From d1ab7ebb8efbdd29c59d6345dea8c85e5e601bec Mon Sep 17 00:00:00 2001 From: Romain ROCHAS Date: Sun, 19 Oct 2025 20:59:24 +0200 Subject: [PATCH 1/4] Add Pocket ID template Add Docker Compose template for Pocket ID, a simple and secure OIDC provider with passkey authentication support. --- public/svgs/pocketid-logo.png | Bin 0 -> 4463 bytes templates/compose/pocket-id.yaml | 25 +++++++++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 public/svgs/pocketid-logo.png create mode 100644 templates/compose/pocket-id.yaml diff --git a/public/svgs/pocketid-logo.png b/public/svgs/pocketid-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..8aa7f00f905fe5b6885b8eb2db4a8fe2a969e32c GIT binary patch literal 4463 zcmZ`+XE|ze=_&zG8Bcp+Lk?Z@+G-f+0^oNG0PJ%Bj-XrEWdOXz0a&#LKrR)4t4}kV z9^8c-6pyvlRl)hiCl_D%8UUsUO;sf$--(T^KqC|5)^23K=lJpV_DonVf9~|6gG^dG z+pP&_40D;_bNh6$)baOHNy%c`>{d^cBy=?gAAVz9)*-(6c`TKFwbPP?)2_-$RMZfm zv@`M(*RDdP5!0gBb{J-8=$Yh;u^f~=KDJmpMlRJ4ZS7PHO}Cv+zQmXWy{tsx&y%4l)!a}{OqUoDs7&6TeYnH(7T0hT)nl7CgDl-_x6@MLrZrx7g}IqKswZTQ0VAc_I&JC z7*LDyj$txp^Bvb`&C_Cj%w;P~FznsZKRw;Imc1ar-CR-+Q-%xZ>ppq+8!JpmIzrr_WGsu|Hl%KcL z(Xdpiaw?CKFSvuT@#t{$ZRQ6q(*P}^=HJ}t?kF#)@vwURX3l$TPM2{+;5PC zWTA}VCy^&jkG9lpI9(QCO``jhyNM2TEG~b04!+)MS&#M$G7H@ytG8es)$_2yTKAhP z{=L`nJwE6qGbvgBjIE-K?Ry^UZroMj7o|qJoaa*`h3yzQhKi0vt{T1be>5fa-4#PZ zLhL8lCMUo9Xb}0623zIX*vxL_*rv1g8X3nbbqWYCtiX+9ZTy;*waFH!sNeE2Gvj>B zRLSURXs`R9pUsPrC60O$b0u+Jd#g37D4`KzaYe=OuEIkz4W4Uqs_ytdto9BLBS%)J zF{~n%I_HPm9g?D=aiP~3ZdCYZcD@vnfpG58k>8QI5(&N`NM2qNeF+^BqVc;-@5Ly*Q~C7Jo^r;#wzf8bxRTGv5Qs9w z-M`7rgtcqK-$_k^!9acF?C@I^NkN5d3c71i`R7+jfu`5aqORW^WQqZI)_v(_u3knk z|GIx6Z(`!%1m2O6o`Dg{d6cDW*8Ow|AJIQNP*wvV>y3XK;!)>bc%1i+1b|mQ4~-r^ z)QZo~*Jyl80eJcOOG-=MS>4@{{C-oY8h~LRXE!(8`*jx%xd0gm{(F;ieX>5DB0L-d z^OjHhZ^?69VuoyNi{JU_{z~Dydl!zviOI>8DW87}#A)5rNx-st((Bi@-{~bFZh2BZ zQ~S;Gy1E7x^f-@_%F2Xf5i7UG5ogF}o|Kftf_%n*G12PRVnfN3vS!GBWqOWx&#{j) zhk>GQXD6rJa6NhZ=#G7erIKP|VuayWU_ied*&B44k@8=-uCA`6^8g!U&ySv+9t-{@ zb79LGo11G3#w$P+iEWu^4QxiA(*jU5)a3W)w%Yl+BNWmjn9{Gt8GLLG*?wgiNH={~ zSCP@LU-fl$=`EW7iRIwnD8l2Xyq?MEm?7vvK< z!^5K5)JA+gn@@*_XFCM>;0X-ZWKbd^A`uk14GpQ!KSM-LP#hf_ySK2guse{a#xmX( zY_(aP_es!j`BU#}ueC7|6_~z-h3+qEYH0ml7ys?