Skip to content

Docker Compose

The quickstart Docker image is an all-in-one container launching the Fief server, the Fief worker for background jobs and a Redis server to schedule those jobs. While suitable for local development and testing, it's usually better in production to have dedicated containers for each purpose.

Docker Compose greatly simplifies the configuration of multiple containers. This is probably the easiest way if you already know Docker and want to deploy on your own server. You'll find below a typical docker-compose.yml configuration for Fief.

version: "3"

services:
  fief-server:
    image: ghcr.io/fief-dev/fief:latest
    command: fief run-server
    env_file:
      - .env
    depends_on:
      - postgres
      - redis
    labels:
      - "traefik.enable=true"
      # Set your domain name here
      - "traefik.http.routers.fief.rule=Host(`fief.mydomain.com`)"
      - "traefik.http.routers.fief.entrypoints=websecure"
      - "traefik.http.routers.fief.tls.certresolver=myresolver"

  fief-worker:
    image: ghcr.io/fief-dev/fief:latest
    command: fief run-worker -p 1 -t 1
    env_file:
      - .env
    depends_on:
      - postgres
      - redis

  postgres:
    image: postgres:alpine
    environment:
      - POSTGRES_PASSWORD=fief
      - POSTGRES_USER=fief
      - POSTGRES_DB=fief
    volumes:
      - postgres-data:/var/lib/postgresql/data

  redis:
    image: redis:alpine
    command: redis-server --save 60 1 --loglevel warning
    volumes:
      - redis-data:/data

  traefik:
    image: "traefik:v2.11"
    container_name: "traefik"
    command:
      # Uncomment the lines below to debug and try with a self-signed certificate
      # - "--log.level=DEBUG"
      # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      # Set your email address here
      - "--certificatesresolvers.myresolver.acme.email=admin@mydomain.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      - "8080:8080"
    volumes:
      - "letsencrypt-data:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

volumes:
  redis-data:
  postgres-data:
  letsencrypt-data:

# Reference: https://docs.fief.dev/self-hosting/environment-variables/

SECRET=XXX
FIEF_CLIENT_ID=XXX
FIEF_CLIENT_SECRET=XXX
ENCRYPTION_KEY=XXX
PORT=8000
# Set your domain name here
FIEF_DOMAIN=fief.mydomain.com
# Set your email address here
FIEF_MAIN_USER_EMAIL=admin@mydomain.com
FIEF_MAIN_USER_PASSWORD=XXX

# Read more: https://docs.fief.dev/self-hosting/configuration/database/
DATABASE_TYPE=POSTGRESQL
DATABASE_HOST=postgres
DATABASE_PORT=5432
DATABASE_USERNAME=fief
DATABASE_PASSWORD=fief
DATABASE_NAME=fief

# Read more: https://docs.fief.dev/self-hosting/environment-variables/#redis
REDIS_URL=redis://redis:6379

# Read more: https://docs.fief.dev/self-hosting/configuration/ssl/
FORWARDED_ALLOW_IPS=*

Fief containers

We have two Fief containers: one for the web server, fief-server, and one for the worker, fief-worker. Both are required to make Fief working correctly.

Database and Redis containers

We also defined a dedicated database container, PostgreSQL, and a broker for passing job messages, Redis. Note how we defined and linked a volume for both of them. By doing this, we make sure we persist our data in a dedicated Docker volume that will persist even if we delete the containers.

Traefik reverse proxy

A reverse proxy is a specialized software able to accept incoming HTTP requests and route them to the underlying applications. It acts as the unique HTTP entrypoint to our system. Here, it'll simply route requests with the domain fief.mydomain.com to the fief-server container.

It's also in charge for managing SSL certificates. In this configuration, Traefik will automatically issue a free Let's Encrypt certificate for the domain fief.mydomain.com, using the TLS challenge. Traefik supports other types of challenge that may be more suitable for your use-case. The volume letsencrypt-data is here to store the generated certificates.

We strongly suggest you to read more about how to configure Traefik with Docker Compose: https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/

.env file

The .env file will contain all the environment variables for configuring Fief. You can have more details about the configuration of email provider in the dedicated sections.

Configure email provider

Backup the volumes

You should probably think about a proper backup method for those volumes. A convenient solution is to use docker-volume-backup, a dedicated Docker image capable of archiving Docker volumes and send them to a distant storage.