Self-hosting SuperTokens
See how you can run SuperTokens in your own infrastructure.
Overview
One of the main features of SuperTokens is that you can run it using your own resources. This way you have full control over the authentication data and you can scale based on your needs.
Before you start
To deploy the Core Service you must configure two things: the actual API and the database.
- You can use either PostreSQL or MySQL as a data source for the core service.
- Deploy the core service with Docker or directly inside your VM.
- The minimum required version is MySQL 8.0.11.
- The minimum required version is PostgreSQL 13.0.
Steps
1. Install SuperTokens core
With docker
docker run -p 3567:3567 -d registry.supertokens.io/supertokens/supertokens-mysql
- To see all the environment variables available, please see the README file.
- The above command starts the container with an in-memory database. This means you do not need to connect it to MySQL to test out SuperTokens.
Without docker
1. Download SuperTokens
Once downloaded, remove the zip, and you see a folder named supertokens.
2. Install SuperTokens
# sudo is required so that the supertokens
# command can be added to your PATH variable.
cd supertokens
sudo ./install
After installing, you can delete the downloaded folder as you no longer need it.
Make any changes to the configuration in the config.yaml file in the installation directory, as specified in the output of the supertokens --help command.
3. Start the core service
Running the following command starts the service.
supertokens start [--host=...] [--port=...]
- The above command starts the container with an in-memory database.
- To see all available options please run supertokens start --help
To stop the service, run the following command:
supertokens stop
2. Test that the service is running
Open a browser and visit http://localhost:3567/hello. If you see a page that says Hello back, then the container started successfully!
If you are having issues with starting the docker image, please feel free to reach out over email or via Discord.
The /hello route checks whether the database connection is correctly set up and only returns a 200 status code if there is no issue.
If you are using Kubernetes or docker swarm, this endpoint is perfect for doing readiness and liveness probes.
3. Connect the backend SDK with SuperTokens
- The default port for SuperTokens is 3567. You can change this by binding a different port in the docker run command. For example, docker run -p 8080:3567 runs SuperTokens on port 8080 on your machine.
- The connection info goes in the supertokens object in the init function on your backend:
import supertokens from "supertokens-node";
supertokens.init({
supertokens: {
connectionURI: "http://localhost:3567",
apiKey: "someKey" // OR can be undefined
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: []
});
No API key exists by default. Check the API keys documentation to see how to add one.
4. Set up the database
4.1 Create a database Optional
CREATE DATABASE SuperTokens;
You can skip this step if you want SuperTokens to write to your own database. In this case, you need to provide your database's name as shown in the step below.
4.2 Connect SuperTokens to your database
With docker
Host being localhost / 127.0.0.1 does not work in a docker image. Instead, please provide the database's local / public host name or IP address.
You also need to make the database listen on all the IPs of the local machine. Edit the mysqld.cnf configuration file and set the value of bind-address to 0.0.0.0.
docker run \
-p 3567:3567 \
//highlight-next-line
-e MYSQL_CONNECTION_URI="mysql://username:pass@host/dbName" \
-d registry.supertokens.io/supertokens/supertokens-mysql
# OR
docker run \
-p 3567:3567 \
//highlight-start
-e MYSQL_USER="username" \
-e MYSQL_PASSWORD="password" \
-e MYSQL_HOST="host" \
-e MYSQL_PORT="3306" \
-e MYSQL_DATABASE_NAME="supertokens" \
//highlight-end
-d registry.supertokens.io/supertokens/supertokens-mysql
Without docker
# You need to add the following to the config.yaml file.
# The file path can be found by running the "supertokens --help" command
mysql_connection_uri: "mysql://username:pass@host/dbName"
# OR
mysql_user: "username"
mysql_password: "password"
mysql_host: "host"
mysql_port: 3306
mysql_database_name: "supertokens"
The required tables should create automatically if the database user has table creation permission. If not, you can create them manually using the following snippet.
4.3 Test the connection
To test, start SuperTokens and run the following query in your database
SELECT * FROM key_value;
If you see at least one row, it means that the connection has been successfully completed!
4.4 Rename database tables Optional
If you already have tables created by SuperTokens, and then you rename them, SuperTokens creates new tables. Please be sure to migrate the data from the existing one to the new one.
You can add a prefix to all table names that SuperTokens manages. This way, all will be renamed in a way that has no clashes with your tables.
For example, two tables created by SuperTokens have the names emailpassword_users and thirdparty_users. If you add a prefix to them (something like "my_prefix"), then the tables become my_prefix_emailpassword_users and my_prefix_thirdparty_users.
For MySQL
docker run \
-p 3567:3567 \
// highlight-next-line
-e MYSQL_TABLE_NAMES_PREFIX="my_prefix" \
-d registry.supertokens.io/supertokens/supertokens-mysql
For PostgreSQL
docker run \
-p 3567:3567 \
// highlight-next-line
-e POSTGRESQL_TABLE_NAMES_PREFIX="my_prefix" \
-d registry.supertokens.io/supertokens/supertokens-postgresql
5. Add license keys
To access some features in your self-hosted service you must use license keys. You can sign up on SuperTokens to receive one.
Once you have the license key you need to manually add it to your SuperTokens Core Instance. To do this you have to call the Core API with the following request:
curl --location --request PUT <CORE_API_ENDPOINT>/ee/license \
--header 'Content-Type: application/json' \
--header 'api-key: <YOUR_API_KEY>' \
--data-raw '{ "licenseKey": "<YOUR_LICENSE_KEY>" }'
References
Docker compose file
version: '3'
services:
db:
image: mysql:latest
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: supertokens_user
MYSQL_PASSWORD: somePassword
MYSQL_DATABASE: supertokens
ports:
- 3306:3306
networks:
- app_network
restart: unless-stopped
healthcheck:
test: [ "CMD", "mysqladmin", "ping", "-h", "localhost" ]
timeout: 20s
retries: 10
supertokens:
image: registry.supertokens.io/supertokens/supertokens-mysql
depends_on:
db:
condition: service_healthy
ports:
- 3567:3567
environment:
MYSQL_CONNECTION_URI: mysql://supertokens_user:somePassword@db:3306/supertokens
networks:
- app_network
restart: unless-stopped
healthcheck:
test: >
bash -c 'exec 3<>/dev/tcp/127.0.0.1/3567 && echo -e "GET /hello HTTP/1.1\r\nhost: 127.0.0.1:3567\r\nConnection: close\r\n\r\n" >&3 && cat <&3 | grep "Hello"'
interval: 10s
timeout: 5s
retries: 5
networks:
app_network:
driver: bridge
If you are running the backend process that integrates with the backend SDK as part of the docker compose file as well, make sure to use http://supertokens:3567 as the connection URI instead of http://localhost:3567.
Helm charts for Kubernetes
-
For MySQL image
-
For PostgreSQL image