11---
22sidebar_position : 3
3- title : " Self-Hosting RushDB"
3+ title : ' Self-Hosting RushDB'
44description : Deploy RushDB on your own infrastructure with Docker Compose, connect your own Neo4j instance, and configure embedding support.
55tags : [Deployment, Self-Hosted, Docker]
66---
77
8- import Tabs from ' @site/src/components/LanguageTabs' ;
9- import TabItem from ' @theme/TabItem' ;
8+ import Tabs from ' @site/src/components/LanguageTabs'
9+ import TabItem from ' @theme/TabItem'
1010
1111# Self-Hosting RushDB
1212
@@ -38,12 +38,12 @@ services:
3838 NEO4J_AUTH : neo4j/rushdb-password
3939 NEO4JLABS_PLUGINS : ' ["apoc"]'
4040 ports :
41- - " 7474:7474" # Neo4j browser (optional)
42- - " 7687:7687" # Bolt protocol
41+ - ' 7474:7474' # Neo4j browser (optional)
42+ - ' 7687:7687' # Bolt protocol
4343 volumes :
4444 - neo4j_data:/data
4545 healthcheck :
46- test : [" CMD-SHELL", " wget -qO- http://localhost:7474 || exit 1" ]
46+ test : [' CMD-SHELL', ' wget -qO- http://localhost:7474 || exit 1' ]
4747 interval : 10s
4848 retries : 10
4949
@@ -56,7 +56,7 @@ services:
5656 volumes :
5757 - pg_data:/var/lib/postgresql/data
5858 healthcheck :
59- test : [" CMD-SHELL", " pg_isready -U rushdb" ]
59+ test : [' CMD-SHELL', ' pg_isready -U rushdb' ]
6060 interval : 5s
6161 retries : 10
6262
@@ -68,14 +68,14 @@ services:
6868 postgres :
6969 condition : service_healthy
7070 ports :
71- - " 3000:3000"
71+ - ' 3000:3000'
7272 environment :
73- RUSHDB_SELF_HOSTED : " true"
73+ RUSHDB_SELF_HOSTED : ' true'
7474 RUSHDB_LOGIN : admin
7575 RUSHDB_PASSWORD : change-me-in-production
7676
7777 # Encryption key — must be exactly 32 characters
78- RUSHDB_AES_256_ENCRYPTION_KEY : " 32-char-key-change-in-production"
78+ RUSHDB_AES_256_ENCRYPTION_KEY : ' 32-char-key-change-in-production'
7979
8080 # Neo4j
8181 NEO4J_URL : bolt://neo4j:7687
@@ -90,7 +90,12 @@ services:
9090 RUSHDB_EMBEDDING_BASE_URL : https://api.openai.com/v1
9191 RUSHDB_EMBEDDING_API_KEY : sk-...
9292 RUSHDB_EMBEDDING_MODEL : text-embedding-3-small
93- RUSHDB_EMBEDDING_DIMENSIONS : " 1536"
93+ RUSHDB_EMBEDDING_DIMENSIONS : ' 1536'
94+
95+ # Relationship suggestions (optional — remove these 3 lines to disable AI relationship patterns)
96+ RUSHDB_LLM_BASE_URL : https://api.openai.com/v1
97+ RUSHDB_LLM_API_KEY : sk-...
