Block a user
goauthentik (latest)
Published 2026-05-16 17:26:10 +02:00 by poma
Installation
docker pull gitea.poma-lab.com/poma/goauthentik:latestsha256:771b176ab7f17179867f7feda23f115f4f7cfe516ad12447f18c2a8a5da78de5
About this package
goauthentik.io Main server image, see https://goauthentik.io for more info.
Image Layers
| # debian.sh --arch 'amd64' out/ 'bookworm' '@1754870400' |
| ARG OPENSSL_VERSION=3.1.2 |
| ARG OPENSSL_VERSION_SUFFIX=ak-fips |
| ENV build_root=/build |
| COPY /build/output /build/fake-deb # buildkit |
| RUN |2 OPENSSL_VERSION=3.1.2 OPENSSL_VERSION_SUFFIX=ak-fips /bin/sh -c mkdir -p $build_root && apt-get update && apt-get install -y --no-install-recommends build-essential wget ca-certificates && cd ${build_root} && wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz -O openssl.tgz && tar xvf openssl.tgz && apt-get remove --purge -y wget openssl && cd $build_root/openssl-${OPENSSL_VERSION} && sed -i "s:BUILD_METADATA=:BUILD_METADATA=${OPENSSL_VERSION_SUFFIX}:" VERSION.dat && ./config fips $cryptography_ssl_options && make depend && make -j$(nproc) && make install_sw install_ssldirs install_fips && (cp -r /usr/local/lib64/* /usr/local/lib/ || true) && openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module $(find /usr/local/lib -name fips.so) && sed -i "s:# .include fipsmodule.cnf:.include /usr/local/ssl/fipsmodule.cnf:" /usr/local/ssl/openssl.cnf && sed -i 's:# fips = fips_sect:fips = fips_sect:' /usr/local/ssl/openssl.cnf && sed -i 's:# \[provider_sect\]:\[provider_sect\]:' /usr/local/ssl/openssl.cnf && apt-get remove --purge -y build-essential && apt-get autoremove --purge -y && rm -rf /var/lib/apt/lists/* && dpkg -i ${build_root}/fake-deb/*deb && apt-mark hold libssl-dev libssl3 openssl && rm -rf ${build_root} && ln -s /usr/local/bin/openssl /usr/bin/openssl && sed -i 's:# activate = 1:activate = 1:' /usr/local/ssl/openssl.cnf && echo "\n[algorithm_sect]\ndefault_properties = fips=yes" >> /usr/local/ssl/openssl.cnf # buildkit |
| RUN |2 OPENSSL_VERSION=3.1.2 OPENSSL_VERSION_SUFFIX=ak-fips /bin/sh -c apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends ca-certificates wget && apt-get clean && rm -rf /var/lib/apt/lists/* # buildkit |
| ENV SSL_CERT_DIR=/etc/ssl/certs |
| ARG XMLSEC_VERSION=1.3.7 |
| ENV build_root=/build |
| RUN |1 XMLSEC_VERSION=1.3.7 /bin/sh -c mkdir -p ${build_root} && cd ${build_root} && apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends wget gnupg libxml2 build-essential libxml2-dev libltdl-dev && wget https://github.com/lsh123/xmlsec/releases/download/${XMLSEC_VERSION}/xmlsec1-${XMLSEC_VERSION}.tar.gz -O xmlsec.tgz && wget https://github.com/lsh123/xmlsec/releases/download/${XMLSEC_VERSION}/xmlsec1-${XMLSEC_VERSION}.sig -O xmlsec.sig && gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 00FDD6A7DFB81C88F34B9BF0E63ECDEF9E1D829E && gpg --batch --verify xmlsec.sig xmlsec.tgz && gpgconf --kill all && rm -rf "$GNUPGHOME" xmlsec.sig && tar xvzf xmlsec.tgz && cd xmlsec1-${XMLSEC_VERSION} && mkdir build && cd build && ../configure && make -j $(nproc) && make check && make install && apt-get remove --purge -y wget gnupg build-essential libxml2-dev libltdl-dev && apt-get autoremove --purge -y && apt-get clean && rm -rf ${build_root} && rm -rf /var/lib/apt/lists/* # buildkit |
| ARG PYTHON_VERSION=3.13.6 |
| ARG PYTHON_VERSION_TAG=ak-fips-991fb6c |
| ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
| ENV LANG=C.UTF-8 |
| RUN |2 PYTHON_VERSION=3.13.6 PYTHON_VERSION_TAG=ak-fips-991fb6c /bin/sh -c set -eux; apt-get update; apt-get install -y --no-install-recommends netbase tzdata ; rm -rf /var/lib/apt/lists/* # buildkit |
| ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305 |
| RUN |2 PYTHON_VERSION=3.13.6 PYTHON_VERSION_TAG=ak-fips-991fb6c /bin/sh -c set -eux; savedAptMark="$(apt-mark showmanual)"; apt-get update; apt-get install -y --no-install-recommends dpkg-dev gcc gnupg libbluetooth-dev libbz2-dev libc6-dev libdb-dev libexpat1-dev libffi-dev libgdbm-dev liblzma-dev libncursesw5-dev libreadline-dev libsqlite3-dev make tk-dev uuid-dev wget xz-utils zlib1g-dev ; wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"; GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY"; gpg --batch --verify python.tar.xz.asc python.tar.xz; gpgconf --kill all; rm -rf "$GNUPGHOME" python.tar.xz.asc; mkdir -p /usr/src/python; tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; rm python.tar.xz; cd /usr/src/python; gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; ./configure --build="$gnuArch" --enable-loadable-sqlite-extensions --enable-optimizations --enable-option-checking=fatal --enable-shared --with-lto --with-system-expat --with-ensurepip ; sed -i 's/^GITTAG=.