Docker

Deploy to Hetzner

Copy page

Deploy to Hetzner with Docker Compose

Create a server

  • Create a server, recommended size is at least CPX32 (4 VCPUS, 8 GB RAM, >100 GB Storage)
  • Select Ubuntu 24.04 Image
  • Create an inbound firewall rule to allow TCP ports: 3000, 3002, 3003, 3050, 3051, and 3080. These are the ports exposed by the Inkeep services.

Install Docker Compose

  1. SSH into the server as root

  2. Set up Docker's apt repository

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
  1. Install the Docker packages
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Deploy SigNoz and Nango

Clone this repo, which includes Docker files with SigNoz and Nango:

git clone https://github.com/inkeep/agents-optional-local-dev inkeep-external-services
cd inkeep-external-services

Run this command to autogenerate a .env file from the template .env.docker.example:

./scripts/generate-env-from-example.sh

Nango requires a NANGO_ENCRYPTION_KEY. Once you create this, it cannot be edited.

Here's an overview of the important environment variables when deploying to production. Make sure to review all of these in your .env file.

NANGO_ENCRYPTION_KEY=<REPLACE_WITH_NANGO_ENCRYPTION_KEY>
SIGNOZ_TOKENIZER_JWT_SECRET=<REPLACE_WITH_SIGNOZ_TOKENIZER_JWT_SECRET>

# Replace these with your <vm_ip> in production!
NANGO_SERVER_URL=http://<vm_ip>:3050
NANGO_PUBLIC_CONNECT_URL=http://<vm_ip>:3051

# Modify these in production environments!
NANGO_DASHBOARD_USERNAME=admin@example.com
NANGO_DASHBOARD_PASSWORD=<REPLACE_WITH_NANGO_DASHBOARD_PASSWORD>

Build and deploy SigNoz, Nango, OTEL Collector, and Jaeger:

docker compose up -d

This may take up to 5 minutes to start.

Retrieve your SigNoz and Nango API Keys

To get your SigNoz API key SIGNOZ_API_KEY:

  • Open SigNoz in a browser at http://<vm_ip>:3080
  • On first login, you will be prompted to create an admin account.
  • Navigate to Settings → Account Settings → API Keys → New Key
  • Choose a role, Viewer is sufficient for observability
  • Set the expiration field to "No Expiry" to prevent the key from expiring
Note
Note

By default, the retention period for conversation data and traces is set to 15 days. To set a longer retention period, navigate to the General tab on the Settings page in SigNoz.

To get your Nango secret key NANGO_SECRET_KEY:

  • Open Nango in a browser at http://<vm_ip>:3050
  • Nango auto-creates two environments, Prod and Dev. Select the one you will use.
  • Navigate to Environment Settings to find the secret key

Deploy the Inkeep Agent Framework

From the root directory, create a new project directory for the Docker Compose setup for the Inkeep Agent Framework

mkdir inkeep && cd inkeep
wget https://raw.githubusercontent.com/inkeep/agents/refs/heads/main/docker-compose.yml
wget https://raw.githubusercontent.com/inkeep/agents/refs/heads/main/.env.docker.example

Generate a .env file from the example:

cp .env.docker.example .env && \
\
  # Core secrets
  inkeep_agents_manage_ui_password=$(openssl rand -base64 8) && \
  inkeep_agents_run_api_bypass_secret=$(openssl rand -base64 32) && \
  inkeep_agents_jwt_signing_secret=$(openssl rand -base64 32) && \
  better_auth_secret=$(openssl rand -base64 32) && \
  spicedb_preshared_key=$(openssl rand -base64 32) && \
  jwt_tmp_priv=$(mktemp) && \
  jwt_tmp_pub=$(mktemp) && \
  openssl genrsa -out "$jwt_tmp_priv" 2048 2>/dev/null && \
  openssl rsa -in "$jwt_tmp_priv" -pubout -out "$jwt_tmp_pub" 2>/dev/null && \
  inkeep_agents_temp_jwt_private_key=$(base64 -i "$jwt_tmp_priv" | tr -d '\n') && \
  inkeep_agents_temp_jwt_public_key=$(base64 -i "$jwt_tmp_pub" | tr -d '\n') && \
  rm -f "$jwt_tmp_priv" "$jwt_tmp_pub" && \
  tmp_file=$(mktemp) && \
  sed \
    -e "s|<REPLACE_WITH_INKEEP_AGENTS_MANAGE_UI_PASSWORD>|$inkeep_agents_manage_ui_password|" \
    -e "s|<REPLACE_WITH_INKEEP_AGENTS_RUN_API_BYPASS_SECRET>|$inkeep_agents_run_api_bypass_secret|" \
    -e "s|<REPLACE_WITH_INKEEP_AGENTS_JWT_SIGNING_SECRET>|$inkeep_agents_jwt_signing_secret|" \
    -e "s|<REPLACE_WITH_BETTER_AUTH_SECRET>|$better_auth_secret|" \
    -e "s|<REPLACE_WITH_SPICEDB_PRESHARED_KEY>|$spicedb_preshared_key|" \
    -e "s|<REPLACE_WITH_INKEEP_AGENTS_TEMP_JWT_PRIVATE_KEY>|$inkeep_agents_temp_jwt_private_key|" \
    -e "s|<REPLACE_WITH_INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY>|$inkeep_agents_temp_jwt_public_key|" \
    .env > "$tmp_file" && \
  mv "$tmp_file" .env && \
  echo "✅ Docker .env created with autogenerated secrