# Instalação Authentik em docker compose

Link: [https://docs.goauthentik.io/install-config/install/docker-compose/](https://docs.goauthentik.io/install-config/install/docker-compose/)

em 10/04/2026

<article id="bkmrk-docker-compose-insta"><div class="theme-doc-markdown markdown"><header>#### Docker Compose installation

</header></div>This installation method is for test setups and small-scale production setups.

#### Requirements

<div class="theme-doc-markdown markdown">- A host with at least 2 CPU cores and 2 GB of RAM
- Podman or Docker Compose (Compose v2, see [instructions for upgrade](https://docs.docker.com/compose/migrate/))

</div>##### Video

View our video about installing authentik on Docker.

<div class="theme-doc-markdown markdown"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen="allowfullscreen" frameborder="0" height="315" src="https://www.youtube.com/embed/O1qUbrk4Yc8?si=HiSBjmJYhE_oJhB1&start=22" title="YouTube video player" width="560"></iframe>

</div>##### Download the Compose file

To download the latest `compose.yml` open your terminal, navigate to the directory of your choice, and then run the following command:

<div class="theme-doc-markdown markdown"><div class="theme-tabs-container tabs-container tabList_J5MA">- Linux
- macOS

<div class="margin-top--md"><div class="tabItem_wHwb" role="tabpanel"></div></div></div></div>```shell
wget https://docs.goauthentik.io/compose.yml
```

<div class="theme-doc-markdown markdown"><div class="theme-tabs-container tabs-container tabList_J5MA"><div class="margin-top--md"><div class="tabItem_wHwb" role="tabpanel"><div class="language-shell codeBlockContainer_mQmQ theme-code-block"><div class="codeBlockContent_t_Hd"></div></div></div></div></div></div>#### Generate PostgreSQL password and secret key

If this is a fresh authentik installation, you need to generate a PostgreSQL password and a secret key. Use a secure password generator of your choice such as `pwgen`, or you can use `openssl` as below.

Run the following commands to generate a PostgreSQL password and secret key and write them to your `.env` file:

```shell
echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .env
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .env
```

<div class="theme-doc-markdown markdown"><div class="language-shell codeBlockContainer_mQmQ theme-code-block"><div class="codeBlockContent_t_Hd"><div class="buttonGroup_B0hJ"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_Fy7c"><svg class="copyButtonIcon_r1h_" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_BIMv" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div><div class="theme-admonition theme-admonition-info admonition_WCGJ alert alert--info"><div class="admonitionHeading_GCBg">INFO</div><div class="admonitionContent_pbrs">  
</div></div></div>Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See: [https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com](https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com)

To enable error reporting, run the following command:

```shell
echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env
```

<div class="theme-doc-markdown markdown"><div class="language-shell codeBlockContainer_mQmQ theme-code-block"><div class="codeBlockContent_t_Hd"><div class="buttonGroup_B0hJ"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_Fy7c"><svg class="copyButtonIcon_r1h_" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_BIMv" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>For an explanation about what each service in the Docker Compose file does, see [Architecture](https://docs.goauthentik.io/core/architecture/).

#### Configure custom ports

By default, authentik listens internally on port 9000 for HTTP and 9443 for HTTPS. To use different exposed ports such as 80 and 443, you can set the following variables in `.env`:

```shell
COMPOSE_PORT_HTTP=80
COMPOSE_PORT_HTTPS=443
```

<div class="theme-doc-markdown markdown"><div class="language-shell codeBlockContainer_mQmQ theme-code-block"><div class="codeBlockContent_t_Hd"><div class="buttonGroup_B0hJ"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_Fy7c"><svg class="copyButtonIcon_r1h_" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_BIMv" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>See [Configuration](https://docs.goauthentik.io/install-config/configuration/) to change the internal ports. Be sure to run `docker compose up -d` to rebuild with the new port numbers.

#### Docker socket

By default, the authentik Docker Compose file mounts the Docker socket to the authentik worker container:

