authentik-worker
authentik-worker
Docker app from zuerrex's Repository
Overview
Requirements
Running as non-root
If you remove --user root from Extra Parameters, you must ensure file/share permissions are handled manually so the worker can read/write any mapped paths.
Docker socket options (choose ONE):
1- Direct socket (easiest, least safe):
Map /var/run/docker.sock and set the socket path in the template. This gives Authentik broad Docker control - use only in trusted environments.
2- Socket-proxy:
Point Authentik’s Outpost Integration to your proxy and enable only the endpoints needed for outpost lifecycle:
IMAGES=1, CONTAINERS=1, POST=1, INFO=1, VERSION=1
Type: Docker Service-Connection, URL: http://socket-proxy:2375, Local: toggled off
3- No socket (recommended):
Don’t expose Docker Socket at all. Manage outposts manually from Authentik (create/update/remove them yourself).
Runtime arguments
- Network
bridge- Shell
sh- Privileged
- false
- Extra Params
--user root
Template configuration
Cryptographic key for Authentik.
- Target
- AUTHENTIK_SECRET_KEY
Host/IP of the Redis server.
- Target
- AUTHENTIK_REDIS__HOST
- Default
- redis
- Value
- redis
Password of Redis server.
- Target
- AUTHENTIK_REDIS__PASSWORD
Host/IP of the PostgreSQL database.
- Target
- AUTHENTIK_POSTGRESQL__HOST
- Default
- postgresql16
- Value
- postgresql
Username for PostgreSQL access.
- Target
- AUTHENTIK_POSTGRESQL__USER
- Default
- postgres
- Value
- postgres
Name of the PostgreSQL database.
- Target
- AUTHENTIK_POSTGRESQL__NAME
- Default
- authentik
- Value
- authentik
Password for the PostgreSQL user.
- Target
- AUTHENTIK_POSTGRESQL__PASSWORD
Mounts Docker socket for container management.
- Target
- /var/run/docker.sock
Stores uploaded media and assets.
- Target
- /media
- Default
- /mnt/user/appdata/authentik/media
- Value
- /mnt/user/appdata/authentik/media
Stores SSL/TLS certificates.
- Target
- /certs
- Default
- /mnt/user/appdata/authentik/certs
- Value
- /mnt/user/appdata/authentik/certs
Stores custom Authentik templates.
- Target
- /templates
- Default
- /mnt/user/appdata/authentik/templates
- Value
- /mnt/user/appdata/authentik/templates
Enable/disable sending error reports (true/false).
- Target
- AUTHENTIK_ERROR_REPORTING__ENABLED
- Default
- true
- Value
- true
SMTP server hostname.
- Target
- AUTHENTIK_EMAIL__HOST
- Default
- smtp.gmail.com
- Value
- smtp.gmail.com
SMTP server port.
- Target
- AUTHENTIK_EMAIL__PORT
- Default
- 587
- Value
- 587
SMTP account username.
- Target
- AUTHENTIK_EMAIL__USERNAME
- Default
- example@localhost
For Gmail, visit https://myaccount.google.com/apppasswords
- Target
- AUTHENTIK_EMAIL__PASSWORD
Enable TLS for SMTP (true/false).
- Target
- AUTHENTIK_EMAIL__USE_TLS
- Default
- true
- Value
- true
Enable SSL for SMTP (true/false).
- Target
- AUTHENTIK_EMAIL__USE_SSL
- Default
- false
- Value
- false
SMTP timeout in seconds.
- Target
- AUTHENTIK_EMAIL__TIMEOUT
- Default
- 10
- Value
- 10
Default “From” email address.
- Target
- AUTHENTIK_EMAIL__FROM
- Default
- authintik@localhost
Details
ghcr.io/goauthentik/server:2025.8.1Run authentik-worker on Unraid.
authentik-worker is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.