From cefb575b6838be4534605abf9829a0042101c673 Mon Sep 17 00:00:00 2001 From: reonokiy Date: Wed, 21 May 2025 22:05:15 +0800 Subject: [PATCH 1/5] update authentik --- authentik/docker-compose.yml | 93 +++++++++++++++++------------------- 1 file changed, 45 insertions(+), 48 deletions(-) diff --git a/authentik/docker-compose.yml b/authentik/docker-compose.yml index 4ce084b..ad5403a 100644 --- a/authentik/docker-compose.yml +++ b/authentik/docker-compose.yml @@ -1,9 +1,7 @@ ---- - services: postgres: - image: docker.io/library/postgres:16-alpine - restart: unless-stopped + image: postgres:17 + restart: always healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s @@ -11,17 +9,17 @@ services: retries: 5 timeout: 5s volumes: - - database:/var/lib/postgresql/data + - ${DATA_DIR:-./data}/postgres:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD: ${PG_PASS:?database password required} - POSTGRES_USER: ${PG_USER:-authentik} - POSTGRES_DB: ${PG_DB:-authentik} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-authentik} + POSTGRES_USER: ${POSTGRES_USER:-authentik} + POSTGRES_DB: ${POSTGRES_DB:-authentik} env_file: - .env redis: - image: docker.io/library/redis:alpine + image: redis:8 command: --save 60 1 --loglevel warning - restart: unless-stopped + restart: always healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s @@ -29,64 +27,63 @@ services: retries: 5 timeout: 3s volumes: - - redis:/data + - ${DATA_DIR:-./data}/redis:/data server: - image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.0} - restart: unless-stopped + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2025.4.0} + restart: always + user: root command: server environment: AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} AUTHENTIK_REDIS__HOST: redis - AUTHENTIK_POSTGRESQL__HOST: postgresql - AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} - AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} - AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + AUTHENTIK_POSTGRESQL__HOST: postgres + AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD:-authentik} + AUTHENTIK_ERROR_REPORTING__ENABLED: true + AUTHENTIK_EMAIL__HOST: ${SMTP_HOST:?smtp host required} + AUTHENTIK_EMAIL__PORT: ${SMTP_PORT:-587} + AUTHENTIK_EMAIL__USERNAME: ${SMTP_USERNAME:?smtp username required} + AUTHENTIK_EMAIL__PASSWORD: ${SMTP_PASSWORD:?smtp password required} + AUTHENTIK_EMAIL__USE_TLS: ${SMTP_USE_TLS:-true} + AUTHENTIK_EMAIL__FROM: ${SMTP_FROM:?smtp from required} volumes: - - ./media:/media - - ./custom-templates:/templates - env_file: - - .env + - ${DATA_DIR:-./data}/authentik/media:/media + - ${DATA_DIR:-./data}/authentik/templates:/templates ports: - - "${COMPOSE_PORT_HTTP:-9000}:9000" - - "${COMPOSE_PORT_HTTPS:-9443}:9443" + - "${HTTP_PORT:-9000}:9000" + - "${HTTPS_PORT:-9443}:9443" depends_on: postgresql: condition: service_healthy redis: condition: service_healthy worker: - image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.0} - restart: unless-stopped + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2025.4.0} + restart: always + user: root command: worker environment: AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} AUTHENTIK_REDIS__HOST: redis - AUTHENTIK_POSTGRESQL__HOST: postgresql - AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} - AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} - AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} - # `user: root` and the docker socket volume are optional. - # See more for the docker socket integration here: - # https://goauthentik.io/docs/outposts/integrations/docker - # Removing `user: root` also prevents the worker from fixing the permissions - # on the mounted folders, so