On-prem model
DeployDock is self-hosted: you operate PostgreSQL, Redis, the API process, the worker process, and the static or dev UI.
In this page
Processes
| Process | Notes |
|---|---|
| API | NestJS; listens on PANEL_API_PORT (default 4000). |
| Worker | BullMQ consumer on queue panel. |
| UI | Vite in dev; nginx serving apps/web/dist in prod Docker sample. |
Filesystem conventions
Installer skeleton targets /opt/deploy-dock with config under /etc/deploy-dock/api.env. Application trees default under PANEL_APPS_ROOT (/var/www/deploy-dock-apps unless overridden).
Hardening
- Restrict management ports to trusted networks.
- Rotate
JWT_ACCESS_SECRETandPANEL_SECRETS_KEY. - Run worker with least privilege on the host; review
@deploydock/command-runnerallowlists before enabling destructive adapters.
See monorepo README Roadmap for fleet/enterprise features still in later phases.