This guide deploys Authentik using Docker Compose with PostgreSQL and Redis.
/opt/authentik structure.env and docker-compose.yml- name: Deploy Authentik on Debian family
hosts: authentik_debian
become: true
vars:
authentik_dir: /opt/authentik
authentik_secret_key: "change-me-long-random-key"
authentik_pg_password: "change-me-postgres-password"
authentik_error_reporting: "false"
tasks:
- name: Install Docker dependencies
ansible.builtin.apt:
update_cache: true
name:
- docker.io
- docker-compose-plugin
state: present
- name: Enable and start Docker
ansible.builtin.systemd:
name: docker
enabled: true
state: started
- name: Create Authentik directories
ansible.builtin.file:
path: "{{ authentik_dir }}/{{ item }}"
state: directory
mode: "0755"
loop:
- ""
- media
- custom-templates
- name: Write Authentik environment file
ansible.builtin.copy:
dest: "{{ authentik_dir }}/.env"
mode: "0600"
content: |
PG_PASS={{ authentik_pg_password }}
AUTHENTIK_SECRET_KEY={{ authentik_secret_key }}
AUTHENTIK_ERROR_REPORTING__ENABLED={{ authentik_error_reporting }}
- name: Write Docker Compose stack
ansible.builtin.copy:
dest: "{{ authentik_dir }}/docker-compose.yml"
mode: "0644"
content: |
services:
postgresql:
image: postgres:16-alpine
restart: unless-stopped
environment:
POSTGRES_DB: authentik
POSTGRES_USER: authentik
POSTGRES_PASSWORD: ${PG_PASS}
volumes:
- ./media/postgresql:/var/lib/postgresql/data
redis:
image: redis:7-alpine
restart: unless-stopped
command: --save 60 1 --loglevel warning
volumes:
- ./media/redis:/data
server:
image: ghcr.io/goauthentik/server:latest
restart: unless-stopped
command: server
env_file:
- .env
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
volumes:
- ./media:/media
- ./custom-templates:/templates
ports:
- "9000:9000"
- "9443:9443"
depends_on:
- postgresql
- redis
worker:
image: ghcr.io/goauthentik/server:latest
restart: unless-stopped
command: worker
env_file:
- .env
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
volumes:
- ./media:/media
- ./custom-templates:/templates
depends_on:
- postgresql
- redis
- name: Start Authentik stack
ansible.builtin.command: docker compose up -d
args:
chdir: "{{ authentik_dir }}"
- name: Deploy Authentik on RHEL family
hosts: authentik_rhel
become: true
vars:
authentik_dir: /opt/authentik
tasks:
- name: Install Docker dependencies
ansible.builtin.dnf:
name:
- docker
- docker-compose-plugin
state: present
- name: Enable and start Docker
ansible.builtin.systemd:
name: docker
enabled: true
state: started
- name: Ensure Authentik directory exists
ansible.builtin.file:
path: "{{ authentik_dir }}"
state: directory
mode: "0755"
ansible-playbook -i inventory.ini authentik-install.yml
authentik_debian.AUTHENTIK_SECRET_KEY to a strong random value before production rollout.We develop tailored automation solutions for:
Let’s discuss your requirements: office@linux-server-admin.com | Contact