kenpat/kitestacks-homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

docs: add Authentik SSO status and service inventory

Browse source
This commit is contained in:
kenpat 2026-06-08 20:20:32 +00:00
parent 6d302a66e9
commit 8d39ca4150
1 changed files with 79 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

79
apps/authentik/AUTHENTIK.md Normal file
View file

@ -0,0 +1,79 @@
# Authentik SSO — Setup & Status
## Server
- **Host:** `100.90.13.55` (Assassin, Debian 6.12.90 amd64)
- **Authentik version:** 2025.2.4 (Enterprise)
- **Stack location:** `/home/kenpat/docker/authentik/docker-compose.yml`
- **Web UI:** `http://100.90.13.55:9001` / `http://100.90.13.55:9001/if/admin/`
- **API base:** `http://100.90.13.55:9001/api/v3/`
## Architecture
Authentik runs as a 4-container stack:
| Container | Role |
|-----------|------|
| `authentik` | Web server (port 9001) |
| `authentik-worker` | Background task worker |
| `authentik-postgres` | PostgreSQL 16 database |
| `authentik-redis` | Redis cache |
Both server and worker are on the `kitestacks` external Docker network.
## Configured Applications
| App | Provider ID | Status |
|-----|-------------|--------|
| Grafana | 1 | Configured |
| Kavita | 2 | Configured |
| Open WebUI | 3 | Configured |
| Forgejo | 4 | Configured |
> SSO verification pending — not yet tested end-to-end.
## All Services Running on Server
| Service | Image | External Port |
|---------|-------|---------------|
| forgejo | forgejo:11 | 3006 (HTTP), 2222 (SSH) |
| kite-openwebui | open-webui | 3100 |
| grafana | grafana-oss | 3150 |
| cloudflared | cloudflared | — (tunnel) |
| shaarli | shaarli | 8085 |
| homepage | nginx | 3005 |
| homepage-test | gethomepage | 3007 |
| kitestacks-portal | nginx | 3008 |
| openproject | openproject:13 | 8080 |
| kite-litellm | litellm | 4000 |
| bookstack | bookstack | 6875 |
| authentik | server:latest | 9001 |
| kavita | kavita | 5000 |
| portainer | portainer-ce | 9443 |
| prometheus | prometheus | 9090 |
| node-exporter | node-exporter | 9100 |
| uptime-kuma | uptime-kuma | 3001 |
## External Access (Cloudflare Tunnel)
Tunnel is token-based — ingress rules live in the Cloudflare dashboard:
**dash.cloudflare.com → Zero Trust → Networks → Tunnels**
No local `config.yml` — all routing configured via the dashboard.
## Pending Integrations
Services not yet added to Authentik SSO:
- [ ] Bookstack
- [ ] OpenProject
- [ ] Portainer
- [ ] Homepage
- [ ] Shaarli
- [ ] Uptime Kuma
## Next Steps
1. Confirm public domain from Cloudflare tunnel dashboard
2. Test SSO login on Forgejo, Grafana, Kavita, Open WebUI
3. Add remaining services (see Pending Integrations above)
4. Set up SSH key auth on the server (currently password only)