Deploying Authorizer to Fly.io

When we create applications, a lot of time will be spent just creating authentication features. If you add more login feature such as OAuth, SAML, etc it will add more effort and cost. Auth0, Okta, OneLogin, AWS Cognito, or other similar services are quick solutions to this problem. But if you are paranoid about privacy, you will definitely prefer to use on-prem services.

Currently, several authentication application options are available for free, some of them are Open Source. Keycloack, FusionAuth, Gluu, and Ory are some examples. From my experience trying those products, they have complete documentation but the installation and deployment process not as easy as snapping a finger.

A couple of weeks ago, when I was browsing Product Hunt there was a new product named Authorizer. Then I was curious to try this one. The official documentation provides instructions to install or deploy Authorizer at various services like Heroku, Render, and Railway. I want to try to deploy it to Fly.io, unfortunately, I can't find the documentation, and I still have not found a tutorial about this. So, I do a little experiment, and here's the result.

For more information about Authorizer visit https://authorizer.dev For more information about Fly.io visit https://fly.io/docs

Prerequisites

• A PC or laptop (absolutely)
• Your favorite Terminal
• A cup of coffee or your favorite drink
• A Fly.io account

I'm using macOS, you'll need to adapt some commands to the OS you're using.

Step 1 : Installing Fly.io CLI

macOS

brew install flyctl

Linux

curl -L https://fly.io/install.sh | sh

Windows

iwr https://fly.io/install.ps1 -useb | iex

Step 2 : Login to Fly.io

Make sure you already have a Fly.io account.

flyctl auth login

Step 3 : Create Fly.io app for Authorizer

Create a directory for the workspace and move to your created directory.

flyctl launch --org personal --name authorizer --region lax --no-deploy

Note: in this sample I created an app named authorizer at lax region and personal organization. For more information about Fly.io regions read this documentation.

Step 4 : Configure the fly.toml file

You will find a new file fly.toml. This file is the deploy configuration file for Fly.io.

Add this part to fly.toml file:

[build]
image = "lakhansamani/authorizer:latest"

[experimental]
private_network = true
cmd = ["./build/server", "--database_type=postgres"]
allowed_public_ports = []
auto_rollback = true

[env]
  PORT = "8080"
  FLY_REGION = "sin"

Then change internal_port to 8080 inside the [[services]] section just like this:

[[services]]
  internal_port = 8080
  processes = ["app"]
  protocol = "tcp"
  script_checks = []

The complete fly.toml file will become like this:

app = "authorizer"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []

[build]
image = "lakhansamani/authorizer:latest"

[experimental]
private_network = true
cmd = ["./build/server", "--database_type=postgres"]
auto_rollback = true

[env]
  PORT = "8080"
  FLY_REGION = "sin"

[[services]]
  internal_port = 8080
  processes = ["app"]
  protocol = "tcp"
  script_checks = []

  [services.concurrency]
    type = "connections"
    hard_limit = 25
    soft_limit = 20

  [[services.ports]]
    force_https = true
    handlers = ["http"]
    port = 80

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

Step 5 : Prepare the database

We will use Postgres for the database. Run this command to create a Postgres instance at Fly.io:

flyctl postgres create \
  --organization personal \
  --name authorizer-db \
  --initial-cluster-size 1 \
  --password $(openssl rand -hex 8) \
  --region lax \
  --vm-size shared-cpu-1x \
  --volume-size 3

To connecting the Postgres database, we need to attach by using this command:

flyctl postgres attach --postgres-app authorizer-db

This command will add an environment variable DATABASE_URL. You don't need to remove or change the variable name because this variable name is same with the required Authorizer envar.

Step 6 : Deploy

Before we deploy the app, we need to change some configuration. Luckily Authorizer makes this easy by using envar. Then, we need to generate a random string for ADMIN_SECRET. This secret is used for authentication to the admin console.

You can use openssl, for example:

openssl rand -base64 500 | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1

Add some environment variables to our Fly.io app:

flyctl secrets set \
    ENV="production" \
    ADMIN_SECRET=CHANGE_THIS_BY_WHATEVER_YOU_WANT \
    DATABASE_TYPE="postgres" \
    SENDER_EMAIL=CHANGE_THIS \
    SMTP_HOST=CHANGE_THIS \
    SMTP_PASSWORD=CHANGE_THIS \
    SMTP_PORT=587 \
    SMTP_USERNAME=CHANGE_THIS \
    ORGANIZATION_NAME="Feelantera" \
    URL="https://authorizer.fly.dev"

Find out more about Environment Variables here.

Finally, deploy the app by execute this command:

flyctl deploy

After the deployment process has been finish, check the application logs:

flyctl logs

Remember: every time you make a change to the envars, Fly.io will redeploy your app.

Congratulation, you have an authentication service for your application! Open https://authorizer.fly.dev and use ADMIN_SECRET for the authentication password.