nishantr/Authentik

Fork 0

Files

T

History

NishantRajputRN 1008771b93 deploy

2026-05-19 18:15:10 +05:30

.env.authentik.example

deploy code

2026-05-19 18:08:06 +05:30

.env.example

deploy code

2026-05-19 18:08:06 +05:30

.gitignore

deploy code

2026-05-19 18:08:06 +05:30

diagnose.sh

deploy

2026-05-19 18:15:10 +05:30

docker-compose.authentik.yml

deploy code

2026-05-19 18:08:06 +05:30

docker-compose.yml

deploy

2026-05-19 18:15:10 +05:30

install-ubuntu.sh

deploy code

2026-05-19 18:08:06 +05:30

README.md

deploy

2026-05-19 18:15:10 +05:30

start-authentik.sh

deploy code

2026-05-19 18:08:06 +05:30

up-app.sh

deploy

2026-05-19 18:15:10 +05:30

README.md

Deploy on Ubuntu Server

Docker setup for Authentik (OIDC) + React frontend + Node API.

Docker host IP: 172.237.44.156

Architecture

Browser
   ├─► :80   web (React + nginx)
   ├─► :3001 api (optional direct access)
   └─► :9000 Authentik (login / OIDC)

1. Install Docker on Ubuntu

Copy the project to the server, then:

cd deploy
chmod +x install-ubuntu.sh start-authentik.sh
sudo ./install-ubuntu.sh
sudo usermod -aG docker $USER
# Log out and SSH back in so docker runs without sudo

2. Configure environment

cd deploy
cp .env.example .env
nano .env

Set at minimum:

Variable	Example
`SERVER_HOST`	`172.237.44.156`
`AUTHENTIK_HOST`	`http://172.237.44.156:9000`
`PUBLIC_WEB_URL`	`http://172.237.44.156`
`PUBLIC_API_URL`	`http://172.237.44.156`
`OIDC_CLIENT_ID`	from Authentik provider (after step 4)

3. Start Authentik

chmod +x start-authentik.sh
./start-authentik.sh

Or manually:

cp .env.authentik.example .env
nano .env   # set AUTHENTIK_HOST=http://YOUR_SERVER_IP:9000
mkdir -p data certs custom-templates
docker compose -f docker-compose.authentik.yml --env-file .env up -d

Open http://YOUR_SERVER_IP:9000 and create the admin account.

Ubuntu firewall (if UFW is enabled):

sudo ufw allow 9000/tcp
sudo ufw allow 80/tcp
sudo ufw allow 3001/tcp

Azure / cloud: open inbound ports 80, 9000 (and 3001 if needed) in the network security group.

4. Create OAuth app in Authentik

Providers → OAuth2/OpenID Provider
- Client type: Public
- Redirect URIs: http://YOUR_SERVER_IP (and http://YOUR_SERVER_IP/)
- Scopes: openid, profile, email
Applications → slug oidc-demo, link provider
Copy Client ID → OIDC_CLIENT_ID in deploy/.env

5. Build and start the demo app

deploy/.env is not in git — create it on the server first:

cp .env.example .env
nano .env
chmod +x up-app.sh diagnose.sh
./up-app.sh

Or manually:

docker compose --env-file .env up -d --build

If the API container is unhealthy, check logs:

docker compose --env-file .env logs api
docker compose --env-file .env ps

Rebuild after changes: docker compose --env-file .env up -d --build api

Verify:

curl http://localhost/health          # via nginx → api
curl http://localhost:3001/health     # api direct
curl http://localhost:9000/if/flow/initial-setup/  # authentik (after setup)

Open http://YOUR_SERVER_IP in a browser and sign in.

Useful commands

# Logs
docker compose --env-file .env logs -f
docker compose -f docker-compose.authentik.yml --env-file .env logs -f

# Stop
docker compose --env-file .env down
docker compose -f docker-compose.authentik.yml --env-file .env down

# Rebuild frontend after .env URL changes
docker compose --env-file .env up -d --build web

Production notes

Put HTTPS in front (Caddy, nginx, or Traefik) and set AUTHENTIK_HOST / PUBLIC_WEB_URL to https://…
Set Authentik redirect URIs to your HTTPS frontend URL
Do not commit deploy/.env (secrets)