Skip to main content

Installing Authentik on CasaOS (Big Bear Template)

Overview

This article outlines the successful installation of Authentik on an Ubuntu server running CasaOS (192.168.0.152). Authentik is a complex application consisting of four separate containers that must communicate over a shared internal network.

1. Pre-Installation Cleanup

To prevent database corruption or "ghost" network conflicts, start with a clean environment.

  • Remove Existing Apps: Uninstall any previous Authentik or Postgres attempts via the CasaOS dashboard.
  • Clear AppData: Use the Files app to delete the AppData/big-bear-authentik folder.
  • Prune Ghost Networks: If an installation fails with a "Label" or "Network" error, use a terminal to run:
docker network prune

(Enter 'y' when prompted to remove unused custom networks.)

2. Installation via Big Bear App Store

Navigate to the App Store in CasaOS and select Authentik from the Big Bear repository. Before clicking "Install," you must adjust the settings for all four components.

A. Component: big-bear-authentik (Server)

  • Network: Select big-bear-authentik (or the longest available big-bear network name).
  • Ports: Add a new port mapping:
    • Host: 9000
    • Container: 9000
    • Protocol: TCP
  • Web UI: Ensure the URL is set to http://[IP]:9000.

B. Components: DB, Redis, and Worker

Navigate to the tabs for big-bear-authentik-db, big-bear-authentik-redis, and big-bear-authentik-worker.

  • Crucial Step: Change the Network on every single tab to match the one selected for the Server (big-bear-authentik).
  • Internal Communication: Do not map host ports for the DB or Redis; they communicate internally over the shared bridge network.

3. Post-Installation & Troubleshooting

The "Authentik Starting" Screen

Upon first boot, the server will display a black screen stating "authentik starting."

  • Cause: The server is running initial database migrations and building internal tables.
  • Action: Wait 3–5 minutes. Do not restart the containers during this phase.

Database "Unhealthy" Status

If the DB is marked unhealthy, it is usually due to a password mismatch in the environment variables.

  • Fix: Ensure POSTGRES_PASSWORD in the DB tab matches the AUTHENTIK_POSTGRESQL__PASSWORD in both the Server and Worker tabs.

4. Initial Admin Account Setup

Authentik does not ship with a default password for the akadmin user. You must trigger the initial setup flow.

  1. Navigate to: http://192.168.0.152:9000/if/flow/initial-setup/
  2. Set a strong master password for the akadmin account.
  3. Log in at the standard portal using:
    • Username: akadmin
    • Password: (The one you just created)

Summary of "What Worked"

Requirement Value / Selection
Shared Network big-bear-authentik (Set on all 4 tabs)
Primary Port 9000 (Mapped for HTTP access)
Worker Command worker
Setup URL /if/flow/initial-setup/

No comments to display

Back to top