```yaml
- /var/run/docker.sock:/var/run/docker.sock
```

<div class="theme-doc-markdown markdown"><div class="language-yaml codeBlockContainer_mQmQ theme-code-block"><div class="codeBlockContent_t_Hd"></div></div></div>This is used for [automatic deployment and management of authentik Outposts](https://docs.goauthentik.io/add-secure-apps/outposts/integrations/docker/).

Mounting the Docker socket to a container comes with some inherent security risks. To reduce these risks, you can utilize a [Docker Socket Proxy](https://docs.goauthentik.io/add-secure-apps/outposts/integrations/docker/#docker-socket-proxy) as an additional layer of protection.

Alternatively, you can remove this mount and instead [manually deploy and manage outposts](https://docs.goauthentik.io/add-secure-apps/outposts/manual-deploy-docker-compose/).

##### Email configuration (optional but recommended)

It is also recommended to configure global email settings. These are used by authentik to notify administrators about alerts, configuration issues and new releases. They can also be used by [Email stages](https://docs.goauthentik.io/add-secure-apps/flows-stages/stages/email/) to send verification/recovery emails.

For more information, refer to our [Email configuration](https://docs.goauthentik.io/install-config/email/) documentation.

#### Install and start authentik

<div class="theme-doc-markdown markdown"><div class="theme-admonition theme-admonition-warning admonition_WCGJ alert alert--warning"><div class="admonitionHeading_GCBg">WARNING  
  
</div></div></div>All internal operations use UTC. Times displayed in the UI are automatically localized for the user. Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers; it will cause problems with OAuth and SAML authentication, as seen this [GitHub issue](https://github.com/goauthentik/authentik/issues/3005).

After you have downloaded the `docker-compose.yml` file, generated a password and a secret key, and optionally configured your global email, run these commands to retrieve and install the current version of authentik:

```shell
docker compose pull
docker compose up -d
```

<div class="theme-doc-markdown markdown"><div class="language-shell codeBlockContainer_mQmQ theme-code-block"><div class="codeBlockContent_t_Hd"><div class="buttonGroup_B0hJ"><button aria-label="Copy code to clipboard" class="clean-btn" title="Copy" type="button"><span aria-hidden="true" class="copyButtonIcons_Fy7c"><svg class="copyButtonIcon_r1h_" viewbox="0 0 24 24"><path d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z" fill="currentColor"></path></svg><svg class="copyButtonSuccessIcon_BIMv" viewbox="0 0 24 24"><path d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z" fill="currentColor"></path></svg></span></button></div></div></div></div>The `compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes](https://docs.goauthentik.io/releases/).

#### Access authentik

<span style="color: rgb(241, 196, 15);">**To start the initial setup, navigate to `http://<your server's IP or hostname>:9000/if/flow/initial-setup/`.**</span>

<div class="theme-doc-markdown markdown"><div class="theme-admonition theme-admonition-info admonition_WCGJ alert alert--info"><div class="admonitionContent_pbrs">**Initial setup in browser**</div></div></div>You will get a `Not Found` error if initial setup URL doesn't include the trailing forward slash `/`. Also verify that the authentik server, worker, and PostgreSQL database are running and healthy. Review additional tips in our [troubleshooting docs](https://docs.goauthentik.io/troubleshooting/login/#cant-access-initial-setup-flow-during-installation-steps).

There you are prompted to set a password for the `akadmin` user (the default user).

#### First steps in authentik

You are now ready to add your first application and its provider. Then you'll want to add a new user.

To view a typical workflow for adding applications and users, with helpful context and explanations for each step, refer to the [First Steps](https://docs.goauthentik.io/install-config/first-steps/) tutorial.

#### 📄️ First steps

Add an application and provider, then create a user.

<footer class="theme-doc-footer docusaurus-mt-lg">---

<div class="theme-admonition theme-admonition-note admonition_WCGJ alert alert--secondary admonitionContrib_Zv8a margin-top--sm theme-doc-footer-edit-meta-row"><div class="admonitionContent_pbrs"><div class="admonitionHeader_FPxu">**Help us improve this content**</div></div></div>We welcome your knowledge and expertise. If you see areas of the documentation that you can improve (fix a typo, correct a technical detail, add additional context, etc.) we would really appreciate your contribution.

<div class="theme-admonition theme-admonition-note admonition_WCGJ alert alert--secondary admonitionContrib_Zv8a margin-top--sm theme-doc-footer-edit-meta-row"><div class="admonitionContent_pbrs"><div class="row"><div class="col col--12">  
</div></div></div></div></footer></article><nav aria-label="Docs pages" class="docusaurus-mt-lg pagination-nav" id="bkmrk-installation-and-con">[<div class="pagination-nav__label">Installation and Configuration</div>](https://docs.goauthentik.io/install-config/)[<div class="pagination-nav__label" style="text-align: justify;">Kubernetes installation</div>](https://docs.goauthentik.io/install-config/install/kubernetes/)</nav>