PalveronPalveronDocs

Docker Compose

Deploy the Palveron stack on a single server with Docker Compose.

Single-server deployments use the audited production compose file in the gateway repository — the same stack that runs palveron.com. It builds the images from source and expects a managed PostgreSQL (Supabase recommended); the database is deliberately not part of the stack.

Quickstart

git clone https://github.com/palveron/gateway.git
git clone https://github.com/palveron/platform.git /opt/palveron/platform
cd gateway

cp .env.production.example .env.production
# Fill in: DATABASE_URL, the three encryption keys
# (TRACE_ENCRYPTION_ROOT_KEY / FLARE_ENCRYPTION_KEY / DLQ_ENCRYPTION_KEY —
# generate with `openssl rand -base64 32`), INTERNAL_PROXY_SECRET, Kinde
# credentials, and your public URLs. Never commit this file.

docker compose -f docker/docker-compose.production.yml \
  --env-file .env.production up -d

Services

ServicePortDescription
gateway8080 (internal)Rust policy engine + verify pipeline
platform3000 (internal)Next.js dashboard
docs3001 (loopback)Documentation site
redisinternalOptional cache — the gateway degrades gracefully without it
nginx80/443Reverse proxy / TLS termination
PostgreSQLExternal — managed database via DATABASE_URL

The database schema initializes on first boot — the gateway applies its bundled SQLx migrations (schema baseline + seed) against the empty database. No manual SQL step is required.

Health checks

curl http://localhost:8080/health   # gateway liveness (process alive)
curl http://localhost:8080/ready    # gateway readiness (Postgres reachable)
curl http://localhost:3000/api/health  # dashboard

Production checklist

  • Set RUST_ENV=production (the compose file does) — it arms the encryption boot gates; the gateway refuses to start without the three encryption keys.
  • Back up the encryption keys in a password manager immediately.
  • Point DATABASE_URL at managed PostgreSQL and respect your pooler's client limit.
  • For Flare anchoring, set FLARE_PRIVATE_KEY and the per-network contract addresses per the blockchain guide.

For Kubernetes deployments, use the Helm chart — see the Helm guide.

On this page