Deployment | OpenProxy

Option A — Docker Compose (recommended)

Use docker/docker-compose.yml for a one-command production deployment. It includes:

Service	Host port
`server` (Bun backend)	`3888`
`api` (Rust proxy)	`5060`
`web-tenant`	`5090`
`web-admin`	`5091`
`postgres`	internal only

1. Prepare environment file

cp docker/.env.example docker/.env

Edit docker/.env. Required variables:

DATABASE_URL=postgres://user:password@postgres:5432/openproxy
BETTER_AUTH_SECRET=<random 32-byte base64>
BETTER_AUTH_URL=https://your-server-domain/api
BETTER_AUTH_TRUSTED_ORIGINS=https://your-tenant-domain,https://your-admin-domain
RSA_PRIVATE_KEY=<generated with bun scripts/generateRSAKey.ts>
RSA_PUBLIC_KEY=<same generation>

Also add email (RESEND or SMTP), OAuth, SMS, and payment variables as needed.

2. Start

cd docker
docker compose up -d

3. Verify

curl http://localhost:5060/health       # Rust proxy
curl http://localhost:3888/api/health   # Bun server

4. Domain and reverse proxy

Bind domains with Nginx (or any reverse proxy):

server {
	listen 80;
	server_name api.example.com;
	location / {
		proxy_pass http://127.0.0.1:5060;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
	}
}

server {
	listen 80;
	server_name app.example.com;
	location / {
		proxy_pass http://127.0.0.1:5090;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
	}
}

For HTTPS, add ssl_certificate / ssl_certificate_key or use Certbot.

Option B — Manual deployment

PostgreSQL

Provision PostgreSQL 15+ and create a database. Run migrations:

cd apps/server
DATABASE_URL=postgres://... bun run migrate

apps/server (Bun)

cd apps/server
bun install
bun run start   # or use pm2 / systemd

apps/api (Rust)

cd apps/api
cargo build --release
./target/release/api

For production process management use systemd or a container:

# /etc/systemd/system/openproxy-api.service
[Unit]
Description=OpenProxy Rust API
After=network.target

[Service]
EnvironmentFile=/etc/openproxy/api.env
ExecStart=/usr/local/bin/openproxy-api
Restart=always

[Install]
WantedBy=multi-user.target

apps/web (React)

cd apps/web
bun run build:tenant   # outputs to dist/tenant
bun run build:admin    # outputs to dist/admin

Serve the dist/ directories with Nginx or any static file host.

Production checklist

Use HTTPS with valid certificates for all public domains
Set BETTER_AUTH_URL and BETTER_AUTH_TRUSTED_ORIGINS to production URLs
Enable PostgreSQL backups (e.g. pg_dump cron or managed DB snapshot)
Never log RSA_PRIVATE_KEY or plaintext API keys
Use secrets management (e.g. Docker secrets, Vault) rather than plain .env files in production
Configure resource limits (memory, CPU) for the Rust proxy container