Authgear
Start BuildingHomePortalCommunity
  • Authgear Overview
  • Get Started
    • Start Building
    • 5-Minute Guide
    • Single-Page App
      • JavaScript (Web)
      • React
      • Angular
      • Vue
    • Native/Mobile App
      • iOS SDK
      • Android SDK
        • Android Kotlin coroutine support
        • Android OKHttp Interceptor Extension (Optional)
      • Flutter SDK
      • React Native SDK
      • Ionic SDK
      • Xamarin SDK
      • Using Authgear without SDK (Client side)
    • Regular Web App
      • Express
      • Next.js
      • Python Flask App
      • Java Spring Boot
      • ASP.NET Core MVC
      • Laravel
      • PHP
    • Backend/API Integration
      • Validate JWT in your application server
      • Forward Authentication to Authgear Resolver Endpoint
    • AI Coding tools
      • Cursor/Windsurf
  • How-To Guides
    • Authenticate
      • Add Passkeys Login
      • Add WhatsApp OTP Login
      • Add Email Magic Link Login
      • Add Biometric Login
      • Add Anonymous Users
      • Add authentication to any web page
      • Enable Two-Factor Authentication (2FA)
      • How to Use the OAuth 2.0 State Parameter
      • Reauthentication
      • How to Use Social/Enterprise Login Providers Without AuthUI
      • Passwordless Login for Apple App Store Review
      • Setup local development environment for Cookie-based authentication
      • Forgot/Reset Password settings
      • Phone number validation
      • Set Password Expiry
    • Single Sign-on
      • App2App Login
      • Pre-authenticated URLs
      • SSO between Mobile Apps / Websites
      • Force Authgear to Show Login Page
      • Single Sign-On with OIDC
      • Single Sign-On with SAML
        • Use Authgear as SAML Identity Provider for Salesforce
        • Use Authgear as SAML Identity Provider for Dropbox
        • SAML Attribute Mapping
    • Social Login / Enterprise Login Providers
      • Social Login Providers
        • Connect Apps to Apple
        • Connect Apps to Google
        • Connect Apps to Facebook
        • Connect Apps to GitHub
        • Connect Apps to LinkedIn
        • Connect Apps to WeChat
      • Enterprise Login Providers
        • Connect Apps to Azure Active Directory
        • Connect Apps to Microsoft AD FS
        • Connect Apps to Azure AD B2C
      • Force Social/Enterprise Login Providers to Show Login Screen
    • Built-in UI
      • Branding in Auth UI
      • User Settings
      • Privacy Policy & Terms of Service Links
      • Customer Support Link
      • Custom Text
    • Custom UI
      • Authentication Flow API
      • Implement Authentication Flow API using Express
      • Implement Authentication Flow API using PHP
      • Add Custom Login/Signup UI to Native Apps
      • Manually Link OAuth Provider using Account Management API
      • Implement a custom account recovery UI using Authentication Flow API
    • Integrate
      • Add custom fields to a JWT Access Token
      • User Analytics by Google Tag Manager
      • Track User Before and After Signup
      • Custom domain
      • Custom Email Provider
      • Custom SMS Provider
        • Twilio
        • Webhook/Custom Script
      • Integrate Authgear with Firebase
    • Monitor
      • Audit Log For Users Activities
      • Audit Log for Admin API and Portal
      • Analytics
    • User Management
      • Account Deletion
      • Import Users using User Import API
      • Export Users using the User Export API
      • Manage Users Roles and Groups
      • How to Handle Password While Creating Accounts for Users
    • User Profiles
      • What is User Profile
      • Access User Profiles
      • Update User Profiles
      • Profile Custom Attributes
      • Update user profile on sign-up using Hooks
    • Events and Hooks
      • Event List
      • Webhooks
      • JavaScript / TypeScript Hooks
      • Only Allow Signups from Inside the Corporate Network using Hooks
    • Mobile Apps
      • Use SDK to make authorized API calls to backend
      • Force authentication on app launch
      • Customize the Login Pop-up / Disable the login alert box
    • Languages and Localization
    • Custom Email and SMS Templates
    • Directly accessing Authgear Endpoint
    • Migration
      • Bulk migration
      • Rolling migration
      • Zero-downtime migration
    • Troubleshoot
      • How to Fix SubtleCrypto: digest() undefined Error in Authgear SDK
      • How to Fix CORS Error
  • Concepts
    • Identity Fundamentals
    • Authgear use cases
    • User, Identity and Authenticator
  • Security
    • Brute-force Protection
    • Bot Protection
    • Non-HTTP scheme redirect URI
    • Password Strength
  • Reference
    • APIs
      • Admin API
        • Authentication and Security
        • API Schema
        • Admin API Examples
        • Using global node IDs
        • Retrieving users using Admin API
        • User Management Examples
          • Search for users
          • Update user's standard attributes
          • Update user's picture
          • Generate OTP code
      • Authentication Flow API
      • OAuth 2.0 and OpenID Connect (OIDC)
        • UserInfo
        • Supported Scopes
      • User Import API
      • User Export API
    • Tokens
      • JWT Access Token
      • Refresh Token
    • Glossary
    • Billing FAQ
    • Rate Limits
      • Account Lockout
  • Client App SDKs
    • Javascript SDK Reference
    • iOS SDK Reference
    • Android SDK Reference
    • Flutter SDK Reference
    • Xamarin SDK Reference
  • Deploy on your Cloud
    • Running locally with Docker
    • Deploy with Helm chart
    • Authenticating HTTP request with Nginx
    • Configurations
      • Environment Variables
      • authgear.yaml
      • authgear.secrets.yaml
    • Reference Architecture Diagrams
      • Google Cloud Reference Architecture
      • Azure Reference Architecture
      • AWS Reference Architecture
      • Throughput Scaling Reference
Powered by GitBook
On this page
  • Create the project directory
  • Create docker-compose.yaml
  • Create authgear.yaml and authgear.secrets.yaml
  • Use PostgreSQL as search service
  • Edit authgear.secrets.yaml
  • Start PostgreSQL and Redis
  • Run database migration
  • Get it running
  • Verify everything is working

