W
Wasp2mo ago
JLegendz

Deploying to Fly.io with KeyCloak Authentication

Are there specifal steps involved for deploying to Fly.io with keycloak authentication? During local development, keycloak's real url is set to localhost:8080 and works fine. But what do I set it to when deploying to fly.io?
6 Replies
kapa.ai
kapa.ai2mo ago
Hi @JLegendz. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- When deploying your Wasp app with Keycloak authentication to Fly.io, there are a few specific steps and environment variable changes you need to make: 1. Update Keycloak Redirect URIs:
In your Keycloak admin console, under your client settings, you must add the production callback URL for your deployed server. For Fly.io, this will look like: 
   <https://<your-fly-server-url>.fly.dev/auth/keycloak/callback>
   
   <https://<your-fly-server-url>.fly.dev/auth/keycloak/callback>
Make sure to keep the local development URI (<http://localhost:3001/auth/keycloak/callback>) for local testing, but add the Fly.io URL for production use. This ensures Keycloak will allow authentication callbacks from your deployed app Keycloak Client Setup. 2. Set Keycloak Environment Variables for Production:
In your Fly.io deployment, set the following environment variables (using your actual Keycloak values): 
   KEYCLOAK_CLIENT_ID=your-keycloak-client-id
   KEYCLOAK_CLIENT_SECRET=your-keycloak-client-secret
   KEYCLOAK_REALM_URL=<https://your-keycloak-url.com/realms/<your-realm>>
   
   KEYCLOAK_CLIENT_ID=your-keycloak-client-id
   KEYCLOAK_CLIENT_SECRET=your-keycloak-client-secret
   KEYCLOAK_REALM_URL=<https://your-keycloak-url.com/realms/<your-realm>>
For KEYCLOAK_REALM_URL, use the public URL of your Keycloak server (not localhost). For example, if your Keycloak is hosted at <https://keycloak.mycompany.com,> and your realm is myrealm, set: 
   KEYCLOAK_REALM_URL=<https://keycloak.mycompany.com/realms/myrealm>
   
   KEYCLOAK_REALM_URL=<https://keycloak.mycompany.com/realms/myrealm>
Do not use localhost for production—use the actual public Keycloak server URL Keycloak Env Vars. 3. Set Required Wasp Environment Variables:
You must also set the following for your Fly.io deployment: - WASP_SERVER_URL=<https://<your-fly-server-url>.fly.dev> - WASP_WEB_CLIENT_URL=<https://<your-client-url>> - DATABASE_URL, JWT_SECRET, etc. as required Fly.io Manual Deployment. Use the Fly.io CLI to set these secrets: 
   flyctl secrets set KEYCLOAK_CLIENT_ID=... KEYCLOAK_CLIENT_SECRET=... KEYCLOAK_REALM_URL=... WASP_SERVER_URL=... WASP_WEB_CLIENT_URL=...
   
   flyctl secrets set KEYCLOAK_CLIENT_ID=... KEYCLOAK_CLIENT_SECRET=... KEYCLOAK_REALM_URL=... WASP_SERVER_URL=... WASP_WEB_CLIENT_URL=...
Summary:
- In production, KEYCLOAK_REALM_URL must point to your public Keycloak server, not localhost. - Update Keycloak's valid redirect URIs to include your Fly.io server's callback URL. - Set all required environment variables/secrets in your Fly.io deployment. If your Keycloak instance is not publicly accessible (e.g., only available on localhost), you will need to deploy Keycloak itself to a public server or a cloud provider so your Fly.io app can reach it. For more details, see the official docs on Keycloak Auth setup and Fly.io deployment. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @JLegendz, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
JLegendz
JLegendzOP2mo ago
@kapa.ai can you give more details about how to deploy Keycloak itself to a public server or a cloud provider so your Fly.io app can reach it?
kapa.ai
kapa.ai2mo ago
Let me check the knowledge base for you again. One moment! :books: ---------------------- I'm sorry, but the knowledge sources provided do not contain specific instructions or details about how to deploy Keycloak itself to a public server or a cloud provider. The documentation covers how to configure Wasp to use Keycloak as an authentication provider and how to set the appropriate environment variables for your Wasp app, but it does not include steps for deploying or hosting a Keycloak instance. If you need to deploy Keycloak, you would need to consult the official Keycloak documentation or resources specific to your chosen cloud provider. The Wasp documentation assumes you already have a publicly accessible Keycloak instance and guides you on how to connect your Wasp app to it by setting the correct KEYCLOAK_REALM_URL and related environment variables Keycloak Auth setup. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @JLegendz, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
miho
miho2mo ago
Keycloak is a separate service you deploy, we can't really offer any support for that part. I've found this article https://medium.com/@stefannovak96/hosting-a-keycloak-server-and-postgres-database-on-fly-69caf2da8a09 As long as you set up the env variables for your server app, it should be able to connect to Keycloak: https://wasp.sh/docs/project/env-vars#oauth-providers
Medium
Hosting a Keycloak server on Fly.io in 10 minutes
Check out the YouTube video of this article! https://www.youtube.com/watch?v=iDoEhMgXRCk
Env Variables | Wasp
Environment variables are used to configure projects based on the context in which they run. This allows them to exhibit different behaviors in different environments, such as development, staging, or production.
JLegendz
JLegendzOP2mo ago
@miho Thank you. Yeah I'm seeing that I'm going to have to deploy it separately. I'm working on that now. If all goes well I'll discuss my findings here.
MEE6
MEE62mo ago
Wohooo @JLegendz, you just became a Waspeteer level 6!

Did you find this page helpful?