Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App Suggestion: [Authentik] #1040

Open
wajeht opened this issue Dec 17, 2023 · 1 comment
Open

App Suggestion: [Authentik] #1040

wajeht opened this issue Dec 17, 2023 · 1 comment

Comments

@wajeht
Copy link
Contributor

wajeht commented Dec 17, 2023

What is authentik?

authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols, implement sign-up/recovery/etc. in your application so you don't have to deal with it, and many other things.

I've tried stabbing at it. I am not sure what I am missing. Here is my config:

captainVersion: 4
services:
  $$cap_appname-postgresql:
    image: docker.io/library/postgres:12-alpine
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $$cap_POSTGRES_DB -U $$cap_POSTGRES_USER"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - $$cap_appname-postgresql-data:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: $$cap_POSTGRES_PASSWORD
      POSTGRES_USER: $$cap_POSTGRES_USER
      POSTGRES_DB: $$cap_POSTGRES_DB
    caproverExtra:
      notExposeAsWebApp: 'true'

  $$cap_appname-redis:
    image: docker.io/library/redis:alpine
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - $$cap_appname-redis-data:/data
    caproverExtra:
      notExposeAsWebApp: 'true'

  $$cap_appname:
    image: ghcr.io/goauthentik/server:2023.10.2
    restart: unless-stopped
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: srv-captain--$$cap_appname-redis
      AUTHENTIK_POSTGRESQL__HOST: srv-captain--$$cap_appname-postgresql
      AUTHENTIK_POSTGRESQL__USER: $$cap_POSTGRES_USER
      AUTHENTIK_POSTGRESQL__NAME: $$cap_POSTGRES_DB
      AUTHENTIK_SECRET_KEY: $$cap_AUTHENTIK_SECRET_KEY
      AUTHENTIK_POSTGRESQL__PASSWORD: $$cap_POSTGRES_PASSWORD
    volumes:
      - $$cap_appname-data-media:/media
      - $$cap_appname-data-templates:/templates
    ports:
      - "9000:9000"
      - "9443:9443"
    depends_on:
      - $$cap_appname-postgresql
      - $$cap_appname-redis
    caproverExtra:
      containerHttpPort: '9443'

  $$cap_appname-worker:
    image: ghcr.io/goauthentik/server:2023.10.2
    restart: unless-stopped
    command: worker
    environment:
      AUTHENTIK_REDIS__HOST: srv-captain--$$cap_appname-redis
      AUTHENTIK_POSTGRESQL__HOST: srv-captain--$$cap_appname-postgresql
      AUTHENTIK_POSTGRESQL__USER: $$cap_POSTGRES_USER
      AUTHENTIK_POSTGRESQL__NAME: $$cap_POSTGRES_DB
      AUTHENTIK_SECRET_KEY: $$cap_AUTHENTIK_SECRET_KEY
      AUTHENTIK_POSTGRESQL__PASSWORD: $$cap_POSTGRES_PASSWORD
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $$cap_appname-data-media:/media
      - $$cap_appname-data-certs:/certs
      - $$cap_appname-data-templates:/templates
    depends_on:
      - $$cap_appname-postgresql
      - $$cap_appname-redis

caproverOneClickApp:
  variables:
    - id: $$cap_POSTGRES_USER
      label: PostgreSQL User
      defaultValue: username
    - id: $$cap_POSTGRES_PASSWORD
      label: PostgreSQL Password
      description: 'Database password required'
      defaultValue: password
    - id: $$cap_POSTGRES_DB
      label: PostgreSQL Database Name
      defaultValue: database
    - id: $$cap_AUTHENTIK_SECRET_KEY
      label: Authentik secret key
      defaultValue: password
    - id: $$cap_appname_version
      label: Go Authentik Version
      defaultValue: '2023.10.2'
      description: Check out their GitHub packages page for the valid tags https://github.com/gethomepage/homepage/releases
      validRegex: /^([^\\s^\\/])+$/

  instructions:
    start: Just a plain Docker Compose.
    end: Docker Compose is deployed.

displayName: GoAuthentik
isOfficial: true
description: GoAuthentik is an open-source authentication and identity provider.
documentation: https://github.com/gethomepage/homepage

here is the docker-compose: https://goauthentik.io/docs/installation/docker-compose

---
version: "3.4"

services:
  postgresql:
    image: docker.io/library/postgres:12-alpine
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - database:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
      POSTGRES_USER: ${PG_USER:-authentik}
      POSTGRES_DB: ${PG_DB:-authentik}
    env_file:
      - .env
  redis:
    image: docker.io/library/redis:alpine
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - redis:/data
  server:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.2}
    restart: unless-stopped
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
    env_file:
      - .env
    ports:
      - "${COMPOSE_PORT_HTTP:-9000}:9000"
      - "${COMPOSE_PORT_HTTPS:-9443}:9443"
    depends_on:
      - postgresql
      - redis
  worker:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.10.2}
    restart: unless-stopped
    command: worker
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
    # `user: root` and the docker socket volume are optional.
    # See more for the docker socket integration here:
    # https://goauthentik.io/docs/outposts/integrations/docker
    # Removing `user: root` also prevents the worker from fixing the permissions
    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
    # (1000:1000 by default)
    user: root
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./media:/media
      - ./certs:/certs
      - ./custom-templates:/templates
    env_file:
      - .env
    depends_on:
      - postgresql
      - redis

volumes:
  database:
    driver: local
  redis:
    driver: local
@githubsaturn
Copy link
Collaborator

githubsaturn commented Dec 17, 2023
edited

command field isn't used by CapRover, that's probably the cause:
https://github.com/caprover/one-click-apps?tab=readme-ov-file#services

As a workaround, you can use dockerfileLines, here is an example:

one-click-apps/public/v4/apps/redis.yml

Lines 9 to 12 in 381c647

caproverExtra:
dockerfileLines:
- FROM redis:$$cap_redis_version
- CMD exec redis-server --requirepass "$REDIS_PASSWORD"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@githubsaturn @wajeht