Docker Deployment
Deploy MindRoom using Docker for simple, containerized deployments.
Quick Start
MindRoom ships as a single runtime container that serves:
- the bot orchestrator
- the dashboard UI at
http://localhost:8765 - the dashboard API at
http://localhost:8765/api - the OpenAI-compatible API at
http://localhost:8765/v1
Run it with:
docker run -d \
--name mindroom \
-p 8765:8765 \
-v ./config.yaml:/app/config.yaml:ro \
-v ./mindroom_data:/app/mindroom_data \
--env-file .env \
ghcr.io/mindroom-ai/mindroom:latest
Docker Compose
Create a docker-compose.yml:
services:
mindroom:
image: ghcr.io/mindroom-ai/mindroom:latest
container_name: mindroom
restart: unless-stopped
ports:
- "8765:8765"
volumes:
- ./config.yaml:/app/config.yaml:ro
- ./mindroom_data:/app/mindroom_data
env_file:
- .env
environment:
- MINDROOM_STORAGE_PATH=/app/mindroom_data
- LOG_LEVEL=${LOG_LEVEL:-INFO}
- MATRIX_HOMESERVER=${MATRIX_HOMESERVER}
# Optional: for self-signed certificates
# - MATRIX_SSL_VERIFY=false
# Optional: override server name for federation
# - MATRIX_SERVER_NAME=example.com
Run with:
Environment Variables
Key environment variables (set in .env or pass directly):
| Variable | Description | Default |
|---|---|---|
MATRIX_HOMESERVER |
Matrix server URL | http://localhost:8008 |
MATRIX_SSL_VERIFY |
Verify SSL certificates | true |
MATRIX_SERVER_NAME |
Server name for federation (optional) | - |
MINDROOM_STORAGE_PATH |
Data storage directory | Relative to config file |
LOG_LEVEL |
Logging level | INFO |
MINDROOM_LOGGER_LEVELS |
Optional per-logger overrides, for example mindroom:DEBUG,httpx:WARNING,httpcore:WARNING,anthropic:INFO,nio:WARNING; set nio.crypto:WARNING to inspect Matrix crypto decrypt warnings |
- |
MINDROOM_CONFIG_PATH |
Path to config.yaml | ./config.yaml, then ~/.mindroom/config.yaml |
ANTHROPIC_API_KEY |
Anthropic API key (if using Claude models) | - |
OPENAI_API_KEY |
OpenAI API key (if using OpenAI models) | - |
MINDROOM_PORT |
Port used by Google OAuth callback URL construction and deployment tooling. Does not change the API server bind port — use mindroom run --api-port for that |
8765 |
MINDROOM_API_KEY |
API key for dashboard auth (standalone) | - (open access) |
To change the API server port or bind address, pass --api-port or --api-host to the mindroom run command.
For example, add command: ["mindroom", "run", "--api-port", "9000"] to the Docker Compose service.
Streaming responses are configured in config.yaml via defaults.enable_streaming (default: true).
If MINDROOM_API_KEY is set, the browser dashboard will prompt for the key via a same-origin login page before loading the UI.
Building from Source
Build from the repository root:
The Dockerfile uses a multi-stage build with uv for dependency management and runs as a non-root user (UID 1000).
A Dockerfile.mindroom-minimal variant is also available, which builds a smaller image without pre-installed tool extras -- useful for sandbox runners.
With Local Matrix
For development, run MindRoom alongside a local Matrix server:
# Start Matrix (Synapse + Postgres + Redis)
cd local/matrix && docker compose up -d
# Verify Matrix is running
curl -s http://localhost:8008/_matrix/client/versions
# Start MindRoom using the docker-compose.yml you created above
docker compose up -d
The local Matrix stack includes:
- Synapse: Matrix homeserver on port 8008
- PostgreSQL: Database backend
- Redis: Caching layer
If you're running the backend on the host (not in Docker), you can use mindroom local-stack-setup to start Synapse + MindRoom Cinny and persist local Matrix env vars automatically:
Health Checks
The container exposes a health endpoint on port 8765:
Data Persistence
MindRoom stores data in the mindroom_data directory:
sessions/- Per-agent conversation history (SQLite)learning/- Per-agent Agno Learning state (SQLite, persistent across restarts)chroma/- ChromaDB vector store for agent/team memoriesknowledge_db/- Knowledge base vector storesculture/- Shared culture statetracking/- Response tracking to avoid duplicatescredentials/- Synchronized secrets from.envlogs/- Application logsmatrix_state.yaml- Matrix connection stateencryption_keys/- Matrix E2EE keys (if enabled)
Sandbox Proxy Isolation
When configured, coding, docker, file, python, and shell tool calls can be proxied to a separate sandbox-runner sidecar container.
The sidecar runs the same image but without access to secrets, credentials, or the primary data volume.
This provides real process-level isolation for code-execution tools.
In a simple local static-runner install with no proxy URL, execution tools continue to run in the MindRoom process.
When routing is explicitly requested or a dedicated worker backend is configured, misconfigured worker routing fails closed instead of silently falling back to the primary runtime.
See Sandbox Proxy Isolation for full documentation including Docker Compose examples, Kubernetes shared-sidecar and dedicated-worker modes, host-machine-with-container mode, credential leases, and environment variable reference.
Tip
For production, use a reverse proxy (Traefik, Nginx) in front of the MindRoom container when you want TLS, host routing, or additional auth layers. See local/instances/deploy/docker-compose.yml for an example with Traefik labels.