2020-11-15 21:42:02 +00:00
---
2023-03-15 16:19:03 +00:00
title: Docker Compose installation
2020-11-15 21:42:02 +00:00
---
2019-12-09 20:00:45 +00:00
2023-03-21 14:04:50 +00:00
This installation method is for test-setups and small-scale production setups.
2019-12-09 20:00:45 +00:00
2021-02-23 08:46:07 +00:00
## Requirements
2019-12-09 20:00:45 +00:00
2023-03-15 16:19:03 +00:00
- A host with at least 2 CPU cores and 2 GB of RAM
- Docker
- Docker Compose
2019-12-09 20:00:45 +00:00
2021-01-04 23:41:10 +00:00
## Preparation
2019-12-09 20:00:45 +00:00
2021-10-13 15:51:54 +00:00
Download the latest `docker-compose.yml` from [here ](https://goauthentik.io/docker-compose.yml ). Place it in a directory of your choice.
2019-12-09 20:00:45 +00:00
2023-04-14 22:04:09 +00:00
If this is a fresh authentik installation, you need to generate a password and a secret key. If you don't already have a password generator installed, you can run this command to install **pwgen** , a popular generator:
2020-09-14 20:54:25 +00:00
2021-03-11 15:42:19 +00:00
```shell
2021-04-15 15:33:25 +00:00
# You can also use openssl instead: `openssl rand -base64 36`
2020-09-14 20:54:25 +00:00
sudo apt-get install -y pwgen
2023-04-14 22:04:09 +00:00
```
Next, run the following commands to generate a password and secret key and write them to your `.env` file:
```shell
2022-02-08 11:24:29 +00:00
echo "PG_PASS=$(pwgen -s 40 1)" >> .env
echo "AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)" >> .env
2023-04-14 22:04:09 +00:00
# Because of a PostgreSQL limitation, only passwords up to 99 chars are supported
# See https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
```
To enable error reporting, run the following command:
```shell
2021-04-07 13:36:46 +00:00
echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env
2020-09-14 20:54:25 +00:00
```
2023-04-14 22:04:09 +00:00
## Email configuration (optional but recommended)
2021-01-04 23:41:10 +00:00
2021-12-13 17:57:13 +00:00
It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts and configuration issues. They can also be used by [Email stages ](../flow/stages/email/ ) to send verification/recovery emails.
2021-01-04 23:41:10 +00:00
2023-03-15 16:19:03 +00:00
To configure email credentials, append this block to your `.env` file
2021-01-04 23:41:10 +00:00
2021-03-11 15:42:19 +00:00
```shell
2021-01-04 23:41:10 +00:00
# SMTP Host Emails are sent to
AUTHENTIK_EMAIL__HOST=localhost
AUTHENTIK_EMAIL__PORT=25
2022-09-25 09:44:41 +00:00
# Optionally authenticate (don't add quotation marks to your password)
2021-11-21 20:52:29 +00:00
AUTHENTIK_EMAIL__USERNAME=
AUTHENTIK_EMAIL__PASSWORD=
2021-01-04 23:41:10 +00:00
# Use StartTLS
AUTHENTIK_EMAIL__USE_TLS=false
# Use SSL
AUTHENTIK_EMAIL__USE_SSL=false
AUTHENTIK_EMAIL__TIMEOUT=10
# Email address authentik will send from, should have a correct @domain
AUTHENTIK_EMAIL__FROM=authentik@localhost
```
2023-03-15 16:19:03 +00:00
## Configure for port 80/443
2021-12-22 23:59:06 +00:00
2023-03-15 16:19:03 +00:00
By default, authentik listens on port 9000 for HTTP and 9443 for HTTPS. To change the default and instead use ports 80 and 443, you can set the following variables in `.env` :
2021-12-22 23:59:06 +00:00
2022-01-17 13:48:02 +00:00
```shell
AUTHENTIK_PORT_HTTP=80
AUTHENTIK_PORT_HTTPS=443
2021-12-22 23:59:06 +00:00
```
2023-03-15 16:19:03 +00:00
Be sure to run `docker-compose up -d` to rebuild with the new port numbers.
2022-01-17 13:48:02 +00:00
2021-01-04 23:41:10 +00:00
## Startup
2023-03-15 16:19:03 +00:00
Afterwards, run these commands to finish:
2020-09-14 20:54:25 +00:00
2021-03-11 15:42:19 +00:00
```shell
2020-06-08 20:09:04 +00:00
docker-compose pull
docker-compose up -d
2019-12-09 20:00:45 +00:00
```
2020-06-08 20:11:01 +00:00
2023-03-21 14:04:50 +00:00
The `docker-compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `docker-compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes ](../releases ).
2019-12-09 20:00:45 +00:00
2023-03-21 14:04:50 +00:00
By default, authentik is reachable (by default) on port 9000 (HTTP) and port 9443 (HTTPS).
2020-09-20 11:36:07 +00:00
2023-03-15 16:19:03 +00:00
To start the initial setup, navigate to `https://<your server's IP or hostname>:9000/if/flow/initial-setup/` .
2023-03-21 14:04:50 +00:00
There you are prompted to set a password for the akadmin user (the default user).
2021-04-15 14:12:55 +00:00
## Explanation
2022-06-02 12:02:01 +00:00
:::warning
The server assumes to have local timezone as UTC.
2023-03-15 16:19:03 +00:00
All internals are handled in UTC; whenever a time is displayed to the user in UI it gets localized.
2022-06-02 12:02:01 +00:00
Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers.
This will not give any advantages.
On the contrary, it will cause problems with OAuth and SAML authentication,
e.g. [see this GitHub issue ](https://github.com/goauthentik/authentik/issues/3005 ).
:::
2023-03-15 16:19:03 +00:00
The Docker-Compose project contains the following containers:
2021-04-15 14:12:55 +00:00
2022-05-09 19:22:41 +00:00
- server
2021-04-15 14:12:55 +00:00
2023-03-15 16:19:03 +00:00
This is the backend service, which does all the logic, plus runs the API and the SSO functionality. It also runs the frontend, hosts the JS/CSS files, and serves the files you've uploaded for icons/etc.
2021-04-15 14:12:55 +00:00
2022-05-09 19:22:41 +00:00
- worker
2021-04-15 14:12:55 +00:00
2022-05-09 19:22:41 +00:00
This container executes background tasks, everything you can see on the _System Tasks_ page in the frontend.
2021-04-15 14:12:55 +00:00
2023-03-15 16:19:03 +00:00
- redis (for cache)
2021-04-15 14:12:55 +00:00
2023-03-15 16:19:03 +00:00
- postgresql (default database)