Authentik: How to Install with Docker and Why You Should

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

finish you are and welcome back to another ipro corp video thank you guys for coming in and checking out today's video it's an absolute pleasure to have you here as usual today we've got an exciting one for you we're going to be showing you authentic something that's been requested quite a bit by our members and today we're going to hopefully deliver that for you longtime members of vibricorp will know that we love orthelia we've done so many videos of it we were the first to get a video out on it giving you a guide on how it works and how to set it up and that was on unraid we've also given you docker compost but we've exhausted that pretty well up until this point now authentic came up quite a while back and we did look into it but at the time it was still very early in development and we just didn't have the time project wise to take a look thankfully though one of our members has actually put the container up on the community app store so thank you sternber for getting the containers up there for everyone to use that makes it a lot easier for us to cover of course because we don't have to also get the container template up there as well now today i'm going to be showing you this on unrate so we're going to be showing some love to our unraid fans and we're going to be showing you how to get it installed get it running sign in and then get started on your own we'll show you that initial part usually it's very complicated if you don't know how to do it the first time it can be very confusing but we're going to do all that for you so all you get to see is the working magic so authentic is an open source identity provider focused on flexibility and versatility if this sounds like something you're interested in and you want to set it up for your server and protect your infrastructure then without further ado let's get stuck into it thanks for coming in guys like i said it's going to be an exciting video today if you're interested in supporting the channel please remember you can like and subscribe at the bare minimum you can also donate to us or subscribe to our website as a member all of our contributions are going back to developers back to the community and helping us increase the content quality that we can put out for you so like i said we're going to be looking at authentic let's scroll through the main website here and we can see first of all i will note that they have very decent documentation this video today we don't have our own documentation for it we might spin one up just showing you the install process and we'd be happy to do that but in terms of the full length documentation on what fenty can offer you and how to use it we really recommend you check out their official docs there again you can also support the project go over to github and join their discord as well if you like too going through the website we can see a couple of notes it's easy to use it's made easy authentic makes single sign-on user enrolment and access control simple now if you know from our previous videos when we did ldap which is quite a common backend for user authentication that we also had pwm running and a bunch of other things to give us sort of portals and workflows and things like that so we had to mishmash a few things now authentic can offer that built into one package and once you get your head around it it makes a lot of sense that allows you to have that workflow like we just said it's powered by python and if they summarize that what is authentic is an open source identity provider focused on flexibility and versatility you can use it in an existing environment to add support for new protocols implement sign up recovery etc in your application so you don't have to deal with it and many other things and so if you're a developer this is where this can really come in handy and allow you to integrate this to applications that you're building as well so as you can see do you need an active directory sso provider do you want to implement custom enrollment well yeah are you developing an application and want to deal with user verification and recovery no authentic can do all of that and more so that's what they say here and of course it's got a dark theme which is a big plus here on the apricorp channel as you know also on the website they have a nice breakdown of why choose authentic now we love orthelia and we still highly recommend it but as you can see ophthalia is one part of what authentic does so yes necessarily it can tick a lot of these boxes as you can see down here but the purpose of authentic covers a lot more and looking at this graph it's pretty impressive when you think about it so that's pretty much the intro to authentic i know it doesn't sound like much at the moment but once we get it spinning we can have a quick look around before we end the video so we'll show you how to do that now and uh feel free to join along if you're using docker compos guys it's even easier you you have they have the docker compost here on the docs page so if we go to installation docker compost you've got the compost file all here ready to go you just build it um for everyone else you also have kubernetes we have beta versions if you want them i have to set them up with the reverse proxies so from here i'm going to show you a couple of things first of all npm is a extra here this was just for my own testing so you don't need to have npm running for this unless you're ready to reverse proxy it the other two things that we need as prerequisite is postgres and redis depending where you are in the world i also like to call it redis so i don't know whatever you want to call it drop it in the comments below maybe we'll we'll say it right one day so here we go we've got postgres first so make sure you've got postgres running if you don't easy enough go over to the app store and grab one and now the container we're using here today is by flight triple seven and unraid template that just works he's not wrong thank you very much for that mate you have done a great job the container launches perfectly fine and real easy so for the purpose of today's video the placeholders i've used for use names and passwords are highly insecure putting a disclaimer here right now anywhere we use a password make sure you're using a very secure password and different passwords for different things first things first postgres password we've just put postgre again postgres down here the postgres database name i've changed it to authentic the storage path so that's going to our cache app data dsm rdb data doesn't matter that's where the default is if you want to change that go ahead and change it the web interface port is five four three two also the default have not changed that our custom docker network we're making sure we're on our custom docker network if you don't know how to do that we've done a video update container name now by default it wasn't called postgres i have a habit of changing the names to something very simple and lowercase that's personal preference and that's going to be really important when we're using host names to connect containers to each other this makes it a lot easier to manage that way now if you wanted multiple postgres containers then i would recommend maybe you put postgres underscore authentic and you know that that particular container is just for authentic however you want to do it alternatively you can have multiple databases inside the postgres server so we're going to leave it as this this is our postgres server we start it up and sure enough it runs perfectly fine don't have to do anything special with it after that the next thing we install is redis now if you're already using ophelia you're probably using redis as well i'll show you the redis template as well so as usual i usually use the bitnami redis container on the app store the default port 6379 allow empty password is set to no and then we've set a redis password in our case it's redis don't use it the app data is the default redis bitnami that's fine i'm happy with that click apply and that will just fire up and will be running for you now with those two things done you're left with essentially authentic to do now we have those