when removing this make sure the folders have the correct UID/GID - # (1000:1000 by default) - user: root + AUTHENTIK_POSTGRESQL__HOST: postgres + AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD:-authentik} + AUTHENTIK_ERROR_REPORTING__ENABLED: true + AUTHENTIK_EMAIL__HOST: ${SMTP_HOST:?smtp host required} + AUTHENTIK_EMAIL__PORT: ${SMTP_PORT:-587} + AUTHENTIK_EMAIL__USERNAME: ${SMTP_USERNAME:?smtp username required} + AUTHENTIK_EMAIL__PASSWORD: ${SMTP_PASSWORD:?smtp password required} + AUTHENTIK_EMAIL__USE_TLS: ${SMTP_USE_TLS:-true} + AUTHENTIK_EMAIL__FROM: ${SMTP_FROM:?smtp from required} volumes: - /var/run/docker.sock:/var/run/docker.sock - - ./media:/media - - ./certs:/certs - - ./custom-templates:/templates - env_file: - - .env + - ${DATA_DIR:-./data}/authentik/media:/media + - ${DATA_DIR:-./data}/authentik/certs:/certs + - ${DATA_DIR:-./data}/authentik/templates:/templates depends_on: - postgresql: + postgres: condition: service_healthy redis: condition: service_healthy - -volumes: - database: - driver: local - redis: - driver: local From c2a595de870bcfe347e394b8d649f4ad7406b263 Mon Sep 17 00:00:00 2001 From: reonokiy Date: Wed, 21 May 2025 23:44:46 +0800 Subject: [PATCH 2/5] update --- authentik/{docker-compose.yml => docker-compose.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename authentik/{docker-compose.yml => docker-compose.yaml} (100%) diff --git a/authentik/docker-compose.yml b/authentik/docker-compose.yaml similarity index 100% rename from authentik/docker-compose.yml rename to authentik/docker-compose.yaml From cd91769b93df4ff98d5c35262a381c8a1e1d84f1 Mon Sep 17 00:00:00 2001 From: reonokiy Date: Thu, 22 May 2025 00:22:54 +0800 Subject: [PATCH 3/5] update --- authentik/docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentik/docker-compose.yaml b/authentik/docker-compose.yaml index ad5403a..c25ed77 100644 --- a/authentik/docker-compose.yaml +++ b/authentik/docker-compose.yaml @@ -54,7 +54,7 @@ services: - "${HTTP_PORT:-9000}:9000" - "${HTTPS_PORT:-9443}:9443" depends_on: - postgresql: + postgres: condition: service_healthy redis: condition: service_healthy From 265848898e937490a7c218c074160df2b5df40d9 Mon Sep 17 00:00:00 2001 From: reonokiy Date: Thu, 22 May 2025 00:31:04 +0800 Subject: [PATCH 4/5] update --- authentik/docker-compose.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/authentik/docker-compose.yaml b/authentik/docker-compose.yaml index c25ed77..ce449a9 100644 --- a/authentik/docker-compose.yaml +++ b/authentik/docker-compose.yaml @@ -14,8 +14,6 @@ services: POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-authentik} POSTGRES_USER: ${POSTGRES_USER:-authentik} POSTGRES_DB: ${POSTGRES_DB:-authentik} - env_file: - - .env redis: image: redis:8 command: --save 60 1 --loglevel warning From a19bcf68b66a83a7e9ce81391b03a736feb2d875 Mon Sep 17 00:00:00 2001 From: reonokiy Date: Thu, 22 May 2025 01:58:44 +0800 Subject: [PATCH 5/5] update authentik version --- authentik/docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/authentik/docker-compose.yaml b/authentik/docker-compose.yaml index ce449a9..7cfc503 100644 --- a/authentik/docker-compose.yaml +++ b/authentik/docker-compose.yaml @@ -27,7 +27,7 @@ services: volumes: - ${DATA_DIR:-./data}/redis:/data server: - image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2025.4.0} + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2025.4.1} restart: always user: root command: server @@ -57,7 +57,7 @@ services: redis: condition: service_healthy worker: - image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2025.4.0} + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2025.4.1} restart: always user: root command: worker