Running with Docker Compose
This guide covers deploying the complete Shyntr ecosystem using Docker Compose. It spins up the core database, the Identity Hub backend, the management Dashboard, and the user-facing Auth Portal.
Prerequisites
Ensure you have installed:
- Docker (v20.10+)
- Docker Compose (v2.0+)
Quick Start
1. Create Docker Compose File
Create a docker-compose.yml file with the following content:
docker-compose.yml
services:
# 1. DATABASE (PostgreSQL)
postgres:
image: postgres:16-alpine
container_name: shyntr_db
environment:
- POSTGRES_USER=shyntr
- POSTGRES_PASSWORD=secretpassword
- POSTGRES_DB=shyntr
ports:
- "5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U shyntr" ]
interval: 5s
timeout: 5s
retries: 5
networks:
- shyntr-net
# 2. SHYNTR IDENTITY HUB (Backend)
shyntr-backend:
image: shyntr/shyntr:1.0.0-beta.1
container_name: shyntr_app
ports:
- "7496:7496" # Public Port (SHYN)
- "7497:7497" # Admin Port (ADMN)
environment:
- GIN_MODE=release
- GO_ENV=production
- DSN=postgres://shyntr:secretpassword@postgres:5432/shyntr?sslmode=disable
- APP_SECRET=12345678901234567890123456789012
- PORT=7496
- ADMIN_PORT=7497
- ISSUER_URL=http://localhost:7496
- EXTERNAL_LOGIN_URL=http://localhost:3000/login
- EXTERNAL_CONSENT_URL=http://localhost:3000/consent
- CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:3274
- ADMIN_CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:3274,http://localhost:7497
- LOG_LEVEL=info
- SKIP_TLS_VERIFY=true # Development only
depends_on:
postgres:
condition: service_healthy
networks:
- shyntr-net
healthcheck:
test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:7496/health" ]
interval: 10s
timeout: 5s
retries: 5
start_period: 5s
command: >
sh -c "./shyntr migrate && ./shyntr serve"
# 3. SHYNTR DASHBOARD (React / Nginx)
shyntr-dashboard:
image: shyntr/shyntr-dashboard:1.0.0-beta.1
container_name: shyntr_dashboard
ports:
- "3274:80"
environment:
- REACT_MANAGEMENT_BACKEND_URL=http://localhost:7497
- REACT_PUBLIC_BACKEND_URL=http://localhost:7496
depends_on:
shyntr-backend:
condition: service_healthy
networks:
- shyntr-net
# 4. SHYNTR AUTH PORTAL (Next.js)
shyntr-auth-portal:
image: shyntr/shyntr-auth-portal:1.0.0-beta.1
container_name: shyntr_auth_portal
ports:
- "3000:3000"
environment:
- SHYNTR_INTERNAL_API_URL=http://shyntr-backend:7496
- NEXT_PUBLIC_BACKEND_URL=http://localhost:7496
depends_on:
shyntr-backend:
condition: service_healthy
networks:
- shyntr-net
volumes:
postgres_data:
networks:
shyntr-net:
driver: bridge
2. Start the Stack
Run the stack in detached mode:
docker-compose up -d
3. Access the Services
Once all services are healthy, access:
| Service | URL | Description |
|---|---|---|
| Dashboard | http://localhost:3274 | Manage Tenants and Identity Providers |
| Auth Portal | http://localhost:3000 | User-facing Login and Consent screens |
| OIDC Discovery | http://localhost:7496/.well-known/openid-configuration | OpenID Connect metadata |
| Admin API | http://localhost:7497 | Internal management API |
4. Verify Installation
# Check all services are running
docker-compose ps
# Fetch OIDC Discovery Document
curl http://localhost:7496/.well-known/openid-configuration
# Check backend health
curl http://localhost:7496/health
The Shyntr Ecosystem
The Docker Compose setup includes the complete ecosystem:
┌─────────────────────────────────────────────────────────────────┐
│ Shyntr Ecosystem │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────┐ ┌─────────────────┐ │
│ │ Auth Portal │ │ Dashboard │ │
│ │ (Next.js) │ │ (React) │ │
│ │ :3000 │ │ :3274 │ │
│ └────────┬────────┘ └────────┬────────┘ │
│ │ │ │
│ └───────────┬───────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────┐ │
│ │ Shyntr Identity │ │
│ │ Hub (Go Backend) │ │
│ │ :7496 (Public) │ │
│ │ :7497 (Admin) │ │
│ └────────┬────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────┐ │
│ │ PostgreSQL │ │
│ │ :5432 │ │
│ └─────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
Component Roles
| Component | Role |
|---|---|
| Shyntr Identity Hub | Core backend handling protocol translation, token issuance, and security |
| Auth Portal | User-facing UI for login, consent, and logout flows |
| Dashboard | Admin interface for managing tenants, clients, and IdP connections |
| PostgreSQL | Persistent storage for configuration, sessions, and tokens |
Customization
Both the Auth Portal and Dashboard are optional reference implementations. You can:
- Use them directly out of the box
- Customize them to match your branding
- Build your own UIs using the Shyntr APIs
Production Configuration
For production deployments, make these critical changes:
1. Secure Secrets
Change Default Secrets!
