Deploying Authorizer to Fly.io
An easy way to run your own auth server.
4 min read
When we create applications, a lot of time will be spent just creating authentication features. If you add more login feature such as OAuth, SAML, etc it will add more effort and cost. Auth0, Okta, OneLogin, AWS Cognito, or other similar services are quick solutions to this problem. But if you are paranoid about privacy, you will definitely prefer to use on-prem services.
Currently, several authentication application options are available for free, some of them are Open Source. Keycloack, FusionAuth, Gluu, and Ory are some examples. From my experience trying those products, they have complete documentation but the installation and deployment process not as easy as snapping a finger.
A couple of weeks ago, when I was browsing Product Hunt there was a new product named Authorizer. Then I was curious to try this one. The official documentation provides instructions to install or deploy Authorizer at various services like Heroku, Render, and Railway. I want to try to deploy it to Fly.io, unfortunately, I can't find the documentation, and I still have not found a tutorial about this. So, I do a little experiment, and here's the result.
For more information about Authorizer visit authorizer.dev For more information about Fly.io visit fly.io/docs
- A PC or laptop (absolutely)
- Your favorite Terminal
- A cup of coffee or your favorite drink
- A Fly.io account
I'm using macOS, you'll need to adapt some commands to the OS you're using.
Step 1 : Installing Fly.io CLI
brew install flyctl
curl -L https://fly.io/install.sh | sh
iwr https://fly.io/install.ps1 -useb | iex
Step 2 : Login to Fly.io
Make sure you already have a Fly.io account.
flyctl auth login
Step 3 : Create Fly.io app for Authorizer
Create a directory for the workspace and move to your created directory.
flyctl launch --org personal --name authorizer --region lax --no-deploy
Note: in this sample I created an app named
lax region and
personal organization. For more information about Fly.io regions read this documentation.
Step 4 : Configure the
You will find a new file
fly.toml. This file is the deploy configuration file for Fly.io.
Add this part to
[build] image = "lakhansamani/authorizer:latest" [experimental] private_network = true cmd = ["./build/server", "--database_type=postgres"] allowed_public_ports =  auto_rollback = true [env] PORT = "8080" FLY_REGION = "sin"
8080 inside the
[[services]] section just like this:
[[services]] internal_port = 8080 processes = ["app"] protocol = "tcp" script_checks = 
fly.toml file will become like this:
app = "authorizer" kill_signal = "SIGINT" kill_timeout = 5 processes =  [build] image = "lakhansamani/authorizer:latest" [experimental] private_network = true cmd = ["./build/server", "--database_type=postgres"] auto_rollback = true [env] PORT = "8080" FLY_REGION = "sin" [[services]] internal_port = 8080 processes = ["app"] protocol = "tcp" script_checks =  [services.concurrency] type = "connections" hard_limit = 25 soft_limit = 20 [[services.ports]] force_https = true handlers = ["http"] port = 80 [[services.ports]] handlers = ["tls", "http"] port = 443 [[services.tcp_checks]] grace_period = "1s" interval = "15s" restart_limit = 0 timeout = "2s"
Step 5 : Prepare the database
We will use Postgres for the database. Run this command to create a Postgres instance at Fly.io:
flyctl postgres create \ --organization personal \ --name authorizer-db \ --initial-cluster-size 1 \ --password $(openssl rand -hex 8) \ --region lax \ --vm-size shared-cpu-1x \ --volume-size 3
To connecting the Postgres database, we need to attach by using this command:
flyctl postgres attach --postgres-app authorizer-db
This command will add an environment variable
DATABASE_URL. You don't need to remove or change the variable name because this variable name is same with the required Authorizer envar.
Step 6 : Deploy
Before we deploy the app, we need to change some configuration. Luckily Authorizer makes this easy by using envar. Then, we need to generate a random string for
ADMIN_SECRET. This secret is used for authentication to the admin console.
You can use
openssl, for example:
openssl rand -base64 500 | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1
Add some environment variables to our Fly.io app:
flyctl secrets set \ ENV="production" \ ADMIN_SECRET=CHANGE_THIS_BY_WHATEVER_YOU_WANT \ DATABASE_TYPE="postgres" \ SENDER_EMAIL=CHANGE_THIS \ SMTP_HOST=CHANGE_THIS \ SMTP_PASSWORD=CHANGE_THIS \ SMTP_PORT=587 \ SMTP_USERNAME=CHANGE_THIS \ ORGANIZATION_NAME="Feelantera" \ URL="https://authorizer.fly.dev"
Find out more about Environment Variables here.
Finally, deploy the app by execute this command:
After the deployment process has been finish, check the application logs:
Remember: every time you make a change to the envars, Fly.io will redeploy your app.
Congratulation, you have an authentication service for your application! Open
https://authorizer.fly.dev and use
ADMIN_SECRET for the authentication password.