{% import 'contrib/compose_helpers.j2' as helpers with context %} {##} version: "3.9" networks: {{ helpers.default_network(253) | indent(2) }} traefik_traefik: external: true services: server: image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} container_name: authentik_server labels: - {{ helpers.traefik_labels('auth', port='9000') | indent(6) }} - traefik.http.middlewares.authentik.forwardauth.address=http://localhost:9000/outpost.goauthentik.io/auth/traefik - traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true - traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version restart: unless-stopped # Port forward is needed because traefik can't resolve the container name from the host network ports: - "9000:9000" command: server env_file: - .env.authentik networks: - default - traefik_traefik worker: image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} container_name: authentik_worker restart: unless-stopped command: worker env_file: - .env.authentik volumes: - ./blueprints:/blueprints/alpina - {{ base_volume_path }}/authentik/certs:/certs postgres: image: postgres:12-alpine container_name: authentik_postgres restart: unless-stopped env_file: - .env.db healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - {{ base_volume_path }}/authentik/postgres:/var/lib/postgresql/data redis: image: redis:alpine container_name: authentik_redis restart: unless-stopped command: --save 60 1 --loglevel warning healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - {{ base_volume_path }}/authentik/redis:/data