_!5q&@cEa^3);Yq*FtqDE3g|d= zkPMHEC<_sZx}!D>z_-H0VWrBRTlOBCb-iJLGEBC#gpN|l%}ta%G6DwDNQ%nK3(3)F z?s%V*=hR*+BR4%7A4QPl=I4JhGR^~pss0e8`$&52lU`Pq`Cq=LQn5J2J+{EpKi?wK zDPlPlxj_#NAta0vKcTET?owm7VxXcMX7c_KHLxSg?OWN^)YCPl>g(^9paaKy8>FC$ zWcbGq9X(OAndGrPF7ZyD;2PO)CR2>Mkt$Vrk9{V(_ZC(VMWaA0Qei2Re43*bj@rs zU$0=H0WGCz)eh_qbSF|aQB^A^Cjo$$78t%xq?2NZjg3{Hgf@*0dJt;ldM}u<@;W=g zTm-}qWul9oiMO**0Sz*O=a8a%Dm?0%^Z*mjM{;s9_a44r2uc ziG`dvHn-9AQGmjEEHf&eyrMYXzUOVO&t&gDt;5B|6#=Z9H0AD*0%S2BpT(U4?{KV) zkBh^_#LysO&Nc)TNkA1>w6KUs!P|~Ve|a}0P@NH=9Hy7 zg&%m}O*T<=!*z)A*jS^G>xD4lA}j1 z94fv1R!+R^xi}L9MPAQPm0!<3vBxwD{yh5KFSfGjzX>s2?wa5OJ!JIR?vi2}49j)L zCtVaeRVjaZ1#)&}%B~2RvMGo{lrksq2?`#r^)nPWpHX3C$MtO7KRTF;*G-cEg#L%M zO-uIe*Yon0`xg2mvd7qqrRaco#Vv&c>-f1CHtCo5Gw-6uQ{#9P?=!poSOb8SJhz}A z{GPh{zDyZ!WSEDC2OTF-%=80d^z$n~P?z)H6Q*D5B=;y`+FeVrM9ll3&}hNfs2GIn zAOK<|+grhfeE1esTTAELQj(HvqPV3LVfaS5BG|6FC=I-k?@TLoW8w=}SDjTlJ*$eM zd{Nk9PYU4sEbF8o#cK0U`2wLryvb`N(dK7ySsAW3IvO{`4rXpjA(6yHg*WP@%EP^v z1?ZTy)zvAXt@mFLwFB17z}eY(dDfDpJ@8+#GAs8ev%bE*<>}+iYSoKn6<1XycIl-K z7alm=J!=@6Yj`%tNp$lg0X(ZO#9DJ-DFrsmN&Y1>zO*p>L;?{o4d_5B6E-i8zy8xf zu)^vo@yi#bt(F~za0U(?lRkD}J;UEHiCL?2RluA{I1cI$j8`UW1%Vkgk%ukgB5;MB z^=ixDy{0C)rr;kkhVH)5L{HK)HkmoOxO81Ve6aN2EGfCIm5J!|h-L&WMRj%3Gz`?w zv|pYpJSIy@IWITOZmz3K9$^)|AuFZ$=lM{D;zrQMGncwX& zu}zc{3x4_ zAKYuR9g)W;mFD{TsQq|OfzJUv-~bhT)^FuRfS~c-qpPEMzwEuee@foJ&o`BJ$(>P< zT!R!uuK7fZJuSJfwMd}HJ7Rgpdrly8LK?yVZ;V86a>^y_ej zd#mO-9D`6};B+|T;0D$(pr9C>4U-?2vA|tE*T{aj^yh@QMM4CUFjkSn5lPi+e}Zsi90>HV}y8Q4b{n7?SZyTgppx zpof+)qTm%8L4sW&iPFV0-WSM}W-)0VW2@9sbYQx#@r~3E@k-GSoPQ zkdXopScUhRN!9*u#9cO!%8fNey48HWc?p_u*NM{im*)^);|2Wd*q8xClZmvThZ<#X zf3s6JGin|Np`ZTxspiqJA_^ch0~Ts2=18HsLyIyoVZ8(e(-Nu{`V-79UhUR9Dh8++ zWBV8QGp6D`U4ZpXO(XMR;5Y15M#hW(HSidTM4AiS`Nst7 z7p?&dh%U0VI2TA4_F>2=80u7ids^B+n$S$|Yy8d)H7b|5j}D4|j7Oo1G1}r7rZs&* znvBMuhRlzrxKiYs--6M9gX7yVcPK7Pr%f6MpUc0j1Y_#5MtmNC#HD2ZDnBF;t=$r) zxM`@Y4R4;uzu({AR8(5>qWYJt;+Y=C`@a9R0Tmkk=VpljBxLDs19Gb)Ad&dHqc}`mnLCyPFEDEwOp(6S8f>Iavb+SCkZu<^NOU2Y(wh|8HbNTdE_tjk&cG`p<+ zk!