5.0 KiB
		
	
	
	
	
	
	
	
			
		
		
	
	title
| title | 
|---|
| Configuration | 
These are all the configuration options you can set via environment variables.
Append any of the following keys to your .env file, and run docker-compose up -d to apply them.
:::info The double-underscores are intentional, as all these settings are translated to yaml internally, a double-underscore indicates the next level. :::
All of these variables can be set to values, but you can also use a URI-like format to load values from other places:
- env://<name>Loads the value from the environment variable- <name>. Fallback can be optionally set like- env://<name>?<default>
- file://<name>Loads the value from the file- <name>. Fallback can be optionally set like- file://<name>?<default>
PostgreSQL Settings
- AUTHENTIK_POSTGRESQL__HOST: Hostname of your PostgreSQL Server
- AUTHENTIK_POSTGRESQL__NAME: Database name
- AUTHENTIK_POSTGRESQL__USER: Database user
- AUTHENTIK_POSTGRESQL__PORT: Database port, defaults to 5432
- AUTHENTIK_POSTGRESQL__PASSWORD: Database password, defaults to the environment variable- POSTGRES_PASSWORD
PostgreSQL Backup Settings
Optionally enable automated database backups to S3 or S3-compatible storages.
- AUTHENTIK_POSTGRESQL__S3_BACKUP__ACCESS_KEY: S3 Access Key
- AUTHENTIK_POSTGRESQL__S3_BACKUP__SECRET_KEY: S3 Secret Key
- AUTHENTIK_POSTGRESQL__S3_BACKUP__BUCKET: S3 Bucket
- AUTHENTIK_POSTGRESQL__S3_BACKUP__REGION: S3 Region, defaults to- eu-central-1
- AUTHENTIK_POSTGRESQL__S3_BACKUP__LOCATION: Relative Location of the files to the bucket. Defaults to the root of the bucket.
To use an S3-compatible storage, set the following settings.
- AUTHENTIK_POSTGRESQL__S3_BACKUP__HOST: URL to the Service, for example- https://play.min.io
- AUTHENTIK_POSTGRESQL__S3_BACKUP__INSECURE_SKIP_VERIFY: Set to- trueto disable SSL Certificate verification.
Redis Settings
- AUTHENTIK_REDIS__HOST: Hostname of your Redis Server
- AUTHENTIK_REDIS__PASSWORD: Password for your Redis Server
- AUTHENTIK_REDIS__CACHE_DB: Database for caching, defaults to 0
- AUTHENTIK_REDIS__MESSAGE_QUEUE_DB: Database for the message queue, defaults to 1
- AUTHENTIK_REDIS__WS_DB: Database for websocket connections, defaults to 2
- AUTHENTIK_REDIS__OUTPOST_SESSION_DB: Database for sessions for the embedded outpost, defaults to 3
- AUTHENTIK_REDIS__CACHE_TIMEOUT: Timeout for cached data until it expires in seconds, defaults to 300
- AUTHENTIK_REDIS__CACHE_TIMEOUT_FLOWS: Timeout for cached flow plans until they expire in seconds, defaults to 300
- AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES: Timeout for cached policies until they expire in seconds, defaults to 300
- AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION: Timeout for cached reputation until they expire in seconds, defaults to 300
authentik Settings
AUTHENTIK_SECRET_KEY
Secret key used for cookie signing and unique user IDs, don't change this after the first install.
AUTHENTIK_LOG_LEVEL
Log level for the server and worker containers. Possible values: debug, info, warning, error
Defaults to info.
AUTHENTIK_ERROR_REPORTING
- 
AUTHENTIK_ERROR_REPORTING__ENABLEDEnable error reporting. Defaults to false.Error reports are sent to https://sentry.beryju.org, and are used for debugging and general feedback. Anonymous performance data is also sent. 
- 
AUTHENTIK_ERROR_REPORTING__ENVIRONMENTUnique environment that is attached to your error reports, should be set to your email address for example. Defaults to customer.
- 
AUTHENTIK_ERROR_REPORTING__SEND_PIIWhether or not to send personal data, like usernames. Defaults to false.
AUTHENTIK_DISABLE_UPDATE_CHECK
Optionally disable the update check. Defaults to false.
AUTHENTIK_EMAIL
- 
AUTHENTIK_EMAIL__HOSTDefault: localhost
- 
AUTHENTIK_EMAIL__PORTDefault: 25
- 
AUTHENTIK_EMAIL__USERNAMEDefault: ""
- 
AUTHENTIK_EMAIL__PASSWORDDefault: ""
- 
AUTHENTIK_EMAIL__USE_TLSDefault: false
- 
AUTHENTIK_EMAIL__USE_SSLDefault: false
- 
AUTHENTIK_EMAIL__TIMEOUTDefault: 10
- 
AUTHENTIK_EMAIL__FROMDefault: authentik@localhostEmail address authentik will send from, should have a correct @domain 
AUTHENTIK_OUTPOSTS
- 
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASEPlaceholders: - %(type)s: Outpost type; proxy, ldap, etc
- %(version)s: Current version; 2021.4.1
- %(build_hash)s: Build hash if you're running a beta version
 Placeholder for outpost docker images. Default: ghcr.io/goauthentik/%(type)s:%(version)s.
AUTHENTIK_AVATARS
Configure how authentik should show avatars for users. Following values can be set:
- 
none: Disables per-user avatars and just shows a 1x1 pixel transparent picture
- 
gravatar: Uses gravatar with the user's email address
- 
Any URL: If you want to use images hosted on another server, you can set any URL. Additionally, these placeholders can be used: - %(username)s: The user's username
- %(mail_hash)s: The email address, md5 hashed
- %(upn)s: The user's UPN, if set (otherwise an empty string)
 
