diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 10a3b23..29aa6f4 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -13,8 +13,6 @@ services: postgresql: image: docker.io/library/postgres:${POSTGRES_TAG:?POSTGRES_TAG is not configured} - volumes: - - database:/var/lib/postgresql/data networks: - backend diff --git a/docker-compose.yml b/docker-compose.yml index 25340e3..e6ef91f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,90 +1,85 @@ ---- - services: postgresql: - image: docker.io/library/postgres:16-alpine - restart: unless-stopped - healthcheck: - test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] - start_period: 20s - interval: 30s - retries: 5 - timeout: 5s - volumes: - - database:/var/lib/postgresql/data + env_file: + - .env environment: + POSTGRES_DB: ${PG_DB:-authentik} POSTGRES_PASSWORD: ${PG_PASS:?database password required} POSTGRES_USER: ${PG_USER:-authentik} - POSTGRES_DB: ${PG_DB:-authentik} - env_file: - - .env - redis: - image: docker.io/library/redis:alpine - command: --save 60 1 --loglevel warning - restart: unless-stopped healthcheck: - test: ["CMD-SHELL", "redis-cli ping | grep PONG"] - start_period: 20s interval: 30s retries: 5 - timeout: 3s - volumes: - - redis:/data - server: - image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.2} + start_period: 20s + test: + - CMD-SHELL + - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER} + timeout: 5s + image: docker.io/library/postgres:16-alpine restart: unless-stopped - command: server - environment: - AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} - AUTHENTIK_REDIS__HOST: redis - AUTHENTIK_POSTGRESQL__HOST: postgresql - AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} - AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} - AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} volumes: - - ./media:/media - - ./custom-templates:/templates - env_file: - - .env - ports: - - "${COMPOSE_PORT_HTTP:-9000}:9000" - - "${COMPOSE_PORT_HTTPS:-9443}:9443" + - database:/var/lib/postgresql/data + redis: + command: --save 60 1 --loglevel warning + healthcheck: + interval: 30s + retries: 5 + start_period: 20s + test: + - CMD-SHELL + - redis-cli ping | grep PONG + timeout: 3s + image: docker.io/library/redis:alpine + restart: unless-stopped + volumes: + - redis:/data + server: + command: server depends_on: postgresql: condition: service_healthy redis: condition: service_healthy - worker: - image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.2} - restart: unless-stopped - command: worker + env_file: + - .env environment: - AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} - AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql - AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} - # `user: root` and the docker socket volume are optional. - # See more for the docker socket integration here: - # https://goauthentik.io/docs/outposts/integrations/docker - # Removing `user: root` also prevents the worker from fixing the permissions - # on the mounted folders, so when removing this make sure the folders have the correct UID/GID - # (1000:1000 by default) + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.1} + ports: + - ${COMPOSE_PORT_HTTP:-9000}:9000 + - ${COMPOSE_PORT_HTTPS:-9443}:9443 + restart: unless-stopped + volumes: + - ./media:/media + - ./custom-templates:/templates + worker: + command: worker + depends_on: + postgresql: + condition: service_healthy + redis: + condition: service_healthy + env_file: + - .env + environment: + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.1} + restart: unless-stopped user: root volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ./media:/media - - ./certs:/certs - - ./custom-templates:/templates - env_file: - - .env - depends_on: - postgresql: - condition: service_healthy - redis: - condition: service_healthy - + - /var/run/docker.sock:/var/run/docker.sock + - ./media:/media + - ./certs:/certs + - ./custom-templates:/templates volumes: database: driver: local diff --git a/env.prod.template b/env.prod.template index 829a172..deda0c8 100644 --- a/env.prod.template +++ b/env.prod.template @@ -5,8 +5,8 @@ PUBLIC_DOMAIN=sso.s1q.dev TLS_DOMAIN=*.s1q.dev # Server Versions -AUTHENTIK_TAG=2025.4.2 -POSTGRES_TAG=16.9-alpine +AUTHENTIK_TAG=2025.8.1 +POSTGRES_TAG=17.6-alpine REDIS_TAG=8.0-alpine # Error reporting & Logging