Dokploy

Zitadel

Open-source identity and access management platform with multi-tenancy, OpenID Connect, SAML, and OAuth 2.0 support.

Zitadel logo

Configuration

version: '3.8'

services:
  zitadel:
    restart: 'always'
    image: 'ghcr.io/zitadel/zitadel:latest'
    command: 'start-from-init --masterkey "${ZITADEL_MASTERKEY}" --tlsMode disabled'
    environment:
      # Database Configuration
      ZITADEL_DATABASE_POSTGRES_HOST: db
      ZITADEL_DATABASE_POSTGRES_PORT: 5432
      ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: "${POSTGRES_PASSWORD}"
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: "${POSTGRES_PASSWORD}"
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable

      # External Configuration for HTTP only - TLS mode disabled
      ZITADEL_EXTERNALSECURE: false
      ZITADEL_EXTERNALPORT: 8080
      ZITADEL_EXTERNALDOMAIN: "${EXTERNAL_DOMAIN}"
      ZITADEL_TLS_ENABLED: false

      # Disable Email Notifications
      ZITADEL_NOTIFICATIONS_SMTP_HOST: ""
      ZITADEL_NOTIFICATIONS_SMTP_PORT: ""

      # Custom Admin User Configuration
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME: "${ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME}"
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD: "${ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD}"
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_EMAIL_ADDRESS: "${ZITADEL_FIRSTINSTANCE_ORG_HUMAN_EMAIL_ADDRESS}"
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_FIRSTNAME: "${ZITADEL_FIRSTINSTANCE_ORG_HUMAN_FIRSTNAME}"
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_LASTNAME: "${ZITADEL_FIRSTINSTANCE_ORG_HUMAN_LASTNAME}"

      # Default Instance Features
      ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED: false

    depends_on:
      db:
        condition: 'service_healthy'
    ports:
      - '8080'
    volumes:
      - zitadel_data:/app/data

  db:
    restart: 'always'
    image: postgres:17-alpine
    environment:
      PGUSER: postgres
      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
      POSTGRES_DB: zitadel
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "postgres"]
      interval: '10s'
      timeout: '30s'
      retries: 5
      start_period: '20s'

volumes:
  postgres_data:
  zitadel_data:
[variables]
main_domain = "${domain}"
postgres_password = "${password:32}"
zitadel_masterkey = "${password:32}"
admin_username = "${username}"
admin_email = "${email}"
admin_password = "AdminPassword123!"

[config]
[[config.domains]]
serviceName = "zitadel"
port = 8080
host = "${main_domain}"
path = "/"

[config.env]
POSTGRES_PASSWORD = "${postgres_password}"
ZITADEL_MASTERKEY = "${zitadel_masterkey}"
EXTERNAL_DOMAIN = "${main_domain}"

# Custom Admin User Configuration
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME = "${admin_username}"
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD = "${admin_password}"
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_EMAIL_ADDRESS = "${admin_email}"
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_FIRSTNAME = "Admin"
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_LASTNAME = "User"

[[config.mounts]]

Base64

To import this template in Dokploy: create a Compose service → AdvancedBase64 import and paste the content below:

