: pangolin restart: unless-stopped networks: - reverseproxy volumes: - ./config:/app/config healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"] interval: "10s" timeout: "10s" retries: 15 traefik: image: traefik:v3.3.6 container_name: traefik restart: unless-stopped environment: CLOUDFLARE_DNS_API_TOKEN: "PBgohFerQJEkCEcOm0Fw7LKl83gZ8ILU0PKNG5AM" networks: - reverseproxy ports: - 443:443 - 80:80 depends_on: pangolin: condition: service_healthy command: - --configFile=/etc/traefik/traefik_config.yml volumes: - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs whoami: image: traefik/whoami container_name: whoami networks: - reverseproxy networks: authentik: name: authentik reverseproxy: external: true