Production Deployment
Run Litefuse in production with Docker Compose. This setup runs only the Litefuse web and worker containers on the host and connects them to your managed Postgres, Redis, object storage, and Doris/SelectDB services.
Before you start, prepare the connection details for your database, cache, object storage, and analytical store. The template below uses placeholders for required values; inject production secrets through .env or a secret manager and do not commit them to source control.
docker-compose.yml
version: "3.9"
services:
litefuse-web:
image: litefuse/litefuse-web:${TAG}
platform: linux/amd64
container_name: litefuse-web
hostname: litefuse-web
env_file:
- .env
ports:
- "${WEB_PORT:-13000}:3000"
extra_hosts:
- "host.docker.internal:host-gateway"
environment: &litefuse-web-env
# Optional outbound proxy. Leave empty if not needed.
NODE_USE_ENV_PROXY: ${NODE_USE_ENV_PROXY:-0}
http_proxy: ${HTTP_PROXY_URL:-}
https_proxy: ${HTTPS_PROXY_URL:-}
HTTP_PROXY: ${HTTP_PROXY_URL:-}
HTTPS_PROXY: ${HTTPS_PROXY_URL:-}
all_proxy: ${ALL_PROXY_URL:-}
NO_PROXY: ${NO_PROXY:-localhost,127.0.0.1,host.docker.internal,litefuse-worker,litefuse-web,postgres,clickhouse,minio,redis,.svc,.local}
no_proxy: ${NO_PROXY:-localhost,127.0.0.1,host.docker.internal,litefuse-worker,litefuse-web,postgres,clickhouse,minio,redis,.svc,.local}
NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
SALT: ${SALT}
ENCRYPTION_KEY: ${ENCRYPTION_KEY}
NEXTAUTH_URL: ${NEXTAUTH_URL}
TELEMETRY_ENABLED: ${TELEMETRY_ENABLED:-false}
LITEFUSE_ENABLE_EXPERIMENTAL_FEATURES: ${LITEFUSE_ENABLE_EXPERIMENTAL_FEATURES:-false}
EMAIL_FROM_ADDRESS: ${EMAIL_FROM_ADDRESS:-}
SMTP_CONNECTION_URL: ${SMTP_CONNECTION_URL:-}
NEXT_PUBLIC_ENABLE_LOGGING: ${NEXT_PUBLIC_ENABLE_LOGGING:-false}
# Optional first-run bootstrap.
LITEFUSE_INIT_ORG_ID: ${LITEFUSE_INIT_ORG_ID:-}
LITEFUSE_INIT_ORG_NAME: ${LITEFUSE_INIT_ORG_NAME:-}
LITEFUSE_INIT_PROJECT_ID: ${LITEFUSE_INIT_PROJECT_ID:-}
LITEFUSE_INIT_PROJECT_NAME: ${LITEFUSE_INIT_PROJECT_NAME:-}
LITEFUSE_INIT_PROJECT_PUBLIC_KEY: ${LITEFUSE_INIT_PROJECT_PUBLIC_KEY:-}
LITEFUSE_INIT_PROJECT_SECRET_KEY: ${LITEFUSE_INIT_PROJECT_SECRET_KEY:-}
LITEFUSE_INIT_USER_EMAIL: ${LITEFUSE_INIT_USER_EMAIL:-}
LITEFUSE_INIT_USER_NAME: ${LITEFUSE_INIT_USER_NAME:-}
LITEFUSE_INIT_USER_PASSWORD: ${LITEFUSE_INIT_USER_PASSWORD:-}
# Managed Postgres.
DATABASE_URL: ${DATABASE_URL}
# Managed Redis.
REDIS_HOST: ${REDIS_HOST}
REDIS_PORT: ${REDIS_PORT:-6379}
REDIS_AUTH: ${REDIS_AUTH}
REDIS_TLS_ENABLED: ${REDIS_TLS_ENABLED:-true}
REDIS_TLS_CA: ${REDIS_TLS_CA:-}
REDIS_TLS_CERT: ${REDIS_TLS_CERT:-}
REDIS_TLS_KEY: ${REDIS_TLS_KEY:-}
# S3-compatible object storage.
LITEFUSE_S3_EVENT_UPLOAD_BUCKET: ${LITEFUSE_S3_EVENT_UPLOAD_BUCKET}
LITEFUSE_S3_EVENT_UPLOAD_REGION: ${LITEFUSE_S3_EVENT_UPLOAD_REGION}
LITEFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID: ${LITEFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID}
LITEFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY: ${LITEFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY}
LITEFUSE_S3_EVENT_UPLOAD_ENDPOINT: ${LITEFUSE_S3_EVENT_UPLOAD_ENDPOINT}
LITEFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE: ${LITEFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE:-false}
LITEFUSE_S3_EVENT_UPLOAD_PREFIX: ${LITEFUSE_S3_EVENT_UPLOAD_PREFIX:-events/}
# Disable ClickHouse because this deployment uses Doris.
CLICKHOUSE_MIGRATION_URL: ${CLICKHOUSE_MIGRATION_URL:-clickhouse://dummy:dummy@localhost:9000}
CLICKHOUSE_URL: ${CLICKHOUSE_URL:-http://localhost:8123}
CLICKHOUSE_USER: ${CLICKHOUSE_USER:-dummy}
CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD:-dummy}
CLICKHOUSE_CLUSTER_ENABLED: ${CLICKHOUSE_CLUSTER_ENABLED:-false}
LITEFUSE_ENABLE_BACKGROUND_MIGRATIONS: ${LITEFUSE_ENABLE_BACKGROUND_MIGRATIONS:-false}
# Doris / SelectDB.
LITEFUSE_ANALYTICS_BACKEND: ${LITEFUSE_ANALYTICS_BACKEND:-doris}
LITEFUSE_AUTO_DORIS_MIGRATION_DISABLED: ${LITEFUSE_AUTO_DORIS_MIGRATION_DISABLED:-false}
DORIS_URL: ${DORIS_URL}
DORIS_FE_HTTP_URL: ${DORIS_FE_HTTP_URL}
DORIS_FE_QUERY_PORT: ${DORIS_FE_QUERY_PORT:-9030}
DORIS_DB: ${DORIS_DB:-litefuse}
DORIS_USER: ${DORIS_USER}
DORIS_PASSWORD: ${DORIS_PASSWORD}
DORIS_MAX_OPEN_CONNECTIONS: ${DORIS_MAX_OPEN_CONNECTIONS:-100}
DORIS_REQUEST_TIMEOUT_MS: ${DORIS_REQUEST_TIMEOUT_MS:-30000}
HOSTNAME: "0.0.0.0"
PORT: "3000"
TZ: ${TZ:-UTC}
restart: always
healthcheck:
test:
[
"CMD",
"wget",
"-Y", "off",
"--no-verbose",
"--tries=1",
"--spider",
"--timeout=10",
"http://127.0.0.1:3000/api/public/health",
]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
litefuse-worker:
image: litefuse/litefuse-worker:${TAG}
platform: linux/amd64
