1、docker-compose.yml
services:

postgresql:
image: postgres:16-alpine
container_name: postgresql
restart: unless-stopped
environment:
POSTGRES_DB: ${PG_DB:-authentik}
POSTGRES_USER: ${PG_USER:-authentik}
POSTGRES_PASSWORD: ${PG_PASS}
TZ: Asia/Shanghai
POSTGRES_INITDB_ARGS: "--auth-host=scram-sha-256"
command: >
postgres
-c max_connections=120
-c shared_buffers=256MB
-c password_encryption=scram-sha-256
volumes:
- database:/var/lib/postgresql/data
networks:
- 1panel-network
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${PG_USER:-authentik}"]
interval: 10s
timeout: 5s
retries: 10

pgbouncer:
image: edoburu/pgbouncer:latest
container_name: pgbouncer
restart: unless-stopped
depends_on:
postgresql:
condition: service_healthy
environment:
DB_HOST: postgresql
DB_PORT: 5432
DB_USER: ${PG_USER:-authentik}
DB_PASSWORD: ${PG_PASS}
DB_NAME: ${PG_DB:-authentik}

POOL_MODE: transaction

MAX_CLIENT_CONN: 1000
DEFAULT_POOL_SIZE: 80
MIN_POOL_SIZE: 20
RESERVE_POOL_SIZE: 10
RESERVE_POOL_TIMEOUT: 3

AUTH_TYPE: scram-sha-256
ports:
- "6432:5432"
networks:
- 1panel-network

server:
image: ghcr.io/goauthentik/server:2026.2.2
container_name: server
command: server
restart: unless-stopped
depends_on:
pgbouncer:
condition: service_started
environment:
TZ: Asia/Shanghai

AUTHENTIK_POSTGRESQL__HOST: pgbouncer
AUTHENTIK_POSTGRESQL__PORT: 5432
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}

AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}

AUTHENTIK_POSTGRESQL__CONN_MAX_AGE: 30
AUTHENTIK_POSTGRESQL__CONN_HEALTH_CHECKS: "true"
AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS: "true"
ports:
- "9000:9000"
- "9443:9443"
volumes:
- ./data:/data
- ./custom-templates:/templates
networks:
- 1panel-network

worker:
image: ghcr.io/goauthentik/server:2026.2.2
container_name: worker
command: worker
restart: unless-stopped
depends_on:
pgbouncer:
condition: service_started
environment:
TZ: Asia/Shanghai

AUTHENTIK_POSTGRESQL__HOST: pgbouncer
AUTHENTIK_POSTGRESQL__PORT: 5432
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}

AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}

AUTHENTIK_POSTGRESQL__CONN_MAX_AGE: 30
AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS: "true"

AUTHENTIK_WORKER__PROCESSES: 1
AUTHENTIK_WORKER__THREADS: 4
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/data
- ./certs:/certs
- ./custom-templates:/templates
networks:
- 1panel-network

volumes:
database:

networks:
1panel-network:
external: true
2、.env
PG_USER=authentik
PG_DB=authentik
PG_PASS=Fb9rB2mbQGaBBTdhiwbv7jEWWTgLrXATDvAJlGNJvMzYfWhh
AUTHENTIK_SECRET_KEY=07yYAmqAeV8dX8XV/k1RmM+KgzU3zAPUp0TL8ywI+aq2lf3+
AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS="192.168.0.0/16,172.21.0.0/12,0.0.0.0/0"
AUTHENTIK_SERVER__EXTERNAL_HOST=https://auth.198388.xyz
AUTHENTIK_INSECURE=false
AUTHENTIK_HOST=https://auth.198388.xyz
TZ=Asia/Shanghai
AUTHENTIK_INSECURE=false
3、放在同一个目录后运行docker compose up -d
请输入代码
4、查看密码pgbouncer密码
docker exec -it pgbouncer cat /etc/pgbouncer/userlist.txt
5、连接pgbouncer
docker exec -it pgbouncer psql -h 127.0.0.1 -p 5432 -U authentik authentik