Instalação Authentik em docker compose Link: https://docs.goauthentik.io/install-config/install/docker-compose/ em 10/04/2026 Docker Compose installation This installation method is for test setups and small-scale production setups. Requirements A host with at least 2 CPU cores and 2 GB of RAM Podman or Docker Compose (Compose v2, see  instructions for upgrade ) Video View our video about installing authentik on Docker. Download the Compose file To download the latest  compose.yml  open your terminal, navigate to the directory of your choice, and then run the following command: Linux macOS wget https://docs.goauthentik.io/compose.yml Generate PostgreSQL password and secret key If this is a fresh authentik installation, you need to generate a PostgreSQL password and a secret key. Use a secure password generator of your choice such as  pwgen , or you can use  openssl  as below. Run the following commands to generate a PostgreSQL password and secret key and write them to your  .env  file: echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .env echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .env INFO Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See:  https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com To enable error reporting, run the following command: echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env For an explanation about what each service in the Docker Compose file does, see Architecture . Configure custom ports By default, authentik listens internally on port 9000 for HTTP and 9443 for HTTPS. To use different exposed ports such as 80 and 443, you can set the following variables in  .env : COMPOSE_PORT_HTTP=80 COMPOSE_PORT_HTTPS=443 See  Configuration  to change the internal ports. Be sure to run  docker compose up -d  to rebuild with the new port numbers. Docker socket By default, the authentik Docker Compose file mounts the Docker socket to the authentik worker container: - /var/run/docker.sock:/var/run/docker.sock This is used for automatic deployment and management of authentik Outposts . Mounting the Docker socket to a container comes with some inherent security risks. To reduce these risks, you can utilize a  Docker Socket Proxy  as an additional layer of protection. Alternatively, you can remove this mount and instead  manually deploy and manage outposts . Email configuration (optional but recommended) It is also recommended to configure global email settings. These are used by authentik to notify administrators about alerts, configuration issues and new releases. They can also be used by  Email stages  to send verification/recovery emails. For more information, refer to our  Email configuration  documentation. Install and start authentik WARNING All internal operations use UTC. Times displayed in the UI are automatically localized for the user. Do not update or mount  /etc/timezone  or  /etc/localtime  in the authentik containers; it will cause problems with OAuth and SAML authentication, as seen this  GitHub issue . After you have downloaded the  docker-compose.yml  file, generated a password and a secret key, and optionally configured your global email, run these commands to retrieve and install the current version of authentik: docker compose pull docker compose up -d The  compose.yml  file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new  compose.yml  file, which points to the latest available version. For more information, refer to the  Upgrading  section in the  Release Notes . Access authentik To start the initial setup, navigate to  http://:9000/if/flow/initial-setup/ . Initial setup in browser You will get a  Not Found  error if initial setup URL doesn't include the trailing forward slash  / . Also verify that the authentik server, worker, and PostgreSQL database are running and healthy. Review additional tips in our  troubleshooting docs . There you are prompted to set a password for the  akadmin  user (the default user). First steps in authentik You are now ready to add your first application and its provider. Then you'll want to add a new user. To view a typical workflow for adding applications and users, with helpful context and explanations for each step, refer to the  First Steps  tutorial. 📄️ First steps Add an application and provider, then create a user. Help us improve this content We welcome your knowledge and expertise. If you see areas of the documentation that you can improve (fix a typo, correct a technical detail, add additional context, etc.) we would really appreciate your contribution. Installation and Configuration Kubernetes installation