Deploy Vaultwarden and Postgres on Fly.io
Posted on
fly.io per January 10, 2024 masih memiliki free allowance untuk setiap verified user:
- Up to 3 shared-cpu-1x 256mb VMs
- 3GB persistent volume storage (total)
- 160GB outbound data transfer
source: https://fly.io/docs/about/pricing/#free-allowances
Free allowance tersebut bisa kita manfaatkan untuk deploy aplikasi kecil, misalnya personal Vaultwarden instance dengan konfigurasi:
- 1 app instance tanpa persistent volume storage.
- 2 postgres instances dengan persistent volume storage masing-masing 1GB.
Hey, Vaultwarden bisa pakai sqlite, kenapa repot-repot pakai Postgres? Tentu saja for the sake of learning, it's fun.
Install flyctl dan login
curl -L https://fly.io/install.sh | sh
fly auth login
Deploy postgres on fly.io
Pertama, bikin instance postgres-nya, ikuti wizardnya, pilih yang development dengan spesifikasi shared instance 1vCPU 256MB RAM, dan storage 1GB
mkdir flyio-postgres
cd flyio-postgres/
fly postgres create
Kedua, kita scale jadi 2 instances. Buat jaga-jaga kalau butuh failover
fly machine list
fly machine clone <id dari machine list> --region sin --app my-vaultwarden-db
Nanti hasilnya ada 2 instances posgres: 1 read-write dan 1 read only.
Test koneksi ke db
fly postgres connect --app my-vaultwarden-db
Simpan config fly.toml buat dipelajari
fly config save --app my-vaultwarden-db
Deploy Vaultwarden on fly.io
Pertama, init app tanpa deploy, karena kita akan siapkan confignya
cd ..
mkdir flyio-vaultwarden
cd flyio-vaultwarden
flyctl launch --no-deploy
Kedua, edit fly.toml dan tambahkan Env var yang dibutuhkan
vim fly.toml
app = "my-vaultwarden"
primary_region = "sin"
swap_size_mb = 512
[build]
image = "vaultwarden/server:latest"
[env]
ROCKET_PORT = 8080
DOMAIN = "https://my-vaultwarden.fly.dev"
LOG_LEVEL = "error"
ORG_EVENTS_ENABLED = true
EVENTS_DAYS_RETAIN = 7
IP_HEADER = "Fly-Client-IP"
SIGNUPS_ALLOWED = false
SIGNUPS_VERIFY = true
SIGNUPS_DOMAINS_WHITELIST = "yourpersonaldomain.tld"
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-Configuration
SMTP_HOST = "your-config"
SMTP_FROM = "your-config"
SMTP_FROM_NAME = "your-config"
SMTP_SECURITY = "starttls"
SMTP_PORT = 587
# https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification
PUSH_ENABLED = true
PUSH_INSTALLATION_ID = "your-config"
# Following environment variables are saved in fly secret
# ADMIN_TOKEN
# PUSH_INSTALLATION_KEY
# SMTP_PASSWORD
# SMTP_USERNAME
# DATABASE_URL
# DATABASE_URL was saved in fly secret automaticaly by fly postgres attach
[http_service]
internal_port = 8080
force_https = true
auto_stop_machines = true
auto_start_machines = true
min_machines_running = 0
processes = ["app"]
[[vm]]
cpu_kind = "shared"
cpus = 1
memory_mb = 256
Ketiga, siapkan secrets untuk environment variable yang sensitif.
Generate secure admin token terlebih dahulu, token ini dipakai untuk login ke halaman admin Vaultwarden:
echo -n "your-strong-pass" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4
Simpan secure admin token tersebut ke fly.io secrets
fly secrets set --app my-vaultwarden ADMIN_TOKEN='hasil-generate-tadi'
Simpan kredensial SMTP ke fly.io secrets
fly secrets set --app my-vaultwarden SMTP_PASSWORD='your-smtp-passwd'
fly secrets set --app my-vaultwarden SMTP_USERNAME='your-smtp-username'
Simpan PUSH_INSTALLATION_KEY dari https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification
fly secrets set --app my-vaultwarden PUSH_INSTALLATION_KEY='push installation key'
Create DATABASE_URL dengan cara attach database ke app vaultwarden
fly postgres attach --app my-vaultwarden my-vaultwarden-db
command tersebut akan otomatis membuat secrets bernama DATABASE_URL
List semua secrets, pastikan tidak ada yang terlewat:
fly secrets list
Deploy my-vaultwarden app
fly deploy --ha=false
--ha=false
ini penting supaya create 1 instance saja, by default fly.io akan membuat 2 instances app. Kita bikin 1 saja supaya tetap gratis.
Selesai, vaultwarden bisa diakses pakai https://app-name.fly.dev