Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.

--- content:serverbasics:docker-authentik [2025/04/10 12:10] – [Secure LDAP- Users with TOTP] obel1x
+++ content:serverbasics:docker-authentik [2025/06/05 23:25] (aktuell) – [Dockerfile] obel1x
@@ Zeile 61: / Zeile 61: @@
     volumes:
       - authentik_pgsql_data:/var/lib/postgresql/data
+      - authentik_backup:/tmp/backup
 #Defined in .env
 #    environment:
@@ Zeile 145: / Zeile 146: @@
 volumes:
   authentik_pgsql_data:
+  authentik_backup:
   authentik_media:
   authentik_custom_templates:
@@ Zeile 153: / Zeile 155: @@
  nextcloud-aio:
    external: true
+# Still needs to be defined while without it won't enable ipv6
+  default:
+    driver: bridge
+    enable_ipv6: true
 </file>
 Carefully look at each line to fit your needs.
 ===== Caddy =====
@@ Zeile 178: / Zeile 185: @@
 and set the Password for the admin user ''akadmin''.
-===== Additional Doings =====
+===== Backup PostgresSQL Database =====
+This is really VERY Important! The reason is, that every PostgresDB- Version has it own Database- File- Format and if you update Postgres from on Major Version to the next, you WILL NOT BE ABLE to start your DB with the old Volume- Data!
+You NEED to have the DB-Backed up and restored to the next Version!
+Create a File in your Docker- Dir named e.g. ''docker_backup_authentik_db.sh:''
+<file>
+#!/bin/bash
+# Make Postgres-Backup of Authentik
+echo "Backup of authentik-postgres to servername-authentik_pgsql-1:/tmp/backup"
+/home/docker/bin/docker exec -t -e PGPASSWORD=YOURPASSWORD servername-authentik_pgsql-1 pg_dump --compress=zstd:8 -f /tmp/backup/pg_dump_authentik.sql -U authentik authentik
+echo "Done Backup of Authentik-DB."
+</file>
+Now add this script to  ''backup/docker_backup_all.sh'' .
 Don't forget to extend your ''backup/docker_backup_all.sh'' by adding ''authentik'' to the service- list if you have not done so far.
+If you Update the Major- Version, make sure to create a new Volume for your pgsql- data.
 ===== Configuring =====
@@ Zeile 224: / Zeile 251: @@
 The Next time you are logging in with User and Password in Authentik, it will ask to setup a TOTP- Device. You can for example use [[https://f-droid.org/de/packages/org.liberty.android.freeotpplus/|https://f-droid.org/de/packages/org.liberty.android.freeotpplus/]]
-Hint: There is also an default Flow for this to import in Authentik here https://docs.goauthentik.io/docs/add-secure-apps/flows-stages/flow/examples/flows#two-factor-login
+Hint: There is also an default Flow for this to import in Authentik here [[https://docs.goauthentik.io/docs/add-secure-apps/flows-stages/flow/examples/flows#two-factor-login|https://docs.goauthentik.io/docs/add-secure-apps/flows-stages/flow/examples/flows#two-factor-login]]
+== Current Bug ==
+At the time of writing this, there was a bug here: https://github.com/goauthentik/authentik/issues/5972#issuecomment-2075631779
+So if you have to enter the OTP twice, than go to Flows, click on ''default-authentication-flow'', Tab Stage Bindings and delete the ''default-authentication-mfa-validation'' Stage (not the other MFA!)