Was this helpful?

Edit on GitHub
  1. Deploy on your Cloud

Running locally with Docker

How to run locally with Docker.

Authgear is available as a Docker image. It depends on PostgreSQL (with pg_partman enabled) and Redis. To run it locally, the simplest way is to use docker-compose.

Create the project directory

Let's get started with creating a new directory.

mkdir myapp
cd myapp

Create docker-compose.yaml

The next step is to create docker-compose.yaml to setup PostgreSQL, Redis, and Authgear.

You can start with the following docker-compose.yaml:

services:
  db:
    image: postgres-pg-partman:latest
    build:
      context: ./postgres
    volumes:
      - db_data:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: "postgres"
      POSTGRES_PASSWORD: "postgres"
    ports:
      - "5432:5432"

  redis:
    image: redis:6.2.6
    volumes:
      - redis_data:/data
    ports:
      - "6379:6379"

  authgear:
    # Remember to replace the latest tag with the exact version you would like to use!
    image: quay.io/theauthgear/authgear-server:latest
    volumes:
      - ./authgear.yaml:/app/authgear.yaml
      - ./authgear.secrets.yaml:/app/authgear.secrets.yaml
    environment:
      DEV_MODE: "true"
      LOG_LEVEL: "debug"
    ports:
      - "3000:3000"

volumes:
  redis_data:
    driver: local
  db_data:
    driver: local

Note that we need to build the PostgreSQL image ourselves. We can do this with a simple Dockerfile.

mkdir postgres
touch postgres/Dockerfile

Copy the following contents to postgres/Dockerfile

FROM postgres:16.8

ENV PARTMAN_VERSION 5.2.4

RUN apt-get update && apt-get install -y \
	unzip \
	build-essential \
	postgresql-server-dev-11 \
	wget \
	&& rm -rf /var/lib/apt/lists/*

RUN wget https://github.com/pgpartman/pg_partman/archive/v${PARTMAN_VERSION}.zip -O pg_partman-${PARTMAN_VERSION}.zip \
    && unzip pg_partman-${PARTMAN_VERSION}.zip \
    && cd pg_partman-${PARTMAN_VERSION} \
    && make NO_BGW=1 install

Create authgear.yaml and authgear.secrets.yaml

First, we need to create authgear.yaml and authgear.secrets.yaml. Authgear itself is a CLI program capable of generating a minimal configuration file.

