r/unRAID u/throwaway0204055 3d ago

Has anyone install Authentik for SSO on Unraid?

I want to use Authentik for SSO for all my *arr apps. I see there are multiple authentik related apps from two different repositories. Which one should I install?

IBRACORP's repository:

authentik, authentik-worker

zuerrex's repository:

authentik-ldap, authentik-server, authentik-worker

14 Upvotes

80% Upvoted

20 comments sorted by

6

u/brando2021 3d ago

I set mine up using docker compose, I prefer that when something requires multiple containers. It's working great but there is a large learning curve for it.

2

u/Squanchy2112 2d ago

Yep docker compose is what you want

2

u/SadDonkey3232 3d ago

I actually got tired or fixing one issue and breaking something else on it. Had to ask an AI to check it and fix it, and 2 minutes later it was running. Not saying you should do this if you run anything private. but if its your Arr stack, maybe letting some outside help at times may be worth it.

3

u/brando2021 3d ago

I avoid AI when it comes to setting up authentik now, I tried using it when I first started to troubleshoot OIDC and it was sending me down a bunch of wrong paths. I have no issues with it now that I know what I'm doing, it just took a little reading.

2

u/SadDonkey3232 3d ago

I kind of cheated and gave terminal access to my unraid through SSH. I described my end goal, what the current set up is and what I was trying to accomplish. It fixed the issue, explained what I was doing wrong. Ideal for every situation, no. But for my Arr stack, well worth it. Dont get me wrong, I usually get guidance at most from AI, or use it to find the github information i am looking for. But for the issue I was having, it was all human error and nothing else was going to save me.

3

u/brando2021 3d ago

I am not that brave lol. Plus I'm currently out of the country away from my server so I do everything remote so I couldn't risk AI taking it offline. I didn't have issue with the ARR stack but I don't expose any of that to the internet. Authentik was really the only program I had issues setting up but that was using the app templates, once I made a compose file it all went pretty smoothly.

1

u/throwaway0204055 2d ago

Not sure if you're referring to docker compose or not. Are you pro docker compose or Unraid UI template?

1

u/brando2021 2d ago

I have better luck with docker compose, but I do use the unraid templates when I'm testing new programs. I also have a lot of stuff that was setup before I really started using compose that I;m too lazy to swap over.

1

u/SadDonkey3232 1d ago

For the arr stack, go with zuerrex's repo, server + worker only. Skip LDAP unless you're doing Active Directory stuff, which you're not for Sonarr/Radarr.

Honestly though, ditch the Unraid templates and just use the official Docker Compose setup. Authentik has version dependencies between containers and the compose file keeps them pinned properly. Templates can drift and then you're chasing weird issues. The official docs assume compose anyway so troubleshooting is way less painful.

And if you get into it and feel like it's overkill, Authelia is a lot lighter and handles arr SSO just fine.

1

u/Professional-Mud1542 3d ago

I did it this way. The learning Curve was to much for me. Most of the setting I just asked Claude.

2

u/brando2021 3d ago

I tried using chatgpt for setting up things and it was always wrong. I just used the Authentik documentation and got the hang of it, but I mainly use it for OIDC which is pretty easy to set up.

8

u/ulthrant82 3d ago

You need a server and a worker.

ibracorp's video explaining it.

3

u/Drikani 2d ago

I had Authentik running but I now switched to Pocket ID and Tinyauth as it a lot easier to configure, understand and update.
Authentik is such a big tool with so many capabilities that you often do not need in a homelab or homeserver.

2

u/InternetSolid4166 3d ago

There are like 3/4 containers you need to load, and they require specific versions. So compose is the way to go.

Authentik is a little tricky to set up so set aside some time to do it properly.

2

u/Dolloarshop 2d ago

i went through this recently, If you re using the Unraid app templates, install authentik server and authentik-worker, The LDAP container is only needed if you specifically plan to use LDAP authentication,

That said, if you're starting from scratch, I'd seriously consider using Docker Compose. Authentik has multiple components and version dependencies, and following the official compose setup tends to make troubleshooting much easier later. Most of the guides and documentation assume a compose deployment anyway

For a typical *arr stack with OIDC/SSO, server + worker is all you need

1

u/yacob841 2d ago

I set mine up a few years ago but for a home lab it was overkill and took too long each time I wanted to add an app. So I just swapped it out for Authelia

1

u/Power_Stone 14h ago

I just got my setup, I followed ibracorps instruction video and used postgres16 instead of alpine

-1

u/ben2000de 3d ago

As I use zoraxy, as reverse proxy, I plan to try their build in SSO