diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index 54e2268e0..c89b1d826 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -80,3 +80,8 @@ default_token_length: 128 impersonation: true blueprints_dir: /blueprints + +web: + # No default here as it's set dynamically + # workers: 2 + threads: 4 diff --git a/docker-compose.yml b/docker-compose.yml index 3074880c9..d5c1fdfb4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -42,7 +42,6 @@ services: AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} # AUTHENTIK_ERROR_REPORTING__ENABLED: "true" - # WORKERS: 2 volumes: - ./media:/media - ./custom-templates:/templates diff --git a/lifecycle/gunicorn.conf.py b/lifecycle/gunicorn.conf.py index b8d28d18f..e579375b9 100644 --- a/lifecycle/gunicorn.conf.py +++ b/lifecycle/gunicorn.conf.py @@ -87,8 +87,8 @@ if SERVICE_HOST_ENV_NAME in os.environ: else: default_workers = max(cpu_count() * 0.25, 1) + 1 # Minimum of 2 workers -workers = int(os.environ.get("WORKERS", default_workers)) -threads = int(os.environ.get("THREADS", 4)) +workers = int(CONFIG.y("web.workers", default_workers)) +threads = int(CONFIG.y("web.threads", 4)) # pylint: disable=unused-argument def post_fork(server: "Arbiter", worker: DjangoUvicornWorker): diff --git a/website/docs/installation/configuration.md b/website/docs/installation/configuration.md index 7821a3a8a..0d87567a8 100644 --- a/website/docs/installation/configuration.md +++ b/website/docs/installation/configuration.md @@ -15,6 +15,16 @@ All of these variables can be set to values, but you can also use a URI-like for - `env://` Loads the value from the environment variable ``. Fallback can be optionally set like `env://?` - `file://` Loads the value from the file ``. Fallback can be optionally set like `file://?` +## Checking settings + +To check if your config has been applied correctly, you can run the following command to output the full config: + +``` +docker-compose run --rm worker dump_config +# Or for kubernetes +kubectl exec -it deployment/authentik-worker -c authentik -- ak dump_config +``` + ## PostgreSQL Settings - `AUTHENTIK_POSTGRESQL__HOST`: Hostname of your PostgreSQL Server @@ -233,12 +243,23 @@ Allows configuration of TLS Cliphers for LDAP connections used by LDAP sources. Defaults to `null`. -## Debugging +### `AUTHENTIK_WEB__WORKERS` -To check if your config has been applied correctly, you can run the following command to output the full config: +:::info +Requires authentik 2022.9 +::: -``` -docker-compose run --rm worker dump_config -# Or for kubernetes -kubectl exec -it deployment/authentik-worker -c authentik -- ak dump_config -``` +Configure how many gunicorn worker processes should be started (see https://docs.gunicorn.org/en/stable/design.html). + +If running in Kubernetes, the default value is set to 2 and should in most cases not be changed, as scaling can be done with multiple pods running the web server. +Otherwise, authentik will use 1 worker for each 4 CPU cores + 1 as a value below 2 workers is not recommended. + +### `AUTHENTIK_WEB__THREADS` + +:::info +Requires authentik 2022.9 +::: + +Configure how many gunicorn threads a worker processes should have (see https://docs.gunicorn.org/en/stable/design.html). + +Defaults to 4. diff --git a/website/docs/releases/v2022.9.md b/website/docs/releases/v2022.9.md index 774b621bb..0ef7c6cf5 100644 --- a/website/docs/releases/v2022.9.md +++ b/website/docs/releases/v2022.9.md @@ -3,6 +3,10 @@ title: Release 2022.9 slug: "2022.9" --- +## Breaking changes + +- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../installation/configuration#authentik_web__workers) + ## New features - UI for Duo device Import diff --git a/website/sidebars.js b/website/sidebars.js index 4613f3b8e..e0b142147 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -7,6 +7,7 @@ module.exports = { { type: "category", label: "Installation", + collapsed: false, link: { type: "generated-index", title: "Installation",