ewogICJjb21wb3NlIjogInZlcnNpb246ICczLjgnXG5cbnNlcnZpY2VzOlxuICB6aXRhZGVsOlxuICAgIHJlc3RhcnQ6ICdhbHdheXMnXG4gICAgaW1hZ2U6ICdnaGNyLmlvL3ppdGFkZWwveml0YWRlbDpsYXRlc3QnXG4gICAgY29tbWFuZDogJ3N0YXJ0LWZyb20taW5pdCAtLW1hc3RlcmtleSBcIiR7WklUQURFTF9NQVNURVJLRVl9XCIgLS10bHNNb2RlIGRpc2FibGVkJ1xuICAgIGVudmlyb25tZW50OlxuICAgICAgIyBEYXRhYmFzZSBDb25maWd1cmF0aW9uXG4gICAgICBaSVRBREVMX0RBVEFCQVNFX1BPU1RHUkVTX0hPU1Q6IGRiXG4gICAgICBaSVRBREVMX0RBVEFCQVNFX1BPU1RHUkVTX1BPUlQ6IDU0MzJcbiAgICAgIFpJVEFERUxfREFUQUJBU0VfUE9TVEdSRVNfREFUQUJBU0U6IHppdGFkZWxcbiAgICAgIFpJVEFERUxfREFUQUJBU0VfUE9TVEdSRVNfVVNFUl9VU0VSTkFNRTogeml0YWRlbFxuICAgICAgWklUQURFTF9EQVRBQkFTRV9QT1NUR1JFU19VU0VSX1BBU1NXT1JEOiBcIiR7UE9TVEdSRVNfUEFTU1dPUkR9XCJcbiAgICAgIFpJVEFERUxfREFUQUJBU0VfUE9TVEdSRVNfVVNFUl9TU0xfTU9ERTogZGlzYWJsZVxuICAgICAgWklUQURFTF9EQVRBQkFTRV9QT1NUR1JFU19BRE1JTl9VU0VSTkFNRTogcG9zdGdyZXNcbiAgICAgIFpJVEFERUxfREFUQUJBU0VfUE9TVEdSRVNfQURNSU5fUEFTU1dPUkQ6IFwiJHtQT1NUR1JFU19QQVNTV09SRH1cIlxuICAgICAgWklUQURFTF9EQVRBQkFTRV9QT1NUR1JFU19BRE1JTl9TU0xfTU9ERTogZGlzYWJsZVxuXG4gICAgICAjIEV4dGVybmFsIENvbmZpZ3VyYXRpb24gZm9yIEhUVFAgb25seSAtIFRMUyBtb2RlIGRpc2FibGVkXG4gICAgICBaSVRBREVMX0VYVEVSTkFMU0VDVVJFOiBmYWxzZVxuICAgICAgWklUQURFTF9FWFRFUk5BTFBPUlQ6IDgwODBcbiAgICAgIFpJVEFERUxfRVhURVJOQUxET01BSU46IFwiJHtFWFRFUk5BTF9ET01BSU59XCJcbiAgICAgIFpJVEFERUxfVExTX0VOQUJMRUQ6IGZhbHNlXG5cbiAgICAgICMgRGlzYWJsZSBFbWFpbCBOb3RpZmljYXRpb25zXG4gICAgICBaSVRBREVMX05PVElGSUNBVElPTlNfU01UUF9IT1NUOiBcIlwiXG4gICAgICBaSVRBREVMX05PVElGSUNBVElPTlNfU01UUF9QT1JUOiBcIlwiXG5cbiAgICAgICMgQ3VzdG9tIEFkbWluIFVzZXIgQ29uZmlndXJhdGlvblxuICAgICAgWklUQURFTF9GSVJTVElOU1RBTkNFX09SR19IVU1BTl9VU0VSTkFNRTogXCIke1pJVEFERUxfRklSU1RJTlNUQU5DRV9PUkdfSFVNQU5fVVNFUk5BTUV9XCJcbiAgICAgIFpJVEFERUxfRklSU1RJTlNUQU5DRV9PUkdfSFVNQU5fUEFTU1dPUkQ6IFwiJHtaSVRBREVMX0ZJUlNUSU5TVEFOQ0VfT1JHX0hVTUFOX1BBU1NXT1JEfVwiXG4gICAgICBaSVRBREVMX0ZJUlNUSU5TVEFOQ0VfT1JHX0hVTUFOX0VNQUlMX0FERFJFU1M6IFwiJHtaSVRBREVMX0ZJUlNUSU5TVEFOQ0VfT1JHX0hVTUFOX0VNQUlMX0FERFJFU1N9XCJcbiAgICAgIFpJVEFERUxfRklSU1RJTlNUQU5DRV9PUkdfSFVNQU5fRklSU1ROQU1FOiBcIiR7WklUQURFTF9GSVJTVElOU1RBTkNFX09SR19IVU1BTl9GSVJTVE5BTUV9XCJcbiAgICAgIFpJVEFERUxfRklSU1RJTlNUQU5DRV9PUkdfSFVNQU5fTEFTVE5BTUU6IFwiJHtaSVRBREVMX0ZJUlNUSU5TVEFOQ0VfT1JHX0hVTUFOX0xBU1ROQU1FfVwiXG4gICAgICBcbiAgICAgICMgRGVmYXVsdCBJbnN0YW5jZSBGZWF0dXJlc1xuICAgICAgWklUQURFTF9ERUZBVUxUSU5TVEFOQ0VfRkVBVFVSRVNfTE9HSU5WMl9SRVFVSVJFRDogZmFsc2VcblxuICAgIGRlcGVuZHNfb246XG4gICAgICBkYjpcbiAgICAgICAgY29uZGl0aW9uOiAnc2VydmljZV9oZWFsdGh5J1xuICAgIHBvcnRzOlxuICAgICAgLSAnODA4MCdcbiAgICB2b2x1bWVzOlxuICAgICAgLSB6aXRhZGVsX2RhdGE6L2FwcC9kYXRhXG5cbiAgZGI6XG4gICAgcmVzdGFydDogJ2Fsd2F5cydcbiAgICBpbWFnZTogcG9zdGdyZXM6MTctYWxwaW5lXG4gICAgZW52aXJvbm1lbnQ6XG4gICAgICBQR1VTRVI6IHBvc3RncmVzXG4gICAgICBQT1NUR1JFU19QQVNTV09SRDogXCIke1BPU1RHUkVTX1BBU1NXT1JEfVwiXG4gICAgICBQT1NUR1JFU19EQjogeml0YWRlbFxuICAgIHZvbHVtZXM6XG4gICAgICAtIHBvc3RncmVzX2RhdGE6L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhXG4gICAgaGVhbHRoY2hlY2s6XG4gICAgICB0ZXN0OiBbXCJDTUQtU0hFTExcIiwgXCJwZ19pc3JlYWR5XCIsIFwiLWRcIiwgXCJ6aXRhZGVsXCIsIFwiLVVcIiwgXCJwb3N0Z3Jlc1wiXVxuICAgICAgaW50ZXJ2YWw6ICcxMHMnXG4gICAgICB0aW1lb3V0OiAnMzBzJ1xuICAgICAgcmV0cmllczogNVxuICAgICAgc3RhcnRfcGVyaW9kOiAnMjBzJ1xuXG52b2x1bWVzOlxuICBwb3N0Z3Jlc19kYXRhOlxuICB6aXRhZGVsX2RhdGE6IiwKICAiY29uZmlnIjogIlt2YXJpYWJsZXNdXG5tYWluX2RvbWFpbiA9IFwiJHtkb21haW59XCJcbnBvc3RncmVzX3Bhc3N3b3JkID0gXCIke3Bhc3N3b3JkOjMyfVwiXG56aXRhZGVsX21hc3RlcmtleSA9IFwiJHtwYXNzd29yZDozMn1cIlxuYWRtaW5fdXNlcm5hbWUgPSBcIiR7dXNlcm5hbWV9XCJcbmFkbWluX2VtYWlsID0gXCIke2VtYWlsfVwiXG5hZG1pbl9wYXNzd29yZCA9IFwiQWRtaW5QYXNzd29yZDEyMyFcIlxuXG5bY29uZmlnXVxuW1tjb25maWcuZG9tYWluc11dXG5zZXJ2aWNlTmFtZSA9IFwieml0YWRlbFwiXG5wb3J0ID0gODA4MFxuaG9zdCA9IFwiJHttYWluX2RvbWFpbn1cIlxucGF0aCA9IFwiL1wiXG5cbltjb25maWcuZW52XVxuUE9TVEdSRVNfUEFTU1dPUkQgPSBcIiR7cG9zdGdyZXNfcGFzc3dvcmR9XCJcblpJVEFERUxfTUFTVEVSS0VZID0gXCIke3ppdGFkZWxfbWFzdGVya2V5fVwiXG5FWFRFUk5BTF9ET01BSU4gPSBcIiR7bWFpbl9kb21haW59XCJcblxuIyBDdXN0b20gQWRtaW4gVXNlciBDb25maWd1cmF0aW9uXG5aSVRBREVMX0ZJUlNUSU5TVEFOQ0VfT1JHX0hVTUFOX1VTRVJOQU1FID0gXCIke2FkbWluX3VzZXJuYW1lfVwiXG5aSVRBREVMX0ZJUlNUSU5TVEFOQ0VfT1JHX0hVTUFOX1BBU1NXT1JEID0gXCIke2FkbWluX3Bhc3N3b3JkfVwiXG5aSVRBREVMX0ZJUlNUSU5TVEFOQ0VfT1JHX0hVTUFOX0VNQUlMX0FERFJFU1MgPSBcIiR7YWRtaW5fZW1haWx9XCJcblpJVEFERUxfRklSU1RJTlNUQU5DRV9PUkdfSFVNQU5fRklSU1ROQU1FID0gXCJBZG1pblwiXG5aSVRBREVMX0ZJUlNUSU5TVEFOQ0VfT1JHX0hVTUFOX0xBU1ROQU1FID0gXCJVc2VyXCJcblxuW1tjb25maWcubW91bnRzXV1cbiIKfQ==

Tags

identity, authentication, authorization, iam, security, oauth, openid-connect, saml, multi-tenant

Version: latest

Zipline

A ShareX/file upload server that is easy to use, packed with features, and with an easy setup!

On this page

ConfigurationBase64LinksTags