Add Authentik SMTP configuration
This commit is contained in:
@@ -28,30 +28,33 @@ Bootstrap:
|
||||
|
||||
1. Copy this directory to PD at /mnt/docker-ssd/docker/compose/identity-authentik
|
||||
2. Copy .env.example to .env and replace every CHANGE_ME
|
||||
3. Create the Authentik database/user in shared Postgres
|
||||
4. Validate and start:
|
||||
3. If email-based password resets or invitations are needed, set the SMTP vars in `.env` using the official Authentik email settings (`AUTHENTIK_EMAIL__HOST`, `__PORT`, `__USERNAME`, `__PASSWORD`, `__USE_TLS` or `__USE_SSL`, `__TIMEOUT`, `__FROM`). Port 587 normally means `AUTHENTIK_EMAIL__USE_TLS=true` and `AUTHENTIK_EMAIL__USE_SSL=false`.
|
||||
4. Create the Authentik database/user in shared Postgres
|
||||
5. Validate and start:
|
||||
|
||||
cd /mnt/docker-ssd/docker/compose/identity-authentik
|
||||
docker compose --env-file .env config
|
||||
docker compose --env-file .env up -d
|
||||
|
||||
5. Verify readiness:
|
||||
6. Verify readiness:
|
||||
|
||||
docker compose ps
|
||||
docker logs authentik-server --tail=50
|
||||
curl -fsS http://127.0.0.1:9000/-/health/ready/
|
||||
|
||||
6. Complete initial login with the bootstrap admin on the internal URL first, then wire the public Pangolin hostname `https://authentik.paccoco.com`. Grafana and other OIDC clients should use that public hostname instead of the LAN-only `http://10.5.30.6:9000` base URL.
|
||||
7. Build providers before cutover:
|
||||
7. If SMTP is enabled, send a test mail from inside the Authentik server container before relying on password reset or invitation flows.
|
||||
|
||||
8. Complete initial login with the bootstrap admin on the internal URL first, then wire the public Pangolin hostname `https://authentik.paccoco.com`. Grafana and other OIDC clients should use that public hostname instead of the LAN-only `http://10.5.30.6:9000` base URL.
|
||||
9. Build providers before cutover:
|
||||
|
||||
- Grafana: OAuth2/OIDC provider
|
||||
- Gitea: proxy provider, forward auth, single application
|
||||
- Technitium: proxy provider, forward auth, single application
|
||||
- Traefik dashboard: proxy provider, forward auth, single application
|
||||
|
||||
8. Bind those proxy providers to the embedded outpost.
|
||||
9. Cut apps over one at a time from Authelia forward-auth to Authentik forward-auth.
|
||||
10. Only remove Authelia after every migrated app and logout flow is verified.
|
||||
10. Bind those proxy providers to the embedded outpost.
|
||||
11. Cut apps over one at a time from Authelia forward-auth to Authentik forward-auth.
|
||||
12. Only remove Authelia after every migrated app and logout flow is verified.
|
||||
|
||||
Notes:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user