NishantRajputRN
2.8 KiB
2.8 KiB
Deploy on Ubuntu Server
Docker setup for Authentik (OIDC) + React frontend + Node API.
Docker host IP: 172.237.44.156
Architecture
Browser
├─► :80 web (React + nginx)
├─► :3001 api (optional direct access)
└─► :9000 Authentik (login / OIDC)
1. Install Docker on Ubuntu
Copy the project to the server, then:
cd deploy
chmod +x install-ubuntu.sh start-authentik.sh
sudo ./install-ubuntu.sh
sudo usermod -aG docker $USER
# Log out and SSH back in so docker runs without sudo
2. Configure environment
cd deploy
cp .env.example .env
nano .env
Set at minimum:
| Variable | Example |
|---|---|
SERVER_HOST |
172.237.44.156 |
AUTHENTIK_HOST |
http://172.237.44.156:9000 |
PUBLIC_WEB_URL |
http://172.237.44.156 |
PUBLIC_API_URL |
http://172.237.44.156 |
OIDC_CLIENT_ID |
from Authentik provider (after step 4) |
3. Start Authentik
chmod +x start-authentik.sh
./start-authentik.sh
Or manually:
cp .env.authentik.example .env
nano .env # set AUTHENTIK_HOST=http://YOUR_SERVER_IP:9000
mkdir -p data certs custom-templates
docker compose -f docker-compose.authentik.yml --env-file .env up -d
Open http://YOUR_SERVER_IP:9000 and create the admin account.
Ubuntu firewall (if UFW is enabled):
sudo ufw allow 9000/tcp
sudo ufw allow 80/tcp
sudo ufw allow 3001/tcp
Azure / cloud: open inbound ports 80, 9000 (and 3001 if needed) in the network security group.
4. Create OAuth app in Authentik
- Providers → OAuth2/OpenID Provider
- Client type: Public
- Redirect URIs:
http://YOUR_SERVER_IP(andhttp://YOUR_SERVER_IP/) - Scopes:
openid,profile,email
- Applications → slug
oidc-demo, link provider - Copy Client ID →
OIDC_CLIENT_IDindeploy/.env
5. Build and start the demo app
docker compose --env-file .env up -d --build
Verify:
curl http://localhost/health # via nginx → api
curl http://localhost:3001/health # api direct
curl http://localhost:9000/if/flow/initial-setup/ # authentik (after setup)
Open http://YOUR_SERVER_IP in a browser and sign in.
Useful commands
# Logs
docker compose --env-file .env logs -f
docker compose -f docker-compose.authentik.yml --env-file .env logs -f
# Stop
docker compose --env-file .env down
docker compose -f docker-compose.authentik.yml --env-file .env down
# Rebuild frontend after .env URL changes
docker compose --env-file .env up -d --build web
Production notes
- Put HTTPS in front (Caddy, nginx, or Traefik) and set
AUTHENTIK_HOST/PUBLIC_WEB_URLtohttps://… - Set Authentik redirect URIs to your HTTPS frontend URL
- Do not commit
deploy/.env(secrets)