Is a webserver required to run PrivacyIdea in production?

I’m trying to create a docker container from scratch to run privacyidea.

To test the installation, I’ve created an empty Ubuntu 18.04 Virtual Machine and ran through the installation using:
sudo apt-get install privacyidea

I deliberately didn’t use the nginx/apache option, as I’m planning to expose PrivacyIdea through a reverse proxy like Citrix ADC.

Is there any reason to keep PrivacyIdea running behind nginx or Apache?
Or can I just use pi-manage runserver -d <IP> -p 5000?

Hello and welcome to privacyIDEA community.

runserver has only one thread and you can only handle one request at a time. Thus you will very quickly get blocking requests and you will loose requests! In theory it is possible. But it is no no no practical :slight_smile:

Do not do this!

Hi Cornelius,

Thanks for the welcome. Thought it would be better to ask questions here instead of keeping you spammed through Twitter :wink:

So basically, to create our own container:

  • Take the ubuntu base image
  • Follow the docs to install through apt-get install privacyidea
  • Use the internal SQLite or setup pi.cfg to refer to an externally running database server
  • Manually configure a webserver to use WSGI/uWSGI
  • Expose that service

My “beef” with apt-get install privacyidea-apache/nginx is that it automatically installs mysql locally as well.
In the documentation you refer to a package privacyidea-mysql but I can’t seem to find it on your repository from NetKnights?!


There is no need to use the meta package privacyidea-apache2 or privacyidea-nginx.
These are meta packages for the convenience of standalone installations.

Of course you can use your own setup of apache or nginx with your own database.

Additionally to @cornelinux comment the runserver should only be used for development.
The cleanest way to run privacyIDEA with docker would be to use a python base image and install privacyIDEA in the container via pip. Then You can also install gunicorn and run privacyIDEA in the container with

gunicorn ""

Of course the complete configuration and db container must be created/initialized then beforehand.