When I was building a website and companion app, I researched a lot of the open-source options for auth. My primary requirement was ease of setup and operation. I didn't want to mess around with JVM dependencies and 100% didn't want to start messing around with k8s for such a small project.

I was also very intimidated by the ORY stack. I didn't know how all the pieces fit together. And to self-host you pretty much need to run and orchestrate it on k8s. I'm not an auth expert, I just want a login thingy for my website/app.

I'm not affiliated with it in any way, but I really liked what ZITADEL[1] is doing, in case anyone else is researching their options. It has a very simple interface to get started with, but also a ton of features. It being written in Go is a huge benefit since that makes it much easier for me to throw it up on my vps and calling it a day.

1. https://zitadel.com/

> I didn't want to mess around with JVM dependencies and 100% didn't want to start messing around with k8s for such a small project.

That's what the docker image is for: https://www.keycloak.org/getting-started/getting-started-doc...

    docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:21.1.1 start-dev

I've only used docker for local dev environments, so I'm curious what happens if the process crashes? Does the docker daemon perform health checks to restart it, or is that the domain of k8s? It's pretty simple to do with systemd.

Also, Docker and Podman know how to restart containers if needed, depending on a policy you set.

If you want something even smaller, take https://github.com/containers/bubblewrap or https://github.com/arachsys/containers and run them under the process monitor of your choice, like runit or s6.