*/GITTAG=echo ${PYTHON_VERSION_TAG}/g' Makefile; sed -i 's/^GITBRANCH=.*/GITBRANCH=echo ${PYTHON_VERSION_TAG}/g' Makefile; nproc="$(nproc)"; EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; LDFLAGS="${LDFLAGS:--Wl},--strip-all"; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:-}" "PROFILE_TASK=${PROFILE_TASK:-}" ; rm python; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" "PROFILE_TASK=${PROFILE_TASK:-}" python ; make install; cd /; rm -rf /usr/src/python; find /usr/local -depth \( \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \) -exec rm -rf '{}' + ; ldconfig; apt-mark auto '.*' > /dev/null; apt-mark manual $savedAptMark; find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u | xargs -r apt-mark manual ; apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; rm -rf /var/lib/apt/lists/*; export PYTHONDONTWRITEBYTECODE=1; python3 --version; pip3 --version # buildkit |
| RUN |2 PYTHON_VERSION=3.13.6 PYTHON_VERSION_TAG=ak-fips-991fb6c /bin/sh -c set -eux; for src in idle3 pip3 pydoc3 python3 python3-config; do dst="$(echo "$src" | tr -d 3)"; [ -s "/usr/local/bin/$src" ]; [ ! -e "/usr/local/bin/$dst" ]; ln -svT "$src" "/usr/local/bin/$dst"; done # buildkit |
| CMD ["python3"] |
| ENV VENV_PATH=/ak-root/.venv PATH=/lifecycle:/ak-root/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy UV_NATIVE_TLS=1 UV_PYTHON_DOWNLOADS=0 |
| WORKDIR /ak-root/ |
| COPY /uv /uvx /bin/ # buildkit |
| ARG VERSION=refs/tags/version/2025.8.1 |
| ARG GIT_BUILD_HASH |
| ENV GIT_BUILD_HASH= |
| LABEL org.opencontainers.image.authors=Authentik Security Inc. org.opencontainers.image.description=goauthentik.io Main server image, see https://goauthentik.io for more info. org.opencontainers.image.documentation=https://docs.goauthentik.io org.opencontainers.image.licenses=https://github.com/goauthentik/authentik/blob/main/LICENSE org.opencontainers.image.revision= org.opencontainers.image.source=https://github.com/goauthentik/authentik org.opencontainers.image.title=authentik server image org.opencontainers.image.url=https://goauthentik.io org.opencontainers.image.vendor=Authentik Security Inc. org.opencontainers.image.version=refs/tags/version/2025.8.1 |
| WORKDIR / |
| RUN |2 VERSION=refs/tags/version/2025.8.1 GIT_BUILD_HASH= /bin/sh -c apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends libpq5 libmaxminddb0 ca-certificates libkrb5-3 libkadm5clnt-mit12 libkdb5-10 libltdl7 libxslt1.1 && apt-get install -y --no-install-recommends runit && pip3 install --no-cache-dir --upgrade pip && apt-get clean && rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/ && adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && mkdir -p /certs /media /blueprints && mkdir -p /authentik/.ssh && mkdir -p /ak-root && chown authentik:authentik /certs /media /authentik/.ssh /ak-root # buildkit |
| COPY ./authentik/ /authentik # buildkit |
| COPY ./pyproject.toml / # buildkit |
| COPY ./uv.lock / # buildkit |
| COPY ./schemas /schemas # buildkit |
| COPY ./locale /locale # buildkit |
| COPY ./tests /tests # buildkit |
| COPY ./manage.py / # buildkit |
| COPY ./blueprints /blueprints # buildkit |
| COPY ./lifecycle/ /lifecycle # buildkit |
| COPY ./authentik/sources/kerberos/krb5.conf /etc/krb5.conf # buildkit |
| COPY /go/authentik /bin/authentik # buildkit |
| COPY ./packages/ /ak-root/packages # buildkit |
| RUN |2 VERSION=refs/tags/version/2025.8.1 GIT_BUILD_HASH= /bin/sh -c ln -s /ak-root/packages /packages # buildkit |
| COPY /ak-root/.venv /ak-root/.venv # buildkit |
| COPY /work/web/dist/ /web/dist/ # buildkit |
| COPY /work/web/authentik/ /web/authentik/ # buildkit |
| COPY /usr/share/GeoIP /geoip # buildkit |
| USER 1000 |
| ENV TMPDIR=/dev/shm/ PYTHONDONTWRITEBYTECODE=1 PYTHONUNBUFFERED=1 GOFIPS=1 |
| HEALTHCHECK &{["CMD" "ak" "healthcheck"] "30s" "30s" "1m0s" "0s" '\x03'} |
| ENTRYPOINT ["dumb-init" "--" "ak"] |
Labels
| Key | Value |
|---|---|
| org.opencontainers.image.authors | Authentik Security Inc. |
| org.opencontainers.image.description | goauthentik.io Main server image, see https://goauthentik.io for more info. |
| org.opencontainers.image.documentation | https://docs.goauthentik.io |
| org.opencontainers.image.licenses | https://github.com/goauthentik/authentik/blob/main/LICENSE |
| org.opencontainers.image.revision | |
| org.opencontainers.image.source | https://github.com/goauthentik/authentik |
| org.opencontainers.image.title | authentik server image |
| org.opencontainers.image.url | https://goauthentik.io |
| org.opencontainers.image.vendor | Authentik Security Inc. |
| org.opencontainers.image.version | refs/tags/version/2025.8.1 |