Docker

Use Docker when you want a simple self-hosted deployment on one machine. The container runs the same embedded Lobu app as lobu run: gateway, admin UI/API, embedded agent workers, and migrations in one Node process. Postgres with pgvector is the only required external service.

Images

Public images are published to GitHub Container Registry:

Image	Purpose
`ghcr.io/lobu-ai/lobu-app`	App, API, admin UI, chat gateway, migrations
`ghcr.io/lobu-ai/lobu-worker`	Connector ingestion worker used by the Helm chart
`ghcr.io/lobu-ai/lobu-embeddings`	Embeddings service used by the Helm chart

For a single-host Docker deployment, start with lobu-app.

Run the app container

docker volume create lobu-workspaces

docker run --rm \
  --name lobu \
  -p 8787:8787 \
  -v lobu-workspaces:/app/workspaces \
  -e NODE_ENV=production \
  -e PUBLIC_WEB_URL=https://lobu.example.com \
  -e DATABASE_URL='postgresql://USER:PASSWORD@HOST:5432/lobu?sslmode=require' \
  -e JWT_SECRET='replace-with-a-long-random-value' \
  -e BETTER_AUTH_SECRET='replace-with-a-long-random-value' \
  -e ANTHROPIC_API_KEY='sk-ant-...' \
  ghcr.io/lobu-ai/lobu-app:latest

The container runs database migrations on startup. Set SKIP_MIGRATIONS=1 only when another release step has already run migrations.

Verify

curl http://localhost:8787/health

docker logs -f lobu

Put a reverse proxy or tunnel in front of port 8787 for public webhooks. Set PUBLIC_WEB_URL to the public HTTPS origin so OAuth redirects, invitation links, MCP URLs, and platform webhook URLs use the correct host.

Production notes

Pin timestamp image tags instead of latest for repeatable upgrades.
Store secrets in your host’s secret manager instead of shell history.
Mount /app/workspaces on persistent storage so agent workspaces survive restarts.
Start with WORKER_ALLOWED_DOMAINS="" and explicitly add the domains required by your skills/connectors.

Kubernetes

If you already run Kubernetes, use the Kubernetes Helm chart instead of hand-assembling the three containers.