Docker (cloud relay)
Run the Cyborg7 cloud relay with Docker Compose — relay + Redis, backed by your own PostgreSQL.
The repo ships a deploy/docker-compose.yml that runs the cloud relay — the standalone broker that browser/desktop guests connect to, with no local agents. It brings up the relay and Redis; you supply PostgreSQL (managed or your own) via DATABASE_URL.
Services
- relay — the Hono HTTP + WebSocket gateway (built from
deploy/Dockerfile.relay), listening on:9100. - redis —
redis:7-alpine, used for rate-limit counters, presence TTL, and multi-instance pub/sub.
PostgreSQL is not bundled — point DATABASE_URL at your database.
Configure
Create a .env next to the compose file:
DATABASE_URL=postgres://user:pass@your-db-host:5432/cyborg7
CYBORG7_JWT_SECRET=$(openssl rand -base64 48)
RESEND_API_KEY=... # signup OTP email (production)
EMAIL_FROM="Cyborg7 <onboarding@yourdomain.com>"
RELAY_PORT=9100
:::danger[Set CYBORG7_JWT_SECRET]
The compose file falls back to a publicly-known development default if you don't set this. A reachable relay on the default secret can have its auth tokens forged. Always generate a strong secret (e.g. openssl rand -base64 48) before exposing the relay.
:::
Run
cd deploy
docker compose up -d
# relay → http://localhost:9100 (health: GET /api/health)
docker compose logs -f relay
Redis has a healthcheck and the relay waits for it (depends_on: service_healthy). Redis data persists in the redis-data volume.
Going to production
- Put the relay behind TLS (
wss://) via a reverse proxy / load balancer — the daemon/guest sockets should never traverse untrusted networks in the clear. - Keep
DATABASE_URLpointed at a managed/secured PostgreSQL; never commit credentials. - Provide
RESEND_API_KEYso signup one-time-codes can be delivered.
The local-daemon mode (agents running on your machine) does not need any of this — see Deployment modes.