Deploy Authentik
The overall-best open-source identity provider, focused on flexibility and versatility.
⭐ 15.0k stars📜 MIT🔴 Advanced⏱ ~20 minutes
What You’ll Get
A fully working Authentik instance running on your server. Your data stays on your hardware — no third-party access, no usage limits, no surprise invoices.
Prerequisites
- A server with Docker and Docker Compose installed (setup guide)
- A domain name pointed to your server (optional but recommended)
- Basic terminal access (SSH)
The Config
Create a directory for Authentik and add this docker-compose.yml:
# -------------------------------------------------------------------------
# 🚀 Created and distributed by The AltStack
# 🌍 https://thealtstack.com
# -------------------------------------------------------------------------
version: '3.8'
services:
server:
image: ghcr.io/goauthentik/server:latest
container_name: authentik-server
restart: unless-stopped
command: server
depends_on:
- db
- redis
ports:
- "9000:9000"
- "9443:9443"
environment:
- AUTHENTIK_REDIS__HOST=redis
- AUTHENTIK_POSTGRESQL__HOST=db
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__NAME=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD=authentik
- AUTHENTIK_SECRET_KEY=generate-a-random-secret-key
worker:
image: ghcr.io/goauthentik/server:latest
container_name: authentik-worker
restart: unless-stopped
command: worker
depends_on:
- db
- redis
environment:
- AUTHENTIK_REDIS__HOST=redis
- AUTHENTIK_POSTGRESQL__HOST=db
- AUTHENTIK_POSTGRESQL__USER=authentik
- AUTHENTIK_POSTGRESQL__NAME=authentik
- AUTHENTIK_POSTGRESQL__PASSWORD=authentik
- AUTHENTIK_SECRET_KEY=generate-a-random-secret-key
db:
image: postgres:12-alpine
container_name: authentik-db
restart: unless-stopped
environment:
- POSTGRES_PASSWORD=authentik
- POSTGRES_USER=authentik
- POSTGRES_DB=authentik
volumes:
- authentik_db_data:/var/lib/postgresql/data
redis:
image: redis:6-alpine
container_name: authentik-redis
restart: unless-stopped
volumes:
authentik_db_data:Let’s Ship It
# Create a directory
mkdir -p /opt/authentik && cd /opt/authentik
# Create the docker-compose.yml (paste the config above)
nano docker-compose.yml
# Pull images and start
docker compose up -d
# Watch the logs
docker compose logs -fEnvironment Variables
| Variable | Default | Required |
|---|---|---|
AUTHENTIK_REDIS__HOST | redis | No |
AUTHENTIK_POSTGRESQL__HOST | db | No |
AUTHENTIK_POSTGRESQL__USER | authentik | No |
AUTHENTIK_POSTGRESQL__NAME | authentik | No |
AUTHENTIK_POSTGRESQL__PASSWORD | authentik | No |
AUTHENTIK_SECRET_KEY | generate-a-random-secret-key | No |
POSTGRES_PASSWORD | authentik | No |
POSTGRES_USER | authentik | No |
POSTGRES_DB | authentik | No |
Post-Deployment Checklist
- Service is accessible on the configured port
- Admin account created (if applicable)
- Reverse proxy configured (Caddy guide)
- SSL/HTTPS working
- Backup script set up (backup guide)
- Uptime monitor added (Uptime Kuma)
The “I Broke It” Section
Container won’t start?
docker compose logs authentik | tail -50Port already in use?
# Find what's using the port
lsof -i :PORT_NUMBERNeed to start fresh?
docker compose down -v # ⚠️ This deletes volumes/data!
docker compose up -d