Operations

Deploying self-hosted auth: an ops guide from zero to production

LM
Lisa Martinez · Jan 28, 2025 ·
Deploying self-hosted auth: an ops guide from zero to production

Deploying self-hosted auth: an ops guide from zero to production

As an IT and DevOps professional, managing a self-hosted authentication (auth) system is a critical task. In this guide, we'll walk you through deploying a production-ready auth deployment using Docker, systemd, Caddy, and Postgres. This setup includes backups, monitoring, and a checklist for a smooth transition to production.

Overview

Deploying a self-hosted auth system involves several key components, including Docker containers for the auth server, a PostgreSQL database, and a Caddy reverse proxy. This setup ensures high availability, scalability, and security.

Getting Started

Before you begin, ensure you have the necessary tools and dependencies installed on your server:

  • Docker
  • systemd
  • PostgreSQL
  • Caddy

Setting Up Docker

First, create a Dockerfile for your auth server. This file will define the environment and dependencies for your auth application:

Dockerfile
      # Use an official Node.js runtime as a parent image
      FROM node:14
      
      # Set the working directory in the container
      WORKDIR /usr/src/app
      
      # Copy package.json and package-lock.json files into the container at /usr/src/app
      COPY package*.json ./
      
      # Install any needed packages specified in package.json
      RUN npm install
      
      # Copy the rest of your application's source code into the container
      COPY . .
      
      # Make port 4000 available to the world outside this container
      EXPOSE 4000
      
      # Define environment variable
      ENV NODE_ENV=production
      
      # Start the app
      CMD ["npm", "start"]

Creating Systemd Service

Next, create a systemd service file for your Docker container:

[Unit]
      Description=Self-hosted Auth Service
      After=network.target
      
      [Service]
      User=youruser
      Group=yourgroup
      ExecStart=/usr/bin/docker start -d --name auth-service bastionary/auth-service
      Restart=on-failure
      
      [Install]
      WantedBy=multi-user.target

Setting Up Caddy

Install Caddy and configure it to route traffic to your auth service:

caddyfile
      {
          http {
              reverse_proxy / http://auth-service:4000
          }
      }

Configuring PostgreSQL

Set up a PostgreSQL database and configure it for your auth system:

docker run --name auth-db -e POSTGRES_USER=auth -e POSTGRES_PASSWORD=auth -e POSTGRES_DB=auth -d postgres

Backups and Monitoring

Implement regular backups and monitoring to ensure the stability and availability of your auth system:

  • Use a tool like pg_dump to create backups of your PostgreSQL database
  • Set up alerts for critical events using tools like Prometheus and Grafana

Checklist for Production-Ready Deployment

Before deploying your auth system to production, ensure you have the following items in place:

  • Backup strategy in place
  • Monitoring setup in place
  • Security measures in place (e.g., SSL/TLS, authentication)
  • Documentation and training for your team

Conclusion

Deploying a self-hosted auth system requires careful planning and execution. By using Docker, systemd, Caddy, and PostgreSQL, you can create a highly available, scalable, and secure auth deployment. With regular backups and monitoring, you can ensure the stability and availability of your system in production.