forked from coop-cloud/authentik
Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| c86640b0ab | |||
| 711b67391a | |||
96aedac582
|
|||
|
3eb185d96a
|
|||
|
9855ad16a1
|
|||
| c15f2adcba | |||
| 08118088a8 | |||
| 14e1d61343 | |||
| 04a370699d |
@ -9,9 +9,14 @@ ENABLE_BACKUPS=true
|
||||
DOMAIN=authentik.example.com
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.authentik.example.com`'
|
||||
# Redirects
|
||||
# All redirect domains have to be added to extra_domains as well)
|
||||
# multiple redirects can be added by seperating them with a | character
|
||||
#REDIRECTS=www.authentik.example.com
|
||||
COMPOSE_FILE="compose.yml"
|
||||
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false
|
||||
AUTHENTIK_LOG_LEVEL=info
|
||||
# AUTHENTIK_DISABLE_UPDATE_CHECK=false
|
||||
# AUTHENTIK_IMPERSONATION=true
|
||||
# AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
|
||||
# WORKERS=1
|
||||
|
||||
2
abra.sh
2
abra.sh
@ -2,7 +2,7 @@ export CUSTOM_CSS_VERSION=v3
|
||||
export FLOW_AUTHENTICATION_VERSION=v4
|
||||
export FLOW_INVITATION_VERSION=v2
|
||||
export FLOW_INVALIDATION_VERSION=v2
|
||||
export FLOW_RECOVERY_VERSION=v1
|
||||
export FLOW_RECOVERY_VERSION=v2
|
||||
export FLOW_TRANSLATION_VERSION=v3
|
||||
export SYSTEM_BRAND_VERSION=v4
|
||||
export NEXTCLOUD_CONFIG_VERSION=v3
|
||||
|
||||
@ -3,7 +3,7 @@ services:
|
||||
app:
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect-matrix-well-known"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions,${STACK_NAME}-redirect,${STACK_NAME}-redirect-matrix-well-known"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect-matrix-well-known.redirectregex.regex=^https://(.*)/.well-known/matrix/(.*)"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect-matrix-well-known.redirectregex.replacement=https://${MATRIX_DOMAIN}/.well-known/matrix/$$2"
|
||||
worker:
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
authentik_ldap:
|
||||
image: ghcr.io/goauthentik/ldap:2025.2.4
|
||||
image: ghcr.io/goauthentik/ldap:2025.6.4
|
||||
# Optionally specify which networks the container should be
|
||||
# might be needed to reach the core authentik server
|
||||
networks:
|
||||
|
||||
18
compose.yml
18
compose.yml
@ -17,6 +17,7 @@ x-env: &env
|
||||
- AUTHENTIK_EMAIL__TIMEOUT
|
||||
- AUTHENTIK_EMAIL__FROM
|
||||
- AUTHENTIK_LOG_LEVEL
|
||||
- AUTHENTIK_DISABLE_UPDATE_CHECK
|
||||
- BACKGROUND_FONT_COLOR=${BACKGROUND_FONT_COLOR:-white}
|
||||
- BACKGROUND_BOX_COLOR=${BACKGROUND_BOX_COLOR:-#eaeaeacf}
|
||||
- AUTHENTIK_FOOTER_LINKS
|
||||
@ -34,7 +35,7 @@ x-env: &env
|
||||
version: '3.8'
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/goauthentik/server:2025.2.4
|
||||
image: ghcr.io/goauthentik/server:2025.6.4
|
||||
command: server
|
||||
depends_on:
|
||||
- db
|
||||
@ -67,16 +68,17 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions,${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
|
||||
- "coop-cloud.${STACK_NAME}.version=7.1.0+2025.2.4"
|
||||
- "coop-cloud.${STACK_NAME}.version=7.4.1+2025.6.4"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://(${REDIRECTS})/(.*)"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2025.2.4
|
||||
image: ghcr.io/goauthentik/server:2025.6.4
|
||||
command: worker
|
||||
depends_on:
|
||||
- db
|
||||
@ -117,7 +119,7 @@ services:
|
||||
start_period: 5m
|
||||
|
||||
db:
|
||||
image: postgres:15.12
|
||||
image: postgres:15.13
|
||||
secrets:
|
||||
- db_password
|
||||
configs:
|
||||
@ -152,7 +154,7 @@ services:
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
|
||||
redis:
|
||||
image: redis:7.4.2-alpine
|
||||
image: redis:8.0.3-alpine
|
||||
command: --save 60 1 --loglevel warning
|
||||
networks:
|
||||
- internal
|
||||
|
||||
@ -4,7 +4,7 @@ metadata:
|
||||
blueprints.goauthentik.io/instantiate: "true"
|
||||
name: Recovery with email verification
|
||||
context:
|
||||
token_expiry: {{ if eq (env "EMAIL_TOKEN_EXPIRY_MINUTES") "" }} 30 {{ else }} {{ env "EMAIL_TOKEN_EXPIRY_MINUTES" }} {{ end }}
|
||||
token_expiry: minutes={{ if eq (env "EMAIL_TOKEN_EXPIRY_MINUTES") "" }}30{{ else }}{{ env "EMAIL_TOKEN_EXPIRY_MINUTES" }}{{ end }}
|
||||
subject: {{ if eq (env "EMAIL_SUBJECT") "" }} Account Recovery {{ else }} {{ env "EMAIL_SUBJECT" }} {{ end }}
|
||||
entries:
|
||||
### DEPENDENCIES
|
||||
|
||||
3
release/7.4.0+2025.6.3
Normal file
3
release/7.4.0+2025.6.3
Normal file
@ -0,0 +1,3 @@
|
||||
Adds following new envs:
|
||||
REDIRECTS
|
||||
AUTHENTIK_DISABLE_UPDATE_CHECK
|
||||
Reference in New Issue
Block a user