From 0418d564e0ac50d912782683c1ac9814d781f503 Mon Sep 17 00:00:00 2001
From: Nicole Rappe <cyberstrawberry101@gmail.com>
Date: Tue, 6 Feb 2024 19:57:09 -0700
Subject: [PATCH] Add Docker & Kubernetes/Docker/Docker Compose/Authentik.md

---
 .../Docker/Docker Compose/Authentik.md        | 117 ++++++++++++++++++
 1 file changed, 117 insertions(+)
 create mode 100644 Docker & Kubernetes/Docker/Docker Compose/Authentik.md

diff --git a/Docker & Kubernetes/Docker/Docker Compose/Authentik.md b/Docker & Kubernetes/Docker/Docker Compose/Authentik.md
new file mode 100644
index 0000000..3bcefbd
--- /dev/null
+++ b/Docker & Kubernetes/Docker/Docker Compose/Authentik.md	
@@ -0,0 +1,117 @@
+**Purpose**: Authentik is an open-source Identity Provider, focused on flexibility and versatility. With authentik, site administrators, application developers, and security engineers have a dependable and secure solution for authentication in almost any type of environment. There are robust recovery actions available for the users and applications, including user profile and password management. You can quickly edit, deactivate, or even impersonate a user profile, and set a new password for new users or reset an existing password.
+
+This document is based on the [Official Docker-Compose Documentation](https://goauthentik.io/docs/installation/docker-compose).  It is meant for testing / small-scale production deployments.
+
+## Docker Configuration
+```jsx title="docker-compose.yml"
+---
+version: "3.4"
+
+services:
+  postgresql:
+    image: docker.io/library/postgres:12-alpine
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - /srv/containers/authentik/db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
+      POSTGRES_USER: ${PG_USER:-authentik}
+      POSTGRES_DB: ${PG_DB:-authentik}
+    env_file:
+      - stack.env
+  redis:
+    image: docker.io/library/redis:alpine
+    command: --save 60 1 --loglevel warning
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - /srv/containers/authentik/redis:/data
+  server:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.7}
+    restart: unless-stopped
+    command: server
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+    volumes:
+      - /srv/containers/authentik/media:/media
+      - /srv/containers/authentik/custom-templates:/templates
+    env_file:
+      - stack.env
+    ports:
+      - "${COMPOSE_PORT_HTTP:-9000}:9000"
+      - "${COMPOSE_PORT_HTTPS:-9443}:9443"
+    depends_on:
+      - postgresql
+      - redis
+  worker:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.7}
+    restart: unless-stopped
+    command: worker
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+    # `user: root` and the docker socket volume are optional.
+    # See more for the docker socket integration here:
+    # https://goauthentik.io/docs/outposts/integrations/docker
+    # Removing `user: root` also prevents the worker from fixing the permissions
+    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
+    # (1000:1000 by default)
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /srv/containers/authentik/media:/media
+      - /srv/containers/authentik/certs:/certs
+      - /srv/containers/authentik/custom-templates:/templates
+    env_file:
+      - stack.env
+    depends_on:
+      - postgresql
+      - redis
+
+```
+
+```jsx title=".env"
+PLACEHOLDER
+```
+
+!!! note "Generating a Password"
+
+
+## Traefik Reverse Proxy Configuration
+If the container does not run on the same host as Traefik, you will need to manually add configuration to Traefik's dynamic config file, outlined below.
+``` yaml
+http:
+  routers:
+    PLACEHOLDER:
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: myresolver
+      service: PLACEHOLDER
+      rule: Host(`PLACEHOLDER.bunny-lab.io`)
+
+  services:
+    PLACEHOLDER:
+      loadBalancer:
+        servers:
+          - url: http://PLACEHOLDER:80
+        passHostHeader: true
+```
\ No newline at end of file