update authentik to 2026.5.2

[thieneret]

✍️ Description

I finally managed to finish the authentik update script. Sorry for the delay, but I don't have much time these days. Plus, there was a typo in my test configuration and it took me 2 days to find it. My fault. :(

So about the update:

• a few new dependencies have been introduced
• authentik recently changed the way it handles worker. Now the new handler needs to be compiled with Rust and this process needs more than 4GB of RAM, so the default amount of RAM for the container has increased to 8GB.
• During testing I have seen a few cases where the worker or server could not start because they were trying to use the same ports, so the port configuration is overridden in separate environment files for the worker and the server
• starting with version 2026.5.0, you do not need to type the /if/flow/initial-setup/ link for the initial setup on a new installation because it will automatically redirect you there
• In my experience, the initial setup is only accessible via https, so the default port has changed to 9443. After the initial setup, the http page is accessible on port 9000.

I can't find the JSON file in the repository to modify the necessary information.

🔗 Related Issue

✅ Prerequisites (X in brackets)

• Self-review completed – Code follows project standards.
• Tested thoroughly – Changes work as expected.
• No security risks – No hardcoded secrets, unnecessary privilege escalations, or permission issues.

---

🛠️ Type of Change (X in brackets)

• 🐞 Bug fix – Resolves an issue without breaking functionality.
• ✨ New feature – Adds new, non-breaking functionality.
• 💥 Breaking change – Alters existing functionality in a way that may require updates.
• 🆕 New script – A fully functional and tested script or script set.
• 🌍 Website update – Changes to script metadata (PocketBase/website data).
• 🔧 Refactoring / Code Cleanup – Improves readability or maintainability without changing functionality.
• 📝 Documentation update – Changes to README, AppName.md, CONTRIBUTING.md, or other docs.

[CrazyWolf13]

Suggested change

	CUR_VERSION="$(<"$HOME/.authentik")"
	IFS='.' read -ra PARTS <<< "${CUR_VERSION#version/}"
	MAJOR=${PARTS[0]}
	MINOR=${PARTS[1]}
	IFS='.' read -r MAJOR MINOR PATCH <<< "${$(<"$HOME/.authentik")#version/}"

Not tested, but possibly cleaner.

[thieneret]

Not working:

-bash: ${$(< "$HOME/.authentik")#version/}: bad substitution

[CrazyWolf13]

read -r MAJOR MINOR PATCH <<< "$(sed 's/^version\///; s/\./ /g' "$HOME/.authentik")" ?

[thieneret]

@CrazyWolf13 @MickLesk
Thank you for your advices.
Refactored and tested

[CrazyWolf13]

why does one need to review the port after an update?

[thieneret]

Previously, the port configuration was read from the /etc/authentik/config.yml file. The http, https, and metrics ports are valid for both the worker and the server. This is not a problem in a docker environment, since they run in two separate containers, but in our case they cause a conflict. During testing, I found that this conflict prevents the services from starting in some cases, so I created separate environment files for both the worker and the server, where the ports are overridden. If the user has modified the default ports, they must be transferred to the new environment file.

[CrazyWolf13]

okay I see. So essentially the ports stay the same unless the user customized them?

Also then there was an error in the script as port was noted to be 9000?

[thieneret]

The default http port is 9000, through which the service can be accessed. The default https port is 9443, through which the service can be accessed securely. However, as I wrote in the pull request description, starting with version 2026.5.2, the initial settings can only be made via https 9443, so at the end of the script I changed the port to 9443 and I would recommend changing this on the website as well. After the initial settings, the service can also be accessed via http 9000.

[MickLesk]

can you add this into PR Description? Its marked as "breaking change" so the users can look about it and see the recent big changes and why ?

[thieneret]

It's in the description, although not as detailed as here.
If you feel it's necessary, I can elaborate there as well.

[MickLesk]

@thieneret you can now use profiles for rust
#14872

Example:

RUST_PROFILE="minimal" RUST_TOOLCHAIN="stable" setup_rust

[thieneret]

RUST_TOOLCHAIN="stable" tested and working

[MickLesk]

maybe we add here setup_yq too if something broke in bashrc during update?

[thieneret]

Could you add it?