The example uses placeholder secrets. For production:
- Generate a cryptographically random
APP_SECRET(exactly 32 bytes) - Use strong PostgreSQL passwords
- Generate new RSA keys
Generation secure APP_SECRET
openssl rand -hex 16
2. Update Environment Variables
Production environment changes
shyntr-backend:
environment:
- GO_ENV=production
- GIN_MODE=release
- APP_SECRET=${SHYNTR_APP_SECRET} # Use environment variable
- ISSUER_URL=https://auth.yourdomain.com
- SKIP_TLS_VERIFY=false # Always false in production!
- COOKIE_SECURE=true # Requires HTTPS
3. TLS/HTTPS
Use a reverse proxy like Traefik or Nginx for TLS termination:
docker-compose.prod.yml (with Traefik)
services:
shyntr-backend:
labels:
- "traefik.enable=true"
- "traefik.http.routers.shyntr.rule=Host(`auth.yourdomain.com`)"
- "traefik.http.routers.shyntr.tls=true"
- "traefik.http.routers.shyntr.tls.certresolver=letsencrypt"
4. Database with SSL
Production PostgreSQL
postgres:
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
command: >
-c ssl=on
-c ssl_cert_file=/var/lib/postgresql/server.crt
-c ssl_key_file=/var/lib/postgresql/server.key
Creating Initial Resources
After starting the ecosystem, use the Dashboard or CLI to create resources:
Via Dashboard
- Open http://localhost:3274
- Navigate to Clients → Create Client
- Configure your OIDC client settings
Via CLI
# Create an OIDC client
docker exec shyntr_app ./shyntr create-client \
--name "My Application" \
--redirect-uris "http://localhost:8080/callback"
# Output:
# Client ID: abc123def456
# Client Secret: secret_xxxxxxxxxxxxxxxx
Logging and Monitoring
View Logs
# All services
docker-compose logs -f
# Specific service
docker-compose logs -f shyntr-backend
docker-compose logs -f shyntr-dashboard
docker-compose logs -f shyntr-auth-portal
# Last 100 lines
docker-compose logs --tail 100 shyntr-backend
Health Endpoints
| Endpoint | Service | Description |
|---|---|---|
http://localhost:7496/health | Identity Hub | Liveness check |
http://localhost:7496/ready | Identity Hub | Readiness check (includes DB) |
Troubleshooting
Services Not Starting
# Check container status
docker-compose ps
# Check specific service logs
docker-compose logs shyntr-backend
Database Connection Issues
# Check PostgreSQL is healthy
docker exec shyntr_db pg_isready -U shyntr
# Connect to database
docker exec -it shyntr_db psql -U shyntr
Reset Everything
# Stop and remove all containers, volumes, and networks
docker-compose down -v
# Start fresh
docker-compose up -d
Next Steps
- Configure Environment Variables for your deployment
- Learn the CLI Reference for management commands
- Set up custom Headless Login & Consent UIs
- Explore Multi-Tenancy for SaaS deployments