Guide

Deployment

Name: AuthMe
Author: AuthMe

Production Docker builds, horizontal scaling, and clustering with Nginx load balancer.

Docker Hub

Recommended

Pull the pre-built image from Docker Hub. This is the simplest and fastest way to deploy AuthMe in production.

Terminal

# Download docker-compose.yml
curl -o docker-compose.yml \
  https://raw.githubusercontent.com/Islamawad132/Authme/main/docker-compose.yml

# Create .env file with production values
cat > .env << 'EOF'
ADMIN_API_KEY=your-secure-api-key
ADMIN_PASSWORD=your-strong-password
BASE_URL=https://auth.example.com
EOF

# Start in detached mode
docker compose up -d

Uses the islamawad/authme:latest image with PostgreSQL 16 Alpine.

Build from Source

Build the Docker image locally from the source code. Useful if you need custom modifications.

Terminal

git clone https://github.com/Islamawad132/Authme.git
cd Authme

# Build and start
docker compose -f docker-compose.dev.yml up -d --build

Multi-Stage Dockerfile

The Dockerfile uses a 3-stage build to produce a lean production image:

Dependencies

Installs backend and Admin UI Node.js dependencies via npm ci

Build

Builds React Admin UI, generates Prisma client, compiles NestJS backend, prunes dev dependencies

Production

Final node:22-alpine image with only dist/, node_modules/, prisma/, and themes/

Container Entrypoint

The Docker entrypoint script (docker-entrypoint.sh) runs automatically on every container start:

1
Validates that DATABASE_URL is set (exits with helpful error if missing)
2
Runs npx prisma migrate deploy to apply any pending database migrations
3
Launches the server with node dist/main.js

Horizontal Scaling

AuthMe is fully stateless — all state lives in PostgreSQL. You can run any number of instances behind a load balancer sharing the same database.

Cluster with Nginx

Use the cluster compose file to run 2 instances behind an Nginx reverse proxy:

Terminal

docker compose -f docker-compose.cluster.yml up -d

Cluster Topology

┌────────────────────────────────────────────┐
│           Nginx Load Balancer              │
│              :8080 → :80                   │
└─────────┬──────────────────┬───────────────┘
          │                  │
  ┌───────┴──────┐  ┌───────┴──────┐
  │   AuthMe #1  │  │   AuthMe #2  │
  │    :3000     │  │    :3000     │
  └───────┬──────┘  └───────┬──────┘
          │                  │
  ┌───────┴──────────────────┴───────┐
  │         PostgreSQL 16            │
  │           (shared)               │
  └──────────────────────────────────┘

Nginx Configuration

nginx-cluster.conf

upstream authme {
    server app1:3000;
    server app2:3000;
}

server {
    listen 80;
    server_name _;

    location / {
        proxy_pass http://authme;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Manual Scaling

Scale to any number of instances using the Docker Compose scale flag:

docker compose up -d --scale app=3

Production Checklist

Change default credentials

Set strong ADMIN_PASSWORD and ADMIN_API_KEY

Set BASE_URL to your domain

e.g., https://auth.example.com

Use TLS/HTTPS

Terminate TLS at the reverse proxy or use a managed certificate

Set NODE_ENV=production

Enables production optimizations and disables debug logging

Configure PostgreSQL backups

Set up automated backups for the database volume

Configure SMTP per realm

Enable email verification and password reset flows

Monitor health and metrics

Use /health for liveness probes and /metrics for Prometheus

What's Next?

Getting Started

Quick start with Docker or source

Configuration

Environment variables and SMTP

API Reference

100+ REST API endpoints