2020-11-15 21:42:02 +00:00
---
title: docker-compose installation
---
2019-12-09 20:00:45 +00:00
2020-06-18 15:59:01 +00:00
This installation method is for test-setups and small-scale productive setups.
2019-12-09 20:00:45 +00:00
2021-02-23 08:46:07 +00:00
## Requirements
2019-12-09 20:00:45 +00:00
2022-05-09 19:22:41 +00:00
- A Linux host with at least 2 CPU cores and 2 GB of RAM.
- docker
- docker-compose
2019-12-09 20:00:45 +00:00
2021-01-04 23:41:10 +00:00
## Preparation
2019-12-09 20:00:45 +00:00
2021-10-13 15:51:54 +00:00
Download the latest `docker-compose.yml` from [here ](https://goauthentik.io/docker-compose.yml ). Place it in a directory of your choice.
2019-12-09 20:00:45 +00:00
2020-12-05 21:08:42 +00:00
If this is a fresh authentik install run the following commands to generate a password:
2020-09-14 20:54:25 +00:00
2021-03-11 15:42:19 +00:00
```shell
2021-04-15 15:33:25 +00:00
# You can also use openssl instead: `openssl rand -base64 36`
2020-09-14 20:54:25 +00:00
sudo apt-get install -y pwgen
2021-07-30 07:52:18 +00:00
# Because of a PostgreSQL limitation, only passwords up to 99 chars are supported
# See https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
2022-02-08 11:24:29 +00:00
echo "PG_PASS=$(pwgen -s 40 1)" >> .env
echo "AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)" >> .env
2021-04-07 13:36:46 +00:00
# Skip if you don't want to enable error reporting
echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env
2020-09-14 20:54:25 +00:00
```
2021-01-04 23:41:10 +00:00
## Email configuration (optional, but recommended)
2021-12-13 17:57:13 +00:00
It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts and configuration issues. They can also be used by [Email stages ](../flow/stages/email/ ) to send verification/recovery emails.
2021-01-04 23:41:10 +00:00
Append this block to your `.env` file
2021-03-11 15:42:19 +00:00
```shell
2021-01-04 23:41:10 +00:00
# SMTP Host Emails are sent to
AUTHENTIK_EMAIL__HOST=localhost
AUTHENTIK_EMAIL__PORT=25
2021-11-21 20:52:29 +00:00
# Optionally authenticate (don't add quotation marks to you password)
AUTHENTIK_EMAIL__USERNAME=
AUTHENTIK_EMAIL__PASSWORD=
2021-01-04 23:41:10 +00:00
# Use StartTLS
AUTHENTIK_EMAIL__USE_TLS=false
# Use SSL
AUTHENTIK_EMAIL__USE_SSL=false
AUTHENTIK_EMAIL__TIMEOUT=10
# Email address authentik will send from, should have a correct @domain
AUTHENTIK_EMAIL__FROM=authentik@localhost
```
2021-03-11 15:42:19 +00:00
## GeoIP configuration (optional)
authentik can use a MaxMind-formatted GeoIP Database to extract location data from IPs. You can then use this location data in policies, and location data is saved in events.
To configure GeoIP, sign up for a free MaxMind account [here ](https://www.maxmind.com/en/geolite2/signup ).
After you have your account ID and license key, add the following block to your `.env` file:
```shell
GEOIPUPDATE_ACCOUNT_ID=*your account ID*
GEOIPUPDATE_LICENSE_KEY=* your license key*
AUTHENTIK_AUTHENTIK__GEOIP=/geoip/GeoLite2-City.mmdb
```
The GeoIP database will automatically be updated every 8 hours.
2021-12-22 23:59:06 +00:00
## Running on Port 80/443
2022-01-17 13:48:02 +00:00
By default, authentik listens on port 9000 for HTTP and 9443 for HTTPS. To change this, you can set the following variables in `.env` :
2021-12-22 23:59:06 +00:00
2022-01-17 13:48:02 +00:00
```shell
AUTHENTIK_PORT_HTTP=80
AUTHENTIK_PORT_HTTPS=443
2021-12-22 23:59:06 +00:00
```
2022-01-17 13:48:02 +00:00
Afterwards, make sure to run `docker-compose up -d` .
2021-01-04 23:41:10 +00:00
## Startup
2020-09-14 20:54:25 +00:00
Afterwards, run these commands to finish
2021-03-11 15:42:19 +00:00
```shell
2020-06-08 20:09:04 +00:00
docker-compose pull
docker-compose up -d
2019-12-09 20:00:45 +00:00
```
2020-06-08 20:11:01 +00:00
2021-08-11 19:53:20 +00:00
The compose file statically references the latest version available at the time of downloading the compose file, which can be overridden with the `AUTHENTIK_TAG` environment variable.
2019-12-09 20:00:45 +00:00
2021-08-05 18:24:47 +00:00
authentik will then be reachable on port 9000 (HTTP) and port 9443 (HTTPS).
2020-09-20 11:36:07 +00:00
2021-04-06 18:25:22 +00:00
To start the initial setup, navigate to `https://<your server>/if/flow/initial-setup/` . There you will be prompted to set a password for the akadmin user.
2021-04-15 14:12:55 +00:00
## Explanation
2022-06-02 12:02:01 +00:00
:::warning
The server assumes to have local timezone as UTC.
All internals are handled in UTC, whenever a time is displayed to the user in UI it gets localized.
Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers.
This will not give any advantages.
On the contrary, it will cause problems with OAuth and SAML authentication,
e.g. [see this GitHub issue ](https://github.com/goauthentik/authentik/issues/3005 ).
:::
2021-04-15 14:12:55 +00:00
The docker-compose project contains the following containers:
2022-05-09 19:22:41 +00:00
- server
2021-04-15 14:12:55 +00:00
2021-11-09 12:27:52 +00:00
This is the backend service, which does all the logic, runs the API and the actual SSO part. It also runs the frontend, hosts the JS/CSS files, and also serves the files you've uploaded for icons/etc.
2021-04-15 14:12:55 +00:00
2022-05-09 19:22:41 +00:00
- worker
2021-04-15 14:12:55 +00:00
2022-05-09 19:22:41 +00:00
This container executes background tasks, everything you can see on the _System Tasks_ page in the frontend.
2021-04-15 14:12:55 +00:00
2022-05-09 19:22:41 +00:00
- redis & postgresql
2021-04-15 14:12:55 +00:00
Cache and database respectively.
2021-08-17 11:29:25 +00:00
Additionally, if you've enabled GeoIP, there is a container running that regularly updates the GeoIP database.
