nishantr/Authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1008771b9368f467f2603cb5c0db081e0b37195d
Authentik/deploy/README.md
T
NishantRajputRN 1008771b93 deploy
2026-05-19 18:15:10 +05:30

139 lines
3.1 KiB
Markdown
Raw Blame History

# Deploy on Ubuntu Server
Docker setup for **Authentik** (OIDC) + **React frontend** + **Node API**.
Docker host IP: `172.237.44.156`
## Architecture
```
Browser
├─► :80 web (React + nginx)
├─► :3001 api (optional direct access)
└─► :9000 Authentik (login / OIDC)
```
## 1. Install Docker on Ubuntu
Copy the project to the server, then:
```bash
cd deploy
chmod +x install-ubuntu.sh start-authentik.sh
sudo ./install-ubuntu.sh
sudo usermod -aG docker $USER
# Log out and SSH back in so docker runs without sudo
```
## 2. Configure environment
```bash
cd deploy
cp .env.example .env
nano .env
```
Set at minimum:
| Variable | Example |
|----------|---------|
| `SERVER_HOST` | `172.237.44.156` |
| `AUTHENTIK_HOST` | `http://172.237.44.156:9000` |
| `PUBLIC_WEB_URL` | `http://172.237.44.156` |
| `PUBLIC_API_URL` | `http://172.237.44.156` |
| `OIDC_CLIENT_ID` | from Authentik provider (after step 4) |
## 3. Start Authentik
```bash
chmod +x start-authentik.sh
./start-authentik.sh
```
Or manually:
```bash
cp .env.authentik.example .env
nano .env # set AUTHENTIK_HOST=http://YOUR_SERVER_IP:9000
mkdir -p data certs custom-templates
docker compose -f docker-compose.authentik.yml --env-file .env up -d
```
Open `http://YOUR_SERVER_IP:9000` and create the admin account.
**Ubuntu firewall** (if UFW is enabled):
```bash
sudo ufw allow 9000/tcp
sudo ufw allow 80/tcp
sudo ufw allow 3001/tcp
```
**Azure / cloud:** open inbound ports 80, 9000 (and 3001 if needed) in the network security group.
## 4. Create OAuth app in Authentik
1. **Providers****OAuth2/OpenID Provider**
- Client type: **Public**
- Redirect URIs: `http://YOUR_SERVER_IP` (and `http://YOUR_SERVER_IP/`)
- Scopes: `openid`, `profile`, `email`
2. **Applications** → slug `oidc-demo`, link provider
3. Copy **Client ID**`OIDC_CLIENT_ID` in `deploy/.env`
## 5. Build and start the demo app
`deploy/.env` is **not in git** — create it on the server first:
```bash
cp .env.example .env
nano .env
chmod +x up-app.sh diagnose.sh
./up-app.sh
```
Or manually:
```bash
docker compose --env-file .env up -d --build
```
If the API container is unhealthy, check logs:
```bash
docker compose --env-file .env logs api
docker compose --env-file .env ps
```
Rebuild after changes: `docker compose --env-file .env up -d --build api`
Verify:
```bash
curl http://localhost/health # via nginx → api
curl http://localhost:3001/health # api direct
curl http://localhost:9000/if/flow/initial-setup/ # authentik (after setup)
```
Open **http://YOUR_SERVER_IP** in a browser and sign in.
## Useful commands
```bash
# Logs
docker compose --env-file .env logs -f
docker compose -f docker-compose.authentik.yml --env-file .env logs -f
# Stop
docker compose --env-file .env down
docker compose -f docker-compose.authentik.yml --env-file .env down
# Rebuild frontend after .env URL changes
docker compose --env-file .env up -d --build web
```
## Production notes
- Put **HTTPS** in front (Caddy, nginx, or Traefik) and set `AUTHENTIK_HOST` / `PUBLIC_WEB_URL` to `https://…`
- Set Authentik redirect URIs to your HTTPS frontend URL
- Do not commit `deploy/.env` (secrets)
Reference in New Issue View Git Blame Copy Permalink