Deployment
Run the Waypoint server with Docker Compose or on a cloud platform.
Environment variables
Before deploying, generate your secrets:
openssl rand -hex 32 # → WAYPOINT_JWT_SECRETopenssl rand -hex 24 # → WAYPOINT_RESET_TOKEN| Variable | Required | Description |
|---|---|---|
DATABASE_URL | Yes | Postgres connection string. Auto-set by Docker Compose. |
WAYPOINT_JWT_SECRET | Yes | 32-byte hex secret for signing session cookies. |
WAYPOINT_RESET_TOKEN | Recommended | Recovery token for /api/admin/reset-auth. Set before deploying — it's your fallback if the admin key is ever lost. |
WAYPOINT_PUBLIC | No | Set to "true" for unauthenticated read access (demo mode). Off by default. |
PORT | No | HTTP port. Defaults to 3000. |
Docker Compose
The repository includes a docker-compose.yml with a bundled Postgres container. This is the recommended path for on-premises deployments.
cp .env.example .env# Edit .env — set:# POSTGRES_PASSWORD=<openssl rand -hex 16># WAYPOINT_JWT_SECRET=<openssl rand -hex 32># WAYPOINT_RESET_TOKEN=<openssl rand -hex 24>
docker compose up -dDATABASE_URL is auto-constructed from POSTGRES_PASSWORD — you do not need to set it separately when using Docker Compose.
The postgres_data named volume persists the database across restarts.
Warning
Store WAYPOINT_RESET_TOKEN somewhere safe (your team's password manager). It's your only way back in if the admin key is ever lost.
Cloud platforms
For cloud deployments, provision an external Postgres instance and set DATABASE_URL directly. See the platform-specific guides:
- Railway — quickest cloud option, native Postgres add-on
- Render — similar to Railway, straightforward Docker image deploys
- Vercel — deploy as a standard Next.js app with external Postgres
- Netlify — deploy with the Essential Next.js plugin and external Postgres
- On-premises (Docker) — bare-metal or private cloud with Docker Compose
Health check
All deployments expose GET /api/health — returns 200 OK when the server is up. Use for load-balancer and uptime checks.