authentik-server

Overview

Authentik is an open-source Identity Provider (IdP) focused on flexibility, security, and ease of integration. The server container runs the core web application and API, handling authentication flows, admin dashboard, and user portal. It connects to the worker container for background jobs and tasks.

Requirements

The server runs alongside the worker and connects to the same PostgreSQL (16 and above) and Redis instances. It depends on PostgreSQL and Redis, install them first. To start the initial setup, navigate to http://IP:9000/if/flow/initial-setup/ or https://FQDN/if/flow/initial-setup/

Runtime arguments

Web UI: http://[IP]:[PORT:9000]
Network: bridge
Shell: sh
Privileged: false

Template configuration

Secret KeyVariable

Cryptographic key for Authentik.

Target: AUTHENTIK_SECRET_KEY

Redis HostVariable

Host/IP of the Redis server.

Target: AUTHENTIK_REDIS__HOST
Default: redis
Value: redis

Redis PasswordVariable

Password of Redis server.

Target: AUTHENTIK_REDIS__PASSWORD

PostgreSQL HostVariable

Host/IP of the PostgreSQL database.

Target: AUTHENTIK_POSTGRESQL__HOST
Default: postgresql16
Value: postgresql

PostgreSQL UserVariable

Username for PostgreSQL access.

Target: AUTHENTIK_POSTGRESQL__USER
Default: postgres
Value: postgres

PostgreSQL Database NameVariable

Name of the PostgreSQL database.

Target: AUTHENTIK_POSTGRESQL__NAME
Default: authentik
Value: authentik

PostgreSQL PasswordVariable

Password for the PostgreSQL user.

Target: AUTHENTIK_POSTGRESQL__PASSWORD

Media VolumePathrw

Stores uploaded media and assets.

Target: /media
Default: /mnt/user/appdata/authentik/media
Value: /mnt/user/appdata/authentik/media

Custom Templates VolumePathrw

Stores custom Authentik templates.

Target: /templates
Default: /mnt/user/appdata/authentik/templates
Value: /mnt/user/appdata/authentik/templates

HTTP PortPorttcp

Web UI and API (HTTP) access port.

Target: 9000
Default: 9000
Value: 9000

HTTPS PortPorttcp

Secure Web UI and API (HTTPS) access port.

Target: 9443
Default: 9443
Value: 9443

Enable Error ReportingVariable

Enable/disable sending error reports (true/false).

Target: AUTHENTIK_ERROR_REPORTING__ENABLED
Default: true
Value: true

Email HostVariable

SMTP server hostname.

Target: AUTHENTIK_EMAIL__HOST
Default: smtp.gmail.com
Value: smtp.gmail.com

Email PortVariable

SMTP server port.

Target: AUTHENTIK_EMAIL__PORT
Default: 587
Value: 587

Email UsernameVariable

SMTP account username.

Target: AUTHENTIK_EMAIL__USERNAME
Default: example@localhost

Email PasswordVariable

For Gmail, visit https://myaccount.google.com/apppasswords

Target: AUTHENTIK_EMAIL__PASSWORD

Email Use TLSVariable

Enable TLS for SMTP (true/false).

Target: AUTHENTIK_EMAIL__USE_TLS
Default: true
Value: true

Email Use SSLVariable

Enable SSL for SMTP (true/false).

Target: AUTHENTIK_EMAIL__USE_SSL
Default: false
Value: false

Email TimeoutVariable

SMTP timeout in seconds.

Target: AUTHENTIK_EMAIL__TIMEOUT
Default: 10
Value: 10

Email From AddressVariable

Default “From” email address.

Target: AUTHENTIK_EMAIL__FROM
Default: authintik@localhost

Links

Template Support Registry Project

Details

Repository

ghcr.io/goauthentik/server:2025.8.1

Registry

https://github.com/goauthentik/authentik

Last Updated2026-05-31

First Seen2025-08-28

Run authentik-server on Unraid.

authentik-server is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.

Explore Unraid OS