Docker (cloud relay)

Run the Cyborg7 cloud relay with Docker Compose — relay + Redis, backed by your own PostgreSQL.

The repo ships a deploy/docker-compose.yml that runs the cloud relay — the standalone broker that browser/desktop guests connect to, with no local agents. It brings up the relay and Redis; you supply PostgreSQL (managed or your own) via DATABASE_URL.

Services

  • relay — the Hono HTTP + WebSocket gateway (built from deploy/Dockerfile.relay), listening on :9100.
  • redisredis:7-alpine, used for rate-limit counters, presence TTL, and multi-instance pub/sub.

PostgreSQL is not bundled — point DATABASE_URL at your database.

Configure

Create a .env next to the compose file:

DATABASE_URL=postgres://user:pass@your-db-host:5432/cyborg7
CYBORG7_JWT_SECRET=$(openssl rand -base64 48)
RESEND_API_KEY=...        # signup OTP email (production)
EMAIL_FROM="Cyborg7 <onboarding@yourdomain.com>"
RELAY_PORT=9100

:::danger[Set CYBORG7_JWT_SECRET] The compose file falls back to a publicly-known development default if you don't set this. A reachable relay on the default secret can have its auth tokens forged. Always generate a strong secret (e.g. openssl rand -base64 48) before exposing the relay. :::

Run

cd deploy
docker compose up -d
# relay → http://localhost:9100   (health: GET /api/health)
docker compose logs -f relay

Redis has a healthcheck and the relay waits for it (depends_on: service_healthy). Redis data persists in the redis-data volume.

Going to production

  • Put the relay behind TLS (wss://) via a reverse proxy / load balancer — the daemon/guest sockets should never traverse untrusted networks in the clear.
  • Keep DATABASE_URL pointed at a managed/secured PostgreSQL; never commit credentials.
  • Provide RESEND_API_KEY so signup one-time-codes can be delivered.

The local-daemon mode (agents running on your machine) does not need any of this — see Deployment modes.