98+ RUSHDB_LLM_MODEL : gpt-4.1-mini
9499
95100volumes :
96101 neo4j_data :
@@ -113,12 +118,12 @@ If you already have Neo4j running (or an Aura instance), skip the `neo4j` servic
113118rushdb :
114119 image : rushdb/rushdb:latest
115120 ports :
116- - " 3000:3000"
121+ - ' 3000:3000'
117122 environment :
118- RUSHDB_SELF_HOSTED : " true"
123+ RUSHDB_SELF_HOSTED : ' true'
119124 RUSHDB_LOGIN : admin
120125 RUSHDB_PASSWORD : change-me-in-production
121- RUSHDB_AES_256_ENCRYPTION_KEY : " 32-char-key-change-in-production"
126+ RUSHDB_AES_256_ENCRYPTION_KEY : ' 32-char-key-change-in-production'
122127
123128 # Point at your existing Neo4j / Aura instance
124129 NEO4J_URL : bolt+s://xxxxxxxx.databases.neo4j.io:7687
@@ -137,34 +142,37 @@ See [Connecting an Aura Instance](./connect-aura-instance.mdx) for the full BYOC
137142
138143### Required
139144
140- | Variable | Default in image | Description |
141- |---| ---| ---|
142- | ` RUSHDB_SELF_HOSTED` | `true` | Must be `"true"` to enable self-hosted mode and create the default admin account |
143- | `RUSHDB_LOGIN` | `admin` | Dashboard login username |
144- | `RUSHDB_PASSWORD` | `password` | Dashboard login password — **change this** |
145- | `RUSHDB_AES_256_ENCRYPTION_KEY` | `32SymbolStringForTokenEncryption` | Exactly 32-character key used to encrypt API tokens at rest — **change this** |
146- | `NEO4J_URL` | — | Bolt URL of your Neo4j instance |
147- | `NEO4J_USERNAME` | `neo4j` | Neo4j username |
148- | `NEO4J_PASSWORD` | `password` | Neo4j password |
149- | `SQL_DB_URL` | — | PostgreSQL connection string |
150- | `SQL_DB_TYPE` | `postgres` | Database driver — only `postgres` supported |
145+ | Variable | Default in image | Description |
146+ | ------------------------------- | ---------------------------------- | -------------------------------------------------------------------------------- |
147+ | ` RUSHDB_SELF_HOSTED` | `true` | Must be `"true"` to enable self-hosted mode and create the default admin account |
148+ | `RUSHDB_LOGIN` | `admin` | Dashboard login username |
149+ | `RUSHDB_PASSWORD` | `password` | Dashboard login password — **change this** |
150+ | `RUSHDB_AES_256_ENCRYPTION_KEY` | `32SymbolStringForTokenEncryption` | Exactly 32-character key used to encrypt API tokens at rest — **change this** |
151+ | `NEO4J_URL` | — | Bolt URL of your Neo4j instance |
152+ | `NEO4J_USERNAME` | `neo4j` | Neo4j username |
153+ | `NEO4J_PASSWORD` | `password` | Neo4j password |
154+ | `SQL_DB_URL` | — | PostgreSQL connection string |
155+ | `SQL_DB_TYPE` | `postgres` | Database driver — only `postgres` supported |
151156
152157# ## Optional
153158
154- | Variable | Default | Description |
155- |---|---|---|
156- | `RUSHDB_PORT` | `3000` | Port the API server listens on |
157- | `RUSHDB_SERVE_STATIC` | `true` | Serve the built dashboard from the same process |
158- | `RUSHDB_EMBEDDING_BASE_URL` | `https://api.openai.com/v1` | Base URL of any OpenAI-compatible embeddings endpoint |
159- | `RUSHDB_EMBEDDING_API_KEY` | — | Bearer token for the embedding provider |
160- | `RUSHDB_EMBEDDING_MODEL` | — | Model identifier (e.g. `text-embedding-3-small`). **Omit to disable vector indexes entirely** |
161- | `RUSHDB_EMBEDDING_DIMENSIONS` | — | Must match the model's actual output dimensions |
162- | `RUSHDB_EMBEDDING_BATCH_SIZE` | `500` | Records per embedding backfill batch |
163- | `RUSHDB_EMBEDDING_MAX_RUNTIME_MS` | `50000` | Max ms the backfill scheduler spends per index per tick |
164- | `RUSHDB_PAGINATION_DEFAULT_LIMIT` | `100` | Default page size when `limit` is not specified in a search query |
165- | `RUSHDB_PAGINATION_MAX_LIMIT` | `1000` | Maximum allowed `limit` value — requests above this are clamped |
166- | `RATE_LIMITER_REQUESTS_LIMIT` | `100` | Max requests per time window |