Run the following command to generate minimal authgear.yaml and authgear.secrets.yaml:

docker run --rm -it -w "/work" -v "$PWD:/work" quay.io/theauthgear/authgear-server authgear init

This command is interactive and it will prompt you a series of questions. You want to turn off email verification because we do not have SMTP setup. We also need to adjust some endpoints so that Authgear can connect to other services in the network.

App ID (default 'my-app'):
HTTP origin of authgear (default 'http://localhost:3000'):
HTTP origin of portal (default 'http://portal.localhost:8000'):
Phone OTP Mode (sms, whatsapp, whatsapp_sms) (default 'sms'):
Would you like to turn off email verification? (In case you don't have SMTP credentials in your initial setup) [Y/N] (default 'false'): Y
Select a service for searching (elasticsearch, postgresql) (default 'elasticsearch'):
Database URL (default 'postgres://postgres:postgres@127.0.0.1:5432/postgres?sslmode=disable'): postgres://postgres:postgres@db:5432/postgres?sslmode=disable
Database schema (default 'public'):
Audit Database URL (default 'postgres://postgres:postgres@127.0.0.1:5432/postgres?sslmode=disable'): postgres://postgres:postgres@db:5432/postgres?sslmode=disable
Audit Database schema (default 'public'):
Elasticsearch URL (default 'http://localhost:9200'):
Redis URL (default 'redis://localhost'): redis://redis
Redis URL for analytic (default 'redis://localhost/1'): redis://redis/1
config written to authgear.yaml
config written to authgear.secrets.yaml

authgear.yaml and authgear.secrets.yaml are generated in your working directory.

Use PostgreSQL as search service

By default, Elasticsearch is used as the search service. Optionally, you can use PostgreSQL as the search service. Enter postgresql in the interactive prompt when you are asked to select a service for searching, followed by the search database configs.

Select a service for searching (elasticsearch, postgresql) (default 'elasticsearch'): postgresql
...
Search Database URL (default 'postgres://postgres:postgres@127.0.0.1:5432/postgres?sslmode=disable'): 
Search Database schema (default 'public'):

For projects expecting more than 10,000 users, ElasticSearch is recommended for optimal search performance. In addition, when using PostgreSQL search, the result will not include a total count of matching items.

Edit authgear.secrets.yaml

The three services run in the same network. We have to ensure Authgear can connect to PostgreSQL and Redis.

Since we do not have Elasticsearch in our docker-compose.yaml, we MUST remove the elasticsearch entry in authgear.secrets.yaml if it exist.

Edit authgear.secrets.yaml so that it looks like the following:

secrets:
- data:
    database_schema: public
    database_url: postgres://postgres:postgres@db:5432/postgres?sslmode=disable
  key: db
- data:
    database_schema: public
    database_url: postgres://postgres:postgres@db:5432/postgres?sslmode=disable
  key: audit.db
- data:
    database_schema: public
    database_url: postgres://postgres:postgres@db:5432/postgres?sslmode=disable
  key: search.db
# Either remove or comment out this block if it exist.
# - data:
#     elasticsearch_url: http://localhost:9200
#   key: elasticsearch
- data:
    redis_url: redis://redis
  key: redis
- data:
    redis_url: redis://redis/1
  key: analytic.redis
# Other entries that are randomly generated.
# They are not listed here because they will be different.

Start PostgreSQL and Redis

Authgear depends on them so they have to be started first.

docker compose build
docker compose up -d db redis

Run database migration

Run the database migration:

docker compose run --rm  authgear authgear database migrate up --database-url="postgres://postgres:postgres@db:5432/postgres?sslmode=disable" --database-schema="public"
docker compose run --rm  authgear authgear audit database migrate up --database-url="postgres://postgres:postgres@db:5432/postgres?sslmode=disable" --database-schema="public"
docker compose run --rm  authgear authgear images database migrate up --database-url="postgres://postgres:postgres@db:5432/postgres?sslmode=disable" --database-schema="public"

# This is only needed if you use postgresql as the search service
docker compose run --rm  authgear authgear search database migrate up --search-database-url="postgres://postgres:postgres@db:5432/postgres?sslmode=disable" --search-database-schema="public"

Get it running

Run everything with:

docker-compose up

Verify everything is working

PreviousAccount LockoutNextDeploy with Helm chart

Last updated 23 days ago

Was this helpful?

Visit and try signing up as a new user!

http://localhost:3000