authentik-capauth (latest)
Published 2026-02-27 22:13:32 +00:00 by skadmin
Installation
docker pull skgit.skstack01.douno.it/skadmin/authentik-capauth:latestsha256:082dde485a8f3cba4406a5f761337b9ea8df56f03f2b86ba5dbe9dd559075d37About this package
goauthentik.io Main server image, see https://goauthentik.io for more info.
Image layers
| # debian.sh --arch 'amd64' out/ 'trixie' '@1760918400' |
| RUN /bin/sh -c dpkg -i /output/libssl-dev_* /output/libssl3t64_* /output/openssl_* && apt-mark hold libssl-dev libssl3t64 openssl && /build/fipsinstall.sh && apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends ca-certificates wget curl && apt-get clean && rm -rf /var/lib/apt/lists/* # buildkit |
| ARG XMLSEC_VERSION=1.3.7 |
| RUN |1 XMLSEC_VERSION=1.3.7 /bin/sh -c cd /scripts && ./xmlsec.sh # buildkit |
| ARG PYTHON_VERSION=3.13.9 |
| ARG PYTHON_VERSION_TAG=ak-fips-cc560f9 |
| ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
| RUN |2 PYTHON_VERSION=3.13.9 PYTHON_VERSION_TAG=ak-fips-cc560f9 /bin/sh -c set -eux; apt-get update; apt-get install -y --no-install-recommends ca-certificates netbase tzdata ; apt-get dist-clean # buildkit |
| ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305 |
| RUN |2 PYTHON_VERSION=3.13.9 PYTHON_VERSION_TAG=ak-fips-cc560f9 /bin/sh -c set -eux; savedAptMark="$(apt-mark showmanual)"; apt-get update; apt-get install -y --no-install-recommends dpkg-dev gcc gnupg libbluetooth-dev libbz2-dev libc6-dev libdb-dev libffi-dev libgdbm-dev liblzma-dev libncursesw5-dev libreadline-dev libsqlite3-dev make tk-dev uuid-dev wget xz-utils zlib1g-dev ; wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz"; mkdir -p /usr/src/python; tar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; rm python.tar.xz; cd /usr/src/python; gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; ./configure --build="$gnuArch" --enable-loadable-sqlite-extensions --enable-optimizations --enable-option-checking=fatal --enable-shared $(test "${gnuArch%%-*}" != 'riscv64' && echo '--with-lto') --with-ensurepip ; sed -i 's/^GITTAG=.*/GITTAG=echo ${PYTHON_VERSION_TAG}/g' Makefile; sed -i 's/^GITBRANCH=.*/GITBRANCH=echo ${PYTHON_VERSION_TAG}/g' Makefile; nproc="$(nproc)"; EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; LDFLAGS="${LDFLAGS:--Wl},--strip-all"; arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; case "$arch" in amd64|arm64) EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"; ;; i386) ;; *) EXTRA_CFLAGS="${EXTRA_CFLAGS:-} -fno-omit-frame-pointer"; ;; esac; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:-}" ; rm python; make -j "$nproc" "EXTRA_CFLAGS=${EXTRA_CFLAGS:-}" "LDFLAGS=${LDFLAGS:--Wl},-rpath='\$\$ORIGIN/../lib'" python ; make install; cd /; rm -rf /usr/src/python; find /usr/local -depth \( \( -type d -a \( -name test -o -name tests -o -name idle_test \) \) -o \( -type f -a \( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \) \) \) -exec rm -rf '{}' + ; ldconfig; apt-mark auto '.*' > /dev/null; apt-mark manual $savedAptMark; find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' | sort -u | xargs -rt dpkg-query --search | awk 'sub(":$", "", $1) { print $1 }' | sort -u | xargs -r apt-mark manual ; apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; apt-get dist-clean; export PYTHONDONTWRITEBYTECODE=1; python3 --version; pip3 --version # buildkit |
| RUN |2 PYTHON_VERSION=3.13.9 PYTHON_VERSION_TAG=ak-fips-cc560f9 /bin/sh -c set -eux; for src in idle3 pip3 pydoc3 python3 python3-config; do dst="$(echo "$src" | tr -d 3)"; [ -s "/usr/local/bin/$src" ]; [ ! -e "/usr/local/bin/$dst" ]; ln -svT "$src" "/usr/local/bin/$dst"; done # buildkit |
| CMD ["python3"] |
| ENV VENV_PATH=/ak-root/.venv PATH=/lifecycle:/ak-root/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy UV_NATIVE_TLS=1 UV_PYTHON_DOWNLOADS=0 |
| WORKDIR /ak-root/ |
| COPY /uv /uvx /bin/ # buildkit |
| ARG VERSION=refs/tags/version/2025.12.3 |
| ARG GIT_BUILD_HASH |
| ENV GIT_BUILD_HASH= |