167- | `RATE_LIMITER_TTL` | `1000` | Rate limiter window in milliseconds |
159+ | Variable | Default | Description |
160+ | --------------------------------- | --------------------------- | ------------------------------------------------------------------------------------------------- |
161+ | `RUSHDB_PORT` | `3000` | Port the API server listens on |
162+ | `RUSHDB_SERVE_STATIC` | `true` | Serve the built dashboard from the same process |
163+ | `RUSHDB_EMBEDDING_BASE_URL` | `https://api.openai.com/v1` | Base URL of any OpenAI-compatible embeddings endpoint |
164+ | `RUSHDB_EMBEDDING_API_KEY` | — | Bearer token for the embedding provider |
165+ | `RUSHDB_EMBEDDING_MODEL` | — | Model identifier (e.g. `text-embedding-3-small`). **Omit to disable vector indexes entirely** |
166+ | `RUSHDB_EMBEDDING_DIMENSIONS` | — | Must match the model's actual output dimensions |
167+ | `RUSHDB_EMBEDDING_BATCH_SIZE` | `500` | Records per embedding backfill batch |
168+ | `RUSHDB_EMBEDDING_MAX_RUNTIME_MS` | `50000` | Max ms the backfill scheduler spends per index per tick |
169+ | `RUSHDB_LLM_BASE_URL` | `https://api.openai.com/v1` | Base URL of any OpenAI-compatible chat completions endpoint for relationship suggestions |
170+ | `RUSHDB_LLM_API_KEY` | — | Bearer token for the LLM provider. **Omit to disable relationship pattern suggestions** |
171+ | `RUSHDB_LLM_MODEL` | — | Chat model identifier (e.g. `gpt-4.1-mini`). **Omit to disable relationship pattern suggestions** |
172+ | `RUSHDB_PAGINATION_DEFAULT_LIMIT` | `100` | Default page size when `limit` is not specified in a search query |
173+ | `RUSHDB_PAGINATION_MAX_LIMIT` | `1000` | Maximum allowed `limit` value — requests above this are clamped |
174+ | `RATE_LIMITER_REQUESTS_LIMIT` | `100` | Max requests per time window |
175+ | `RATE_LIMITER_TTL` | `1000` | Rate limiter window in milliseconds |
168176
169177---
170178
@@ -267,7 +275,7 @@ rushdb:
267275 image: rushdb/rushdb:latest
268276 environment:
269277 SQL_DB_TYPE: sqlite
270- SQL_DB_PATH: /data/rushdb.db # optional — defaults to ./rushdb.db
278+ SQL_DB_PATH: /data/rushdb.db # optional — defaults to ./rushdb.db
271279 # ...other vars
272280 volumes:
273281 - rushdb_data:/data
@@ -295,15 +303,15 @@ docker exec rushdb rushdb update-password admin@example.com newsecurepassword456
295303
296304# # Production hardening checklist
297305
298- | Item | Action |
299- |---| ---|
300- | `RUSHDB_PASSWORD` | Set a strong password — never leave `password` |
301- | `RUSHDB_AES_256_ENCRYPTION_KEY` | Generate a random 32-character string |
302- | Neo4j password | Change from the Compose default |
303- | TLS | Terminate TLS at a reverse proxy (nginx, Caddy, Traefik) in front of port 3000 |
304- | Postgres | Back up the `rushdb` Postgres database — it stores projects, tokens, and billing records |
305- | Neo4j | Enable Neo4j backups for your graph data |
306- | Embedding key | Rotate the embedding provider API key independently of the RushDB key |
306+ | Item | Action |
307+ | ------------------------------- | ---------------------------------------------------------------------------------------- |
308+ | `RUSHDB_PASSWORD` | Set a strong password — never leave `password` |
309+ | `RUSHDB_AES_256_ENCRYPTION_KEY` | Generate a random 32-character string |
310+ | Neo4j password | Change from the Compose default |
311+ | TLS | Terminate TLS at a reverse proxy (nginx, Caddy, Traefik) in front of port 3000 |
312+ | Postgres | Back up the `rushdb` Postgres database — it stores projects, tokens, and billing records |
313+ | Neo4j | Enable Neo4j backups for your graph data |
314+ | Embedding key | Rotate the embedding provider API key independently of the RushDB key |
307315
308316---
309317
0 commit comments