This repository provides a docker-compose setup to run a self-hosted Authentik instance. Authentik is a flexible, open-source Identity & Access Management (IAM) solution that provides Single Sign-On, support for various protocols, and a user-friendly interface.
This setup uses dedicated PostgreSQL container and is pre-configured to join a shared Docker network, allowing easy integration with other self-hosted services.
- Comprehensive IAM Solution: Manage users, groups, and permissions with a powerful and easy-to-use interface.
- Wide Protocol Support: Supports OAuth 2.0, SAML, LDAP, and RADIUS for broad compatibility.
- Extensible & Customizable: Use custom templates, policies, and integrations to fit your needs.
- Advanced Security: Features like multi-factor authentication (MFA), passwordless login, and detailed audit logs.
- Outpost Integrations: Easily put existing applications behind a secure proxy with forward authentication.
- Decoupled Services: Uses separate, dedicated containers for PostgreSQL (
authentik-psql) and Worker (authentik-worker) for better stability and management.
-
Clone the repository:
git clone https://github.com/AiratTop/authentik-self-hosted.git cd authentik-self-hosted -
Create the shared network: If it doesn't exist yet, create the shared Docker network:
docker network create shared_network
-
Configure environment variables: Create a
.envfile and add the following required variables. These are critical for securing your instance.# A strong password for the Authentik database user PSQL_PWD= # A long, random, and secret string used for signing sessions AUTHENTIK_SECRET_KEY=
-
Start the services:
docker compose up -d
After starting, Authentik will perform its initial setup. This might take a minute or two.
To start the initial setup, navigate to:
- Initial Setup URL: http://localhost:9000/if/flow/initial-setup/
You will get a
Not Founderror if initial setup URL doesn't include the trailing forward slash/. Make sure you use the complete url http://localhost:9000/if/flow/initial-setup/ including the trailing forward slash.
There you are prompted to set a password for the akadmin user (the default user).
- Authentik Web UI: http://localhost:9000
- Start Services:
docker compose up -d - Stop Services:
docker compose down - View Logs:
docker compose logs -f - Restart:
./restart-docker.sh(Stops and starts the containers) - Update Images:
./update-docker.sh(Pulls the latest Docker images and restarts the services) - Backup:
./backup.sh(Creates a compressed backup of the PostgreSQL database)
Check out other self-hosted solutions:
- postgresql-self-hosted: A simple and robust PostgreSQL setup.
- mysql-self-hosted: A self-hosted MySQL instance.
- clickhouse-self-hosted: High-performance columnar database for analytics.
- metabase-self-hosted: Self-hosted Metabase on Docker for business intelligence and analytics.
- qdrant-self-hosted: A vector database for AI applications.
- redis-self-hosted: A fast in-memory data store, often used as a cache or message broker.
- caddy-self-hosted: A modern, easy-to-use web server with automatic HTTPS.
- wordpress-self-hosted: Production-ready WordPress stack with MySQL, phpMyAdmin, and WP-CLI.
- n8n-self-hosted: Scalable n8n with workers, Caddy for auto-HTTPS, and backup scripts.
- monitoring-self-hosted: Self-hosted monitoring stack with Prometheus and Grafana.
- ollama-self-hosted: Ready-to-use solution for running Ollama with the Open WebUI on Docker.
- authentik-self-hosted: Authentik is a flexible, open-source Identity & Access Management (IAM) solution.
- gatus-self-hosted: Automated service health dashboard with a PostgreSQL backend and backup scripts.
- beszel-self-hosted: Ready-to-run Beszel hub + agent stack for monitoring your infrastructure.
This project is licensed under the MIT License - see the LICENSE file for details.
AiratTop
- Website: airat.top
- GitHub: @AiratTop
- Email: [email protected]
- Repository: authentik-self-hosted