two things in place now in my scenario doing this i started with the worker and then i installed authentic i don't know whether there's a particular order because we have not tested it the other way around but since i know that it works i'm going to show you that method so first of all go to the app store you'll see authentic here if not search for it currently it's up by sternbear's repository so thank you for that you also click show more since it's so recent you'll also see our crowd sec containers here and here we have the documentation written up for you on our website on docs the ibracorpta io for unraid we haven't done a video on it but that will be coming very soon so first of all start with the worker go ahead and install that and this is what our template looks like now that we've completed it we have the name of the container authentic hyphen worker we have a version tag appended to the end here so keep in mind that if you want to change that version later you'll have to set a different tag now this is recommended for a few reasons guys i personally always use auto updates i'd take that risk but there are benefits to using a tagged release and the benefit is you never know what the new version might bring and what it might break so it's better off to set a particular version that you know works and you're happy with until you're ready to upgrade it yourself so here we start setting up our redis and our postgresql information so the first one is our host now the container name because we're on the same custom docker network as you can see here we can use our container names to refer to them instead of using an ip address and port so the container name for me is redis and the container name for this is postgres as i explained the database user that we configured is postgres the db name authentic and the db password postgres error reporting is set to true and then it wants us to create a secret key now in their docs there is a particular command you can run to get the key personally all i did was go to passwords generator.net as it's linked here on here we go to 32 really strong i just like to remove symbols sometimes that can cause issues and now we've got this long encryption key we can use so basically just copy that and go back so sure enough we paste that here i know this one works already i've used it so we've leave that one as is now to be honest with these parts i haven't looked into how important it is where we put them at this stage and that's something that we can review later but for now i've put it under the app data location for authentic so we set up a backups one we just created that media and certs and then we've also linked to our docker socket okay pretty much the same path that it's got custom templates again the same as above i created a template section for that just to map it and then it asks for our redis password which in our case was redis and with all that set you go ahead and click apply and then once you apply it you'll see that there's quite a bit of logs happening in the initial startup from here you can see that it starts to try to connect to our database and once it eventually connects it just works so it starts building up a bunch of stuff for us and so you might be wondering what is the authentic worker so the worker executes background tasks everything that you can see on the systems tasks page in the front end so basically it does all the turning of information and once you have that running we can then install authentic so go back to the app store again and we want the actual authentic container here now and we want to install that and here we are on the authentic template and we follow through the same thing so with our network type we've got the custom docker network again we have that tag release remember that's here as well as for the ports that we want to run it on so 9000 and 9443 are the default in this template set it to whatever you prefer our redis host is redis again for postgres as well then our postgres user db name and password very similar to the other container if you come down a little lower we have our error reporting and then we have max mine now if you use max mine before you'll know what it is it basically gives you access to geo information uh based on ip addresses and see where hits are coming from and where they're going to it gives you a location now you have to sign up for that you can get the free license etc you sign in you get the license key you paste that key here your account id here and you can also download the database so that it doesn't have to load it so you download the geolite database and you put it into this location now where's this location it's the one right here so as you can see on our host we've mapped that to authentic geoip inside the container it just sees it as grip so then in the container we're saying goip geolite2 mmdb then we have that key again now make sure this is the same key that you have in your worker and vice versa put the same key in both containers then our red is password as usual the templates location docker socket and the media folder once you do that go ahead and click apply now something you may come across is that it actually doesn't end up loading and it might just start and then eventually crash on you it's not actually crashing i don't believe i think it's trying to migrate stuff to the database once the container stops all i had to do was start it again and then it immediately just connected fine after that so it's been up since then so now we have both containers running we should be able to get to the initial logon page so standby has written it out for us in the container description it's basically this path and then we add your server ip in here obviously the port is 9000 unless you've changed that then change it to whatever you're running it on in order to be able to access it but this path on the end here is important so make sure you take that whole path and voila we put that path in and it takes us to the sign-in page so on the sign-in page it will allow us to set up our admin user also called the ak admin so set it up with all the information you want there's my user put the email and password we click continue and congratulations you've signed into authentic we now have an authentic server running for us and it's working fine so maybe the next thing you want to do is head to the admin interface and as soon as you get in there you're greeted with the admin panel and you can see a whole bunch of information across the top as well as our system status version and the workers that we have running it also gives you a log of previous logins in the last 24 hours under users we can create users we can see any failed logins any sort of issues like that we can monitor what's happening all the system tasks and when they're expected to run and then you get under applications so guys i hope you enjoy that that's the installation and initial login of authentic we hope it answers a couple of questions and at least getting you up and running at that point you can follow the documentation that they offer to try and understand a bit more about how it works we'll cover again in future if you're interested be sure to let us know in the comments and we hope we can work with the authentic dev again to try and get this up and running for you we hope you have a fantastic easter break please stay safe out there and don't forget to like and subscribe it really helps the channel we really want to grow and find more people like yourself who are interested in what we have to say thank you very much and we'll see you in the next hyprecorp video you

Info

Channel: IBRACORP

Views: 46,081

Rating: undefined out of 5

Keywords: authentik docker, ibracorp, ibraco, ibra corp, authentik, open-source, open-source identity, oidc, sso, ldap, azure, SAML, oAuth, provider, outposts, auth server, authentik unraid, authentik install, authentik guide, authentik review, how to install authentik, authentik auth, authentik setup, authelia unraid, authentik trailer, oauth2 explained, oauth vs saml, saml vs oauth2 vs openid, ibracorp authelia, ldap linux, open-source software, authelia docker, azure active directory

Id: g-pbzAaYMq4

Channel Id: undefined

Length: 15min 11sec (911 seconds)

Published: Fri Apr 15 2022