Self-hosting FAQ

How do I configure this project for HTTPS?

The default configuration for this project only uses HTTP, but as an authentication service, it is essential that the service run using HTTPS in production. There are two methods for configuring HTTPS:

• Configure the server to use HTTPS via Go code.
• Configure the server to use HTTPS via a reverse proxy.

Configuring via Go code involves copying the default server's main.go file and switching the ListenAndServe method to the ListenAndServeTLS method. If you are using Docker, this method will require you to build a new Docker image from the modified main.go file.

Configuring the server via a reverse proxy is the recommended method. There are too many high-quality HTTPS reverse proxies to mention. If you don't already have a favorite, Caddy is a great option to start with.

Should I expose the database to the internet?

Exposing the database to the internet is not recommended. If you are using a Docker network it is recommended to only expose an HTTPS reverse proxy. The server should only be accessible via the reverse proxy and the database should only be accessible via the server.

If you must put the database on a non-Docker network, it is recommended to restrict which hosts can access the database.