services: postgresql: image: docker.io/library/postgres:16-alpine container_name: authentik_db restart: unless-stopped env_file: - .env environment: POSTGRES_DB: ${PG_DB:-authentik} POSTGRES_PASSWORD: ${PG_PASS:?database password required} POSTGRES_USER: ${PG_USER:-authentik} healthcheck: interval: 30s retries: 5 start_period: 20s test: - CMD-SHELL - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER} timeout: 5s volumes: - /docker/data/authentik/db:/var/lib/postgresql/data networks: - net server: image: ghcr.io/goauthentik/server:2026.2 container_name: authentik_server restart: always user: root depends_on: postgresql: condition: service_healthy env_file: - .env environment: AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} AUTHENTIK_POSTGRESQL__SSLMODE: disable AUTHENTIK_OUTPOSTS__DISCOVER: false ports: - 9000:9000 shm_size: 512mb volumes: - /docker/data/authentik/data:/data - /docker/data/authentik/templates:/templates command: server networks: - net - caddy_default worker: image: ghcr.io/goauthentik/server:2026.2 container_name: authentik_worker restart: always user: root depends_on: postgresql: condition: service_healthy env_file: - .env environment: AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} shm_size: 512mb volumes: # - /var/run/docker.sock:/var/run/docker.sock - /docker/data/authentik/data:/data - /docker/data/authentik/templates:/templates - /docker/data/authentik/certs:/certsx command: worker networks: - net networks: net: internal: true caddy_default: external: true