In this guide we show how to deploy EdgeDB using Azure’s Postgres Flexible Server as the backend.
Valid Azure Subscription with billing enabled or credits (free trial).
Azure CLI (install).
Login to your Microsoft Azure account.
$
az loginCreate a new resource group.
$
GROUP=my-group-name$
az group create --name $GROUP --location westusProvision a PostgreSQL server.
If you already have a database provisioned you can skip this step.
For convenience, assign a value to the PG_SERVER_NAME environment
variable; we’ll use this variable in multiple later commands.
$
PG_SERVER_NAME=postgres-for-edgedbUse the read command to securely assign a value to the PASSWORD
environment variable.
$
echo -n "> " && read -s PASSWORDThen create a Postgres Flexible server.
$
az postgres flexible-server create \
--resource-group $GROUP \
--name $PG_SERVER_NAME \
--location westus \
--admin-user edgedb \
--admin-password $PASSWORD \
--sku-name Standard_D2s_v3 \
--version 14 \
--yesIf you get an error saying "Specified server name is already used."
change the value of PG_SERVER_NAME and rerun the command.
Allow other Azure services access to the Postgres instance.
$
az postgres flexible-server firewall-rule create \
--resource-group $GROUP \
--name $PG_SERVER_NAME \
--rule-name allow-azure-internal \
--start-ip-address 0.0.0.0 \
--end-ip-address 0.0.0.0EdgeDB requires Postgres’ uuid-ossp extension which needs to be enabled.
$
az postgres flexible-server parameter set \
--resource-group $GROUP \
--server-name $PG_SERVER_NAME \
--name azure.extensions \
--value uuid-osspStart an EdgeDB container.
$
PG_HOST=$(
az postgres flexible-server list \
--resource-group $GROUP \
--query "[?name=='$PG_SERVER_NAME'].fullyQualifiedDomainName | [0]" \
--output tsv
)$
DSN="postgresql://edgedb:$PASSWORD@$PG_HOST/postgres?sslmode=require"$
az container create \
--resource-group $GROUP \
--name edgedb-container-group \
--image edgedb/edgedb \
--dns-name-label edgedb \
--ports 5656 \
--secure-environment-variables \
"EDGEDB_SERVER_PASSWORD=$PASSWORD" \
"EDGEDB_SERVER_BACKEND_DSN=$DSN" \
--environment-variables \
EDGEDB_SERVER_TLS_CERT_MODE=generate_self_signed \Persist the SSL certificate. We have configured EdgeDB to generate a self
signed SSL certificate when it starts. However, if the container is restarted a
new certificate would be generated. To preserve the certificate across failures
or reboots copy the certificate files and use their contents in the
EDGEDB_SERVER_TLS_KEY and EDGEDB_SERVER_TLS_CERT environment variables.
$
key="$( az container exec \
--resource-group $GROUP \
--name edgedb-container-group \
--exec-command "cat /tmp/edgedb/edbprivkey.pem" \
| tr -d "\r" )"$
cert="$( az container exec \
--resource-group $GROUP \
--name edgedb-container-group \
--exec-command "cat /tmp/edgedb/edbtlscert.pem" \
| tr -d "\r" )"$
az container delete \
--resource-group $GROUP \
--name edgedb-container-group \
--yes$
az container create \
--resource-group $GROUP \
--name edgedb-container-group \
--image edgedb/edgedb \
--dns-name-label edgedb \
--ports 5656 \
--secure-environment-variables \
"EDGEDB_SERVER_PASSWORD=$PASSWORD" \
"EDGEDB_SERVER_BACKEND_DSN=$DSN" \
"EDGEDB_SERVER_TLS_KEY=$key" \
--environment-variables \
"EDGEDB_SERVER_TLS_CERT=$cert"To access the EdgeDB instance you’ve just provisioned on Azure from your local machine link the instance.
$
printf $PASSWORD | edgedb instance link \
--password-from-stdin \
--non-interactive \
--trust-tls-cert \
--host $( \
az container list \
--resource-group $GROUP \
--query "[?name=='edgedb-container-group'].ipAddress.fqdn | [0]" \
--output tsv ) \
azureThe command groups edgedb instance and edgedb project are not
intended to manage production instances.
You can now connect to your instance.
$
edgedb -I azureUsing an HTTP client, you can perform health checks to monitor the status of your EdgeDB instance. Learn how to use them with our health checks guide.