container_name: litefuse-worker
hostname: litefuse-worker
env_file:
- .env
ports:
- "${WORKER_PORT:-3030}:3030"
extra_hosts:
- "host.docker.internal:host-gateway"
environment:
<<: *litefuse-web-env
LITEFUSE_S3_BATCH_EXPORT_ENABLED: ${LITEFUSE_S3_BATCH_EXPORT_ENABLED:-true}
LITEFUSE_S3_BATCH_EXPORT_BUCKET: ${LITEFUSE_S3_BATCH_EXPORT_BUCKET}
LITEFUSE_S3_BATCH_EXPORT_PREFIX: ${LITEFUSE_S3_BATCH_EXPORT_PREFIX:-exports/}
LITEFUSE_S3_BATCH_EXPORT_REGION: ${LITEFUSE_S3_BATCH_EXPORT_REGION}
LITEFUSE_S3_BATCH_EXPORT_ENDPOINT: ${LITEFUSE_S3_BATCH_EXPORT_ENDPOINT}
LITEFUSE_S3_BATCH_EXPORT_EXTERNAL_ENDPOINT: ${LITEFUSE_S3_BATCH_EXPORT_EXTERNAL_ENDPOINT}
LITEFUSE_S3_BATCH_EXPORT_ACCESS_KEY_ID: ${LITEFUSE_S3_BATCH_EXPORT_ACCESS_KEY_ID}
LITEFUSE_S3_BATCH_EXPORT_SECRET_ACCESS_KEY: ${LITEFUSE_S3_BATCH_EXPORT_SECRET_ACCESS_KEY}
LITEFUSE_S3_BATCH_EXPORT_FORCE_PATH_STYLE: ${LITEFUSE_S3_BATCH_EXPORT_FORCE_PATH_STYLE:-false}
restart: always
healthcheck:
test:
[
"CMD-SHELL",
"ps aux | grep 'node worker/dist/index.js' | grep -v grep || exit 1",
]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s.env Template
TAG=26.0.0
WEB_PORT=13000
WORKER_PORT=3030
NEXTAUTH_URL=https://your-litefuse-domain.example.com
NEXTAUTH_SECRET=replace-with-a-long-random-secret
SALT=replace-with-a-long-random-salt
ENCRYPTION_KEY=replace-with-64-character-hex-string
DATABASE_URL=postgresql://<user>:<password>@<postgres-host>:5432/<database>?sslmode=require
REDIS_HOST=<redis-host>
REDIS_PORT=6379
REDIS_AUTH=<redis-password>
REDIS_TLS_ENABLED=true
LITEFUSE_S3_EVENT_UPLOAD_BUCKET=<bucket-name>
LITEFUSE_S3_EVENT_UPLOAD_REGION=<region>
LITEFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID=<access-key-id>
LITEFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY=<access-key-secret>
LITEFUSE_S3_EVENT_UPLOAD_ENDPOINT=https://<object-storage-endpoint>
LITEFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE=false
LITEFUSE_S3_EVENT_UPLOAD_PREFIX=events/
LITEFUSE_S3_BATCH_EXPORT_ENABLED=true
LITEFUSE_S3_BATCH_EXPORT_BUCKET=<bucket-name>
LITEFUSE_S3_BATCH_EXPORT_PREFIX=exports/
LITEFUSE_S3_BATCH_EXPORT_REGION=<region>
LITEFUSE_S3_BATCH_EXPORT_ENDPOINT=https://<object-storage-endpoint>
LITEFUSE_S3_BATCH_EXPORT_EXTERNAL_ENDPOINT=https://<public-object-storage-endpoint>
LITEFUSE_S3_BATCH_EXPORT_ACCESS_KEY_ID=<access-key-id>
LITEFUSE_S3_BATCH_EXPORT_SECRET_ACCESS_KEY=<access-key-secret>
LITEFUSE_S3_BATCH_EXPORT_FORCE_PATH_STYLE=false
DORIS_URL=http://<doris-fe-http-host>:8030
DORIS_FE_HTTP_URL=http://<doris-fe-http-host>:8030
DORIS_FE_QUERY_PORT=9030
DORIS_DB=litefuse
DORIS_USER=<doris-user>
DORIS_PASSWORD=<doris-password>Start and Check
Start the deployment:
docker compose --env-file .env -f docker-compose.yml up -dCheck service status:
docker compose --env-file .env -f docker-compose.yml psCheck the health endpoint:
curl https://your-litefuse-domain.example.com/api/public/healthNotes
- Use HTTPS for
NEXTAUTH_URLin production. - Store
.envoutside version control or in a secret manager. - Keep
NO_PROXYupdated with internal service names and private endpoints that should bypass the outbound proxy. - Use Redis TLS only when your managed Redis instance requires it.
- Keep
LITEFUSE_AUTO_DORIS_MIGRATION_DISABLED=falsewhen you want Litefuse to initialize or migrate Doris automatically.
Was this page helpful?