| LABEL org.opencontainers.image.authors=Authentik Security Inc. org.opencontainers.image.source=https://github.com/goauthentik/authentik org.opencontainers.image.description=goauthentik.io Main server image, see https://goauthentik.io for more info. org.opencontainers.image.documentation=https://docs.goauthentik.io org.opencontainers.image.licenses=https://github.com/goauthentik/authentik/blob/main/LICENSE org.opencontainers.image.revision= org.opencontainers.image.source=https://github.com/goauthentik/authentik org.opencontainers.image.title=authentik server image org.opencontainers.image.url=https://goauthentik.io org.opencontainers.image.vendor=Authentik Security Inc. org.opencontainers.image.version=refs/tags/version/2025.12.3 |
| WORKDIR / |
| RUN |2 VERSION=refs/tags/version/2025.12.3 GIT_BUILD_HASH= /bin/sh -c apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends libpq5 libmaxminddb0 ca-certificates krb5-multidev libkrb5-3 libkdb5-10 libkadm5clnt-mit12 heimdal-multidev libkadm5clnt7t64-heimdal libltdl7 libxslt1.1 && apt-get install -y --no-install-recommends runit && pip3 install --no-cache-dir --upgrade pip && apt-get clean && rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/ && adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && mkdir -p /certs /data /media /blueprints && ln -s /media /data/media && mkdir -p /authentik/.ssh && mkdir -p /ak-root && chown authentik:authentik /certs /data /data/media /media /authentik/.ssh /ak-root # buildkit |
| COPY ./authentik/ /authentik # buildkit |
| COPY ./pyproject.toml / # buildkit |
| COPY ./uv.lock / # buildkit |
| COPY ./schemas /schemas # buildkit |
| COPY ./locale /locale # buildkit |
| COPY ./tests /tests # buildkit |
| COPY ./manage.py / # buildkit |
| COPY ./blueprints /blueprints # buildkit |
| COPY ./lifecycle/ /lifecycle # buildkit |
| COPY ./authentik/sources/kerberos/krb5.conf /etc/krb5.conf # buildkit |
| COPY /go/authentik /bin/authentik # buildkit |
| COPY ./packages/ /ak-root/packages # buildkit |
| RUN |2 VERSION=refs/tags/version/2025.12.3 GIT_BUILD_HASH= /bin/sh -c ln -s /ak-root/packages /packages # buildkit |
| COPY /ak-root/.venv /ak-root/.venv # buildkit |
| COPY /work/web/dist/ /web/dist/ # buildkit |
| COPY /work/web/authentik/ /web/authentik/ # buildkit |
| COPY /usr/share/GeoIP /geoip # buildkit |
| USER 1000 |
| ENV TMPDIR=/dev/shm/ PYTHONDONTWRITEBYTECODE=1 PYTHONUNBUFFERED=1 GOFIPS=1 |
| HEALTHCHECK &{["CMD" "ak" "healthcheck"] "30s" "30s" "1m0s" "0s" '\x03'} |
| ENTRYPOINT ["dumb-init" "--" "ak"] |
| USER root |
| COPY . /app/capauth # buildkit |
| ENV PIP_TARGET=/ak-root/.venv/lib/python3.13/site-packages |
| RUN /bin/sh -c pip install --no-cache-dir --no-deps /app/capauth && pip install --no-cache-dir PGPy # buildkit |
| COPY /build/authentik/web/dist/ /web/dist/ # buildkit |
| COPY authentik-custom/user_settings.py /data/user_settings.py # buildkit |
| COPY authentik-custom/capauth_migrate.py /lifecycle/system_migrations/capauth_migrate.py # buildkit |
| RUN /bin/sh -c chown 1000:1000 /data/user_settings.py && chmod 644 /data/user_settings.py /lifecycle/system_migrations/capauth_migrate.py # buildkit |
| USER authentik |
Labels
| Key | Value |
|---|---|
| org.opencontainers.image.authors | Authentik Security Inc. |
| org.opencontainers.image.description | goauthentik.io Main server image, see https://goauthentik.io for more info. |
| org.opencontainers.image.documentation | https://docs.goauthentik.io |
| org.opencontainers.image.licenses | https://github.com/goauthentik/authentik/blob/main/LICENSE |
| org.opencontainers.image.revision | |
| org.opencontainers.image.source | https://github.com/goauthentik/authentik |
| org.opencontainers.image.title | authentik server image |
| org.opencontainers.image.url | https://goauthentik.io |
| org.opencontainers.image.vendor | Authentik Security Inc. |
| org.opencontainers.image.version | refs/tags/version/2025.12.3 |
Details
2026-02-27 22:13:32 +00:00
Versions (2)
View all
Container
1
OCI / Docker
linux/amd64
Authentik Security Inc.
https://github.com/goauthentik/authentik/blob/main/LICENSE
373 MiB