Authentik can add another layer of authentication infront of your other selfhosted services, or manage all authentication itself. it has a ton of cool integrations.
To install
wget https://goauthentik.io/docker-compose.ymlthen
echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .env
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .envthen vi .env
and insert:
COMPOSE_PORT_HTTP=80
COMPOSE_PORT_HTTPS=443
then run
docker compose pull
docker compose up -d
authentik should now be up at
http://<your server's IP or hostname>:9000/if/flow/initial-setup/
remember the / on the end because without the / it does not work for whatever reason.
follow the setup wizard to create a provider and at the same time go on whatever you are trying to add a login for, and enable oidc on it.
When you enable oidc, it will ask for some endpoints, likely some of these:
| Endpoint | URL |
|---|---|
| Authorization | /application/o/authorize/ |
| Token | /application/o/token/ |
| User Info | /application/o/userinfo/ |
| Token Revoke | /application/o/revoke/ |
| End Session | /application/o/<application slug>/end-session/ |
| JWKS | /application/o/<application slug>/jwks/ |
| OpenID Configuration | /application/o/<application slug>/.well-known/openid-configuration |
So you just grab your
http://<your server's IP or hostname>:9000
and throw on the end
http://<your server's IP or hostname>:9000/application/o/authorize
or whatever is the relevant thing its asking for
it will also ask for client secret and client id. those can be found during that wizard
If you want to set sessions to not expire for a super long time, you can do that in admin panel → flows and stages → stages → edit “default-authentication-login” → session duration → set to hours=7200 ( 300 days ). You can go higher if you want, i just chose not to.
note: this is definitely less secure.