Docs preview only — Waypoint is not yet available for self-install.Book an enterprise pilot →

Deployment

Run the Waypoint server with Docker Compose or on a cloud platform.

Environment variables

Before deploying, generate your secrets:

openssl rand -hex 32 # → WAYPOINT_JWT_SECRET
openssl rand -hex 24 # → WAYPOINT_RESET_TOKEN
VariableRequiredDescription
DATABASE_URLYesPostgres connection string. Auto-set by Docker Compose.
WAYPOINT_JWT_SECRETYes32-byte hex secret for signing session cookies.
WAYPOINT_RESET_TOKENRecommendedRecovery token for /api/admin/reset-auth. Set before deploying — it's your fallback if the admin key is ever lost.
WAYPOINT_PUBLICNoSet to "true" for unauthenticated read access (demo mode). Off by default.
PORTNoHTTP port. Defaults to 3000.

Docker Compose

The repository includes a docker-compose.yml with a bundled Postgres container. This is the recommended path for on-premises deployments.

cp .env.example .env
# Edit .env — set:
# POSTGRES_PASSWORD=<openssl rand -hex 16>
# WAYPOINT_JWT_SECRET=<openssl rand -hex 32>
# WAYPOINT_RESET_TOKEN=<openssl rand -hex 24>
docker compose up -d

DATABASE_URL is auto-constructed from POSTGRES_PASSWORD — you do not need to set it separately when using Docker Compose.

The postgres_data named volume persists the database across restarts.

Warning

Store WAYPOINT_RESET_TOKEN somewhere safe (your team's password manager). It's your only way back in if the admin key is ever lost.

Cloud platforms

For cloud deployments, provision an external Postgres instance and set DATABASE_URL directly. See the platform-specific guides:

  • Railway — quickest cloud option, native Postgres add-on
  • Render — similar to Railway, straightforward Docker image deploys
  • Vercel — deploy as a standard Next.js app with external Postgres
  • Netlify — deploy with the Essential Next.js plugin and external Postgres
  • On-premises (Docker) — bare-metal or private cloud with Docker Compose

Health check

All deployments expose GET /api/health — returns 200 OK when the server is up. Use for load-balancer and uptime checks.