<9GVT1Zjy38D+r+|ebVK9w)p_`4?E}gZw#QEiP1YCQ?rN Date: Sun, 19 Oct 2025 21:34:26 +0200 Subject: [PATCH 2/4] Add Pocket ID with PostgreSQL template Add variant of Pocket ID template with PostgreSQL database support for better scalability and production use. --- .../compose/pocket-id-with-postgresql.yaml | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 templates/compose/pocket-id-with-postgresql.yaml diff --git a/templates/compose/pocket-id-with-postgresql.yaml b/templates/compose/pocket-id-with-postgresql.yaml new file mode 100644 index 000000000..46760d124 --- /dev/null +++ b/templates/compose/pocket-id-with-postgresql.yaml @@ -0,0 +1,45 @@ +# documentation: https://pocket-id.org/docs/setup/installation +# slogan: A simple and secure OIDC provider with passkey authentication +# category: auth +# tags: identity,oidc,oauth,passkey,webauthn,authentication,sso,openid,postgresql +# logo: svgs/pocketid-logo.png +# port: 1411 + +services: + pocket-id: + image: ghcr.io/pocket-id/pocket-id:v1.13 + environment: + - SERVICE_URL_POCKETID_1411 + - APP_URL=${SERVICE_URL_POCKETID} + - TRUST_PROXY=${TRUST_PROXY:-true} + - DB_PROVIDER=postgres + - DB_CONNECTION_STRING=postgresql://${SERVICE_USER_POSTGRESQL}:${SERVICE_PASSWORD_POSTGRESQL}@postgresql:5432/${POSTGRES_DB:-pocketid} + - ENCRYPTION_KEY=${SERVICE_PASSWORD_64_POCKETID} + - KEYS_STORAGE=${KEYS_STORAGE:-database} + - MAXMIND_LICENSE_KEY=${MAXMIND_LICENSE_KEY} + - PUID=${PUID:-1000} + - PGID=${PGID:-1000} + volumes: + - pocket-id-data:/app/data + healthcheck: + test: ["CMD", "/app/pocket-id", "healthcheck"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 10s + depends_on: + postgresql: + condition: service_healthy + postgresql: + image: postgres:16-alpine + volumes: + - pocket-id-postgresql-data:/var/lib/postgresql/data + environment: + - POSTGRES_USER=${SERVICE_USER_POSTGRESQL} + - POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL} + - POSTGRES_DB=${POSTGRES_DB:-pocketid} + healthcheck: + test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"] + interval: 5s + timeout: 20s + retries: 10 From 2ae3d1b99b0acdc8690981783fafb51261f8021f Mon Sep 17 00:00:00 2001 From: Romain ROCHAS Date: Sun, 19 Oct 2025 21:35:18 +0200 Subject: [PATCH 3/4] Add SMTP configuration to Pocket ID with PostgreSQL template Include SMTP settings for email notifications and one-time access features. --- templates/compose/pocket-id-with-postgresql.