Docker Compose
Deploy the Palveron stack on a single server with Docker Compose.
Single-server deployments use the audited production compose file in the gateway repository — the same stack that runs palveron.com. It builds the images from source and expects a managed PostgreSQL (Supabase recommended); the database is deliberately not part of the stack.
Quickstart
git clone https://github.com/palveron/gateway.git
git clone https://github.com/palveron/platform.git /opt/palveron/platform
cd gateway
cp .env.production.example .env.production
# Fill in: DATABASE_URL, the three encryption keys
# (TRACE_ENCRYPTION_ROOT_KEY / FLARE_ENCRYPTION_KEY / DLQ_ENCRYPTION_KEY —
# generate with `openssl rand -base64 32`), INTERNAL_PROXY_SECRET, Kinde
# credentials, and your public URLs. Never commit this file.
docker compose -f docker/docker-compose.production.yml \
--env-file .env.production up -dServices
| Service | Port | Description |
|---|---|---|
gateway | 8080 (internal) | Rust policy engine + verify pipeline |
platform | 3000 (internal) | Next.js dashboard |
docs | 3001 (loopback) | Documentation site |
redis | internal | Optional cache — the gateway degrades gracefully without it |
nginx | 80/443 | Reverse proxy / TLS termination |
| PostgreSQL | — | External — managed database via DATABASE_URL |
The database schema initializes on first boot — the gateway applies its bundled SQLx migrations (schema baseline + seed) against the empty database. No manual SQL step is required.
Health checks
curl http://localhost:8080/health # gateway liveness (process alive)
curl http://localhost:8080/ready # gateway readiness (Postgres reachable)
curl http://localhost:3000/api/health # dashboardProduction checklist
- Set
RUST_ENV=production(the compose file does) — it arms the encryption boot gates; the gateway refuses to start without the three encryption keys. - Back up the encryption keys in a password manager immediately.
- Point
DATABASE_URLat managed PostgreSQL and respect your pooler's client limit. - For Flare anchoring, set
FLARE_PRIVATE_KEYand the per-network contract addresses per the blockchain guide.
For Kubernetes deployments, use the Helm chart — see the Helm guide.