--- title: "Deploy Authentik Self-Hosted (Docker)" description: "Step-by-step guide to self-hosting Authentik with Docker Compose. " --- # Deploy Authentik The overall-best open-source identity provider, focused on flexibility and versatility.
⭐ 15.0k stars 📜 MIT 🔴 Advanced ⏱ ~20 minutes
🚀 Deploy on DigitalOcean ($200 Free Credit)
## What You'll Get A fully working Authentik instance running on your server. Your data stays on your hardware — no third-party access, no usage limits, no surprise invoices. ## Prerequisites - A server with Docker and Docker Compose installed ([setup guide](/quick-start/choosing-a-server)) - A domain name pointed to your server (optional but recommended) - Basic terminal access (SSH) ## The Config Create a directory for Authentik and add this `docker-compose.yml`: ```yaml # ------------------------------------------------------------------------- # 🚀 Created and distributed by The AltStack # 🌍 https://thealtstack.com # ------------------------------------------------------------------------- version: '3.8' services: server: image: ghcr.io/goauthentik/server:latest container_name: authentik-server restart: unless-stopped command: server depends_on: - db - redis ports: - "9000:9000" - "9443:9443" environment: - AUTHENTIK_REDIS__HOST=redis - AUTHENTIK_POSTGRESQL__HOST=db - AUTHENTIK_POSTGRESQL__USER=authentik - AUTHENTIK_POSTGRESQL__NAME=authentik - AUTHENTIK_POSTGRESQL__PASSWORD=authentik - AUTHENTIK_SECRET_KEY=generate-a-random-secret-key worker: image: ghcr.io/goauthentik/server:latest container_name: authentik-worker restart: unless-stopped command: worker depends_on: - db - redis environment: - AUTHENTIK_REDIS__HOST=redis - AUTHENTIK_POSTGRESQL__HOST=db - AUTHENTIK_POSTGRESQL__USER=authentik - AUTHENTIK_POSTGRESQL__NAME=authentik - AUTHENTIK_POSTGRESQL__PASSWORD=authentik - AUTHENTIK_SECRET_KEY=generate-a-random-secret-key db: image: postgres:12-alpine container_name: authentik-db restart: unless-stopped environment: - POSTGRES_PASSWORD=authentik - POSTGRES_USER=authentik - POSTGRES_DB=authentik volumes: - authentik_db_data:/var/lib/postgresql/data redis: image: redis:6-alpine container_name: authentik-redis restart: unless-stopped volumes: authentik_db_data: ``` ## Let's Ship It ```bash # Create a directory mkdir -p /opt/authentik && cd /opt/authentik # Create the docker-compose.yml (paste the config above) nano docker-compose.yml # Pull images and start docker compose up -d # Watch the logs docker compose logs -f ``` ## Environment Variables | Variable | Default | Required | |---|---|---| | `AUTHENTIK_REDIS__HOST` | `redis` | No | | `AUTHENTIK_POSTGRESQL__HOST` | `db` | No | | `AUTHENTIK_POSTGRESQL__USER` | `authentik` | No | | `AUTHENTIK_POSTGRESQL__NAME` | `authentik` | No | | `AUTHENTIK_POSTGRESQL__PASSWORD` | `authentik` | No | | `AUTHENTIK_SECRET_KEY` | `generate-a-random-secret-key` | No | | `POSTGRES_PASSWORD` | `authentik` | No | | `POSTGRES_USER` | `authentik` | No | | `POSTGRES_DB` | `authentik` | No | ## Post-Deployment Checklist - [ ] Service is accessible on the configured port - [ ] Admin account created (if applicable) - [ ] Reverse proxy configured ([Caddy guide](/concepts/reverse-proxies)) - [ ] SSL/HTTPS working - [ ] Backup script set up ([backup guide](/concepts/backups)) - [ ] Uptime monitor added ([Uptime Kuma](/deploy/uptime-kuma)) ## The "I Broke It" Section **Container won't start?** ```bash docker compose logs authentik | tail -50 ``` **Port already in use?** ```bash # Find what's using the port lsof -i :PORT_NUMBER ``` **Need to start fresh?** ```bash docker compose down -v # ⚠️ This deletes volumes/data! docker compose up -d ``` ## Going Further - [Authentik on AltStack Directory](https://thealtstack.com/alternative-to/authentik) - [Authentik Self-Hosted Guide](https://thealtstack.com/self-hosted/authentik) - [Official Documentation](https://goauthentik.io) - [GitHub Repository](https://github.com/goauthentik/authentik)