From 9ac3eb8dc19dc1cf5744a5ce1595da7933e44e84 Mon Sep 17 00:00:00 2001 From: josedario87 Date: Sat, 4 Oct 2025 15:15:58 -0600 Subject: [PATCH] Initial Authentik setup with docker-compose - Docker Compose configuration with PostgreSQL, Redis, server and worker - Authentik version 2025.8.4 (latest stable) - Gitea Actions workflow for automated deployment - Environment configuration template - Directory structure for media, templates and certificates --- .gitea/workflows/deploy.yml | 53 ++++++++++++++++++++++ .gitignore | 22 ++++++++++ docker-compose.yml | 87 +++++++++++++++++++++++++++++++++++++ 3 files changed, 162 insertions(+) create mode 100644 .gitea/workflows/deploy.yml create mode 100644 .gitignore create mode 100644 docker-compose.yml diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..7e6dfbc --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,53 @@ +name: deploy-authentik + +on: + push: + branches: [ main ] + +jobs: + #───────────────── deploy ───────────────── + deploy: + runs-on: docker + steps: + - uses: actions/checkout@v3 + + - name: Ensure external docker network exists + run: | + docker network inspect principal >/dev/null 2>&1 || docker network create principal + + - name: Stop existing Authentik stack + run: docker compose -f docker-compose.yml --project-name authentik down || true + + - name: Pull latest images + run: docker compose -f docker-compose.yml pull + + - name: Start Authentik stack + run: docker compose -f docker-compose.yml --project-name authentik up -d --remove-orphans + + - name: Wait for services to be healthy + run: | + echo "Waiting for PostgreSQL..." + timeout 60 bash -c 'until docker compose -f docker-compose.yml --project-name authentik exec -T postgresql pg_isready -U authentik; do sleep 2; done' || echo "PostgreSQL health check timed out" + + echo "Waiting for Redis..." + timeout 60 bash -c 'until docker compose -f docker-compose.yml --project-name authentik exec -T redis redis-cli ping | grep PONG; do sleep 2; done' || echo "Redis health check timed out" + + - name: Show service status + run: docker compose -f docker-compose.yml --project-name authentik ps + + - name: Show recent logs + run: docker compose -f docker-compose.yml --project-name authentik logs --tail=50 + + - name: Inspect published ports + run: | + echo "=== Server container ports ===" + CID=$(docker compose -f docker-compose.yml --project-name authentik ps -q server) + echo "Container: $CID" + docker inspect "$CID" --format '{{json .NetworkSettings.Ports}}' || true + docker port "$CID" || true + + - name: Test HTTP endpoint + run: | + echo "Testing HTTP endpoint..." + sleep 10 + curl -f http://localhost:9000 || echo "HTTP endpoint not ready yet" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a632bbe --- /dev/null +++ b/.gitignore @@ -0,0 +1,22 @@ +# Environment variables +.env + +# Authentik data directories +media/ +certs/ + +# Docker volumes data (if using local binding) +postgresql-data/ +redis-data/ + +# Logs +*.log + +# Temporary files +*.tmp +*.bak +*~ + +# OS files +.DS_Store +Thumbs.db diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..7e9ed65 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,87 @@ +services: + postgresql: + env_file: + - .env + environment: + POSTGRES_DB: ${PG_DB:-authentik} + POSTGRES_PASSWORD: ${PG_PASS:?database password required} + POSTGRES_USER: ${PG_USER:-authentik} + healthcheck: + interval: 30s + retries: 5 + start_period: 20s + test: + - CMD-SHELL + - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER} + timeout: 5s + image: docker.io/library/postgres:16-alpine + restart: unless-stopped + volumes: + - database:/var/lib/postgresql/data + redis: + command: --save 60 1 --loglevel warning + healthcheck: + interval: 30s + retries: 5 + start_period: 20s + test: + - CMD-SHELL + - redis-cli ping | grep PONG + timeout: 3s + image: docker.io/library/redis:alpine + restart: unless-stopped + volumes: + - redis:/data + server: + command: server + depends_on: + postgresql: + condition: service_healthy + redis: + condition: service_healthy + env_file: + - .env + environment: + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.4} + ports: + - ${COMPOSE_PORT_HTTP:-9000}:9000 + - ${COMPOSE_PORT_HTTPS:-9443}:9443 + restart: unless-stopped + volumes: + - ./media:/media + - ./custom-templates:/templates + worker: + command: worker + depends_on: + postgresql: + condition: service_healthy + redis: + condition: service_healthy + env_file: + - .env + environment: + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.4} + restart: unless-stopped + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./media:/media + - ./certs:/certs + - ./custom-templates:/templates +volumes: + database: + driver: local + redis: + driver: local