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/templates/compose/pocket-id-with-postgresql.yaml b/templates/compose/pocket-id-with-postgresql.yaml index 46760d124..b620bec21 100644 --- a/templates/compose/pocket-id-with-postgresql.yaml +++ b/templates/compose/pocket-id-with-postgresql.yaml @@ -17,6 +17,16 @@ services: - ENCRYPTION_KEY=${SERVICE_PASSWORD_64_POCKETID} - KEYS_STORAGE=${KEYS_STORAGE:-database} - MAXMIND_LICENSE_KEY=${MAXMIND_LICENSE_KEY} + - SMTP_HOST=${SMTP_HOST} + - SMTP_PORT=${SMTP_PORT:-587} + - SMTP_FROM=${SMTP_FROM} + - SMTP_USER=${SMTP_USER} + - SMTP_PASSWORD=${SMTP_PASSWORD} + - SMTP_TLS=${SMTP_TLS:-starttls} + - SMTP_SKIP_CERT_VERIFY=${SMTP_SKIP_CERT_VERIFY:-false} + - EMAIL_LOGIN_NOTIFICATION_ENABLED=${EMAIL_LOGIN_NOTIFICATION_ENABLED:-false} + - EMAIL_ONE_TIME_ACCESS_AS_ADMIN_ENABLED=${EMAIL_ONE_TIME_ACCESS_AS_ADMIN_ENABLED:-false} + - EMAIL_API_KEY_EXPIRATION_ENABLED=${EMAIL_API_KEY_EXPIRATION_ENABLED:-false} - PUID=${PUID:-1000} - PGID=${PGID:-1000} volumes: From 9355cb2893bc3e818722aa2c1cc1177c2783c23a Mon Sep 17 00:00:00 2001 From: Romain ROCHAS Date: Sun, 19 Oct 2025 21:35:49 +0200 Subject: [PATCH 4/4] Add SMTP configuration to Pocket ID template Include SMTP settings for email notifications and one-time access features. --- templates/compose/pocket-id.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/templates/compose/pocket-id.yaml b/templates/compose/pocket-id.yaml index bc4409c53..10adfd025 100644 --- a/templates/compose/pocket-id.yaml +++ b/templates/compose/pocket-id.yaml @@ -13,6 +13,16 @@ services: - APP_URL=${SERVICE_URL_POCKETID} - TRUST_PROXY=${TRUST_PROXY:-true} - MAXMIND_LICENSE_KEY=${MAXMIND_LICENSE_KEY} + - SMTP_HOST=${SMTP_HOST} + - SMTP_PORT=${SMTP_PORT:-587} + - SMTP_FROM=${SMTP_FROM} + - SMTP_USER=${SMTP_USER} + - SMTP_PASSWORD=${SMTP_PASSWORD} + - SMTP_TLS=${SMTP_TLS:-starttls} + - SMTP_SKIP_CERT_VERIFY=${SMTP_SKIP_CERT_VERIFY:-false} + - EMAIL_LOGIN_NOTIFICATION_ENABLED=${EMAIL_LOGIN_NOTIFICATION_ENABLED:-false} + - EMAIL_ONE_TIME_ACCESS_AS_ADMIN_ENABLED=${EMAIL_ONE_TIME_ACCESS_AS_ADMIN_ENABLED:-false} + - EMAIL_API_KEY_EXPIRATION_ENABLED=${EMAIL_API_KEY_EXPIRATION_ENABLED:-false} - PUID=${PUID:-1000} - PGID=${PGID:-1000} volumes: