Getting Started
Verified against the Docker Compose install from the official docs. Commands assume a Linux host with Docker and Docker Compose, roughly 2 CPU and 2 GB RAM.
Prerequisites
- A host with Docker and the Docker Compose plugin.
- About 2 CPU cores and 2 GB of RAM.
opensslfor generating secrets.
Install
The Compose file bundles PostgreSQL and Redis, so no external database is required (docs).
curl -O https://docs.goauthentik.io/compose.ymlA first working setup
Download the Compose file (above).
Generate the required secrets into a
.envfile next tocompose.yml.bashecho "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .env echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .envPull the images and start the stack.
bashdocker compose pull docker compose up -dOpen the initial setup page and create the first administrator account (
akadmin).texthttp://<your-host>:9000/if/flow/initial-setup/
Verify it works
Confirm the containers are running, then load the UI:
docker compose psBrowse to http://<your-host>:9000; a healthy install shows the login flow, and after the initial setup you reach the admin interface. The setup flow itself is rendered by the same flow executor described in Architecture.
Where to go next
For production concerns (TLS termination, high availability, external PostgreSQL/Redis, hardening, and configuring outposts for forward-auth in front of Traefik/nginx/Envoy), see the official documentation. For how flows and policies are evaluated under the hood, see Internals.