authentik-worker ghcr.io/goauthentik/server:2025.8.1 https://github.com/goauthentik/authentik bridge sh false https://github.com/goauthentik/authentik/issues https://goauthentik.io The Authentik worker container processes background jobs, scheduled tasks, and asynchronous operations for the server. It handles actions such as sending emails, running LDAP/SCIM syncs, processing login events, and managing provisioning. Network:Management Security: Tools:Utilities https://raw.githubusercontent.com/zuerrex/unraid-templates/refs/heads/main/my-authentik-worker.xml https://raw.githubusercontent.com/Zuerrex/icons/main/authentik.png --user root worker The worker runs alongside the server and connects to the same PostgreSQL (16 and above) and Redis instances. It depends on PostgreSQL and Redis, install them first. Running as non-root If you remove --user root from Extra Parameters, you must ensure file/share permissions are handled manually so the worker can read/write any mapped paths. Docker socket options (choose ONE): 1- Direct socket (easiest, least safe): Map /var/run/docker.sock and set the socket path in the template. This gives Authentik broad Docker control - use only in trusted environments. 2- Socket-proxy: Point Authentik’s Outpost Integration to your proxy and enable only the endpoints needed for outpost lifecycle: IMAGES=1, CONTAINERS=1, POST=1, INFO=1, VERSION=1 Type: Docker Service-Connection, URL: http://socket-proxy:2375, Local: toggled off 3- No socket (recommended): Don’t expose Docker Socket at all. Manage outposts manually from Authentik (create/update/remove them yourself). redis postgresql postgres authentik /mnt/user/appdata/authentik/media /mnt/user/appdata/authentik/certs /mnt/user/appdata/authentik/templates true smtp.gmail.com 587 true false 10