Summary
Refresh the Docker deployment artifacts and documentation so hosted Authsome production setup is accurate, complete, and easy to follow.
Current state
The repo ships a multi-stage Dockerfile, docker-compose.yml, and docs/guides/self-hosting.md, but several gaps remain for a polished hosted deployment story:
Dockerfile (Dockerfile): Builds UI via pnpm, packages a Python wheel with [postgres,redis] extras, runs as non-root authsome user on port 7998. Health check hits /health.docker-compose.yml: Wires authsome + postgres:16-alpine + redis:7-alpine. Requires AUTHSOME_POSTGRES_PASSWORD, AUTHSOME_MASTER_KEY, and AUTHSOME_UI_SESSION_KEY from the host. Sets AUTHSOME_DO_NOT_TRACK=1 by default. Registry image line is commented out (ghcr.io/agentrhq/authsome:latest).docs/guides/self-hosting.md: Covers quick start, env vars, secret resolution, backup/restore, and upgrades — but may be out of sync with recent server/runtime changes.- CI (
.github/workflows/docker.yml): Builds on version tags only; push: false — no published image to GHCR yet.
Problems / gaps
- Compose quick start in
README.md omits required secrets (AUTHSOME_POSTGRES_PASSWORD, AUTHSOME_MASTER_KEY, AUTHSOME_UI_SESSION_KEY) that docker-compose.yml hard-requires.
- No published container image workflow; self-hosters must build locally.
_FILE secret variants are documented in the guide but not wired in the default compose file.- Hosted deployment may need updates for recent Postgres/Redis-backed runtime (
ServerSettings, AUTHSOME_ENV=prod requiring both URLs).
- TLS termination, reverse-proxy (
AUTHSOME_BASE_URL), and production hardening notes could be expanded.
Proposed work
Relevant files
Dockerfiledocker-compose.ymldocs/guides/self-hosting.mdREADME.md (Self-hosting section).github/workflows/docker.ymlsrc/authsome/server/config.py, src/authsome/server/settings.py
Acceptance criteria
- A new operator can follow the guide end-to-end without hitting undocumented required env vars.
docker compose up works with documented secrets and passes /health.- README and guide agree on prerequisites and first-run steps.
Summary
Refresh the Docker deployment artifacts and documentation so hosted Authsome production setup is accurate, complete, and easy to follow.
Current state
The repo ships a multi-stage
Dockerfile,docker-compose.yml, anddocs/guides/self-hosting.md, but several gaps remain for a polished hosted deployment story:Dockerfile(Dockerfile): Builds UI via pnpm, packages a Python wheel with[postgres,redis]extras, runs as non-rootauthsomeuser on port 7998. Health check hits/health.docker-compose.yml: Wiresauthsome+postgres:16-alpine+redis:7-alpine. RequiresAUTHSOME_POSTGRES_PASSWORD,AUTHSOME_MASTER_KEY, andAUTHSOME_UI_SESSION_KEYfrom the host. SetsAUTHSOME_DO_NOT_TRACK=1by default. Registry image line is commented out (ghcr.io/agentrhq/authsome:latest).docs/guides/self-hosting.md: Covers quick start, env vars, secret resolution, backup/restore, and upgrades — but may be out of sync with recent server/runtime changes..github/workflows/docker.yml): Builds on version tags only;push: false— no published image to GHCR yet.Problems / gaps
README.mdomits required secrets (AUTHSOME_POSTGRES_PASSWORD,AUTHSOME_MASTER_KEY,AUTHSOME_UI_SESSION_KEY) thatdocker-compose.ymlhard-requires._FILEsecret variants are documented in the guide but not wired in the default compose file.ServerSettings,AUTHSOME_ENV=prodrequiring both URLs).AUTHSOME_BASE_URL), and production hardening notes could be expanded.Proposed work
docker-compose.ymlwith current server boot requirements and sensible production defaults.Dockerfileif build/runtime steps have drifted (UI embed path, optional extras, health check).docs/guides/self-hosting.mdand README self-hosting section in sync with compose reality..github/workflows/docker.yml).Relevant files
Dockerfiledocker-compose.ymldocs/guides/self-hosting.mdREADME.md(Self-hosting section).github/workflows/docker.ymlsrc/authsome/server/config.py,src/authsome/server/settings.pyAcceptance criteria
docker compose upworks with documented secrets and passes/health.