Linux: Setup ZITADEL with PostgreSQL

NGINX Proxy

Create a new subdomain and point it to your server. Use certbot -d domain.name for creating a new SSL Cert. Create a new file in /etc/nginx/sites-available/domainname

server {
server_name domain.com;

listen 443 ssl;

ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

location / {
grpc_pass grpc://localhost:8080;
grpc_set_header Host $host:$server_port;
}
}

PostgreSQL

We need a database for the software. This can be created by the following commands:

sudo -u postgres psql
postgres=# create database zitadel;
postgres=# create user zitadel with encrypted password 'mypass';
postgres=# grant all privileges on database zitadel to zitadel;

Config File

I often create directories for software in /opt/projectname. Then a config.yaml file could look like this:

ExternalSecure: true
ExternalDomain: 'domain.name'
ExternalPort: 443

Database:
postgres:
Host: localhost
Port: 5432
Database: zitadel
MaxOpenConns: 25
MaxConnLifetime: 1h
MaxConnIdleTime: 5m
Options:
User:
Username: zitadel
Password: zitadel
SSL:
Mode: disable
RootCert:
Cert:
Key:
Admin:
Username: postgres
Password: postgres
SSL:
Mode: disable
RootCert:
Cert:
Key:
FirstInstance:
Org:
Human:
# use the loginname root@zitadel.localhost
Username: 'root'
Password: 'RootPassword1!'

Installation

Use the following command to download and install Zitadel:

LATEST=$(curl -i https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r'); wget -qO-  https://github.com/zitadel/zitadel/releases/download/$LATEST/zitadel_Linux_$(uname -m).tar.gz  | tar -xz zitadel && sudo mv zitadel /usr/local/bin

Masterkey

We should generate and save an masterkey:

echo "$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"

Start

For the first run:

zitadel start-from-init \
--config /opt/zitadel/config.yaml \
--steps /opt/zitadel/init.yaml \
--masterkey "${ZITADEL_MASTERKEY}" \
--tlsMode external
  • username: root@zitadel.localhost
  • password: RootPassword1!
zitadel start \
--config /opt/zitadel/config.yaml \
--masterkey "${ZITADEL_MASTERKEY}" \
--tlsMode external

Systemd Daemon

I also set up a custom systemd daemon. For that, create a new file in /etc/systemd/system:

[Unit]
Description=Custom Zitadel
After=postgresql.service

[Service]
RestartSec=2s
Type=simple
User=zitadel
WorkingDirectory=/opt/zitadel
ExecStart=/usr/local/bin/zitadel start-from-init --config /opt/zitadel/config.ya
ml --masterkey YOUR_MASTERKEY --tlsMode external
Environment=USER=root HOME=/opt/zitadel
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure

[Install]
WantedBy=multi-user.target

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Christoph Miksche

Christoph Miksche

Software Developer and Investor from Germany. Writing about Software, Tech and Investments.