DAM/ts-authentik
1
0
Fork 0
generated from DAM/ts-TEMPLATE
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ts-authentik/README.md
peskyadmin da73a776c6 WIP
2025-04-14 16:45:21 -05:00

126 lines
4.0 KiB
Markdown
Raw Blame History

# Authentik with Tailscale Integration
![Authentik with Tailscale](https://goauthentik.io/img/icon_left_brand.svg "Authentik")
This project sets up a Authentik instance with Tailscale VPN integration using Docker Compose. It creates a secure, private network connection for your Authentik instance using Tailscale.
## Prerequisites
- Docker and Docker Compose installed on your system
- A Tailscale account and auth key (get one from https://login.tailscale.com/admin/authkeys)
- Basic understanding of Docker and networking concepts
## Project Structure
```
ts-authentik/
├── docker-compose.yml
├── tailscale/
│ ├── tailscale-data/ # Persistent Tailscale state
│ └── config/ # Tailscale configuration files
├── authentik/
│ ├── media/ # Authentik Files
│ └── templates/ # Authentik Files
├── postgres/
│ └── data/ # Postgres data
├── redis/
│ └── data/ # Redis persistent state
└── authentik-worker/
└── certs/ # Authetik Worker files
```
## Setup Instructions
1. **Clone the Repository**
```bash
git clone https://gitea.damconsulting.llc/DAM/ts-authentik
cd ts-authentik
```
2. Create Required Directories
```bash
mkdir -p tailscale/tailscale-data authentik/media authentik/templates postgres/data redis/data authentik-worker/certs
```
3. Configure Tailscale
- Replace `{{YOUR_TAILSCALE_AUTHKEY}}` in the docker-compose.yml with your actual Tailscale auth key
- Optionally, update the file in `tailscale/config/serve.json` if you need specific Tailscale serve configurations
- CAUTION: Changing `"${TS_CERT_DOMAIN}:443": false` to `true` will expose the service to the internet
4. Configure Authentik
- See [docs](https://docs.goauthentik.io/docs/) for configuration options
5. Start the Services
```bash
docker compose up -d
```
6. Wait for Certificate to propagate [~2m]
7. Login
- After starting the services your service should be available via tailnet at https://authentik.{{YOUR_TAILNET_DOMAIN}}.ts.net ie https://authentik.tail12345.ts.net/
## Services
### authentik-ts (Tailscale)
- Runs Tailscale VPN client
- Image: tailscale/tailscale:latest
- Container name: authentik-ts
- Hostname: authentik
- Requires NET_ADMIN and SYS_MODULE capabilities
- Persists state in ./tailscale/tailscale-data
- Uses configuration from ./tailscale/config
### authentik
- Depends on authentik-ts service
### authentik-worker
- Depends on authentik-ts service
### authentik-redis
- Depends on authentik-ts service
### authentik-postgres
- Depends on authentik-ts service
## Usage
- After starting the services your service should be available via tailnet at `https://authentik.{{YOUR_TAILNET_DOMAIN}}.ts.net` ie `https://authentik.tail12345.ts.net/`
- To manually get the Tailscale IP/hostname of your container:
```bash
docker logs authentik-ts
```
Look for the Tailscale IP address in the logs.
## Optional Features
- Uncomment and adjust the ports mapping if you need direct access (without Tailscale):
```yaml
ports:
- 9000:9000
```
- Stopping the Services
```bash
docker compose down
```
## Troubleshooting
- Check container logs:
```bash
docker logs authentik-ts
docker logs authentik
```
- Ensure your Tailscale auth key is valid and not expired
- Verify the configuration files have proper permissions
- Make sure required directories exist before starting
## Notes
- The Authentik service uses the Tailscale service's network stack via `network_mode: service:authentik-ts`
- Direct port mapping is disabled by default as Tailscale handles the networking
- Services restart automatically unless explicitly stopped
- For more information:
- Tailscale documentation: https://tailscale.com/kb/
- Authentik documentation: https://docs.goauthentik.io/docs/
- Authentik repository: https://github.com/goauthentik/authentik
Reference in New Issue View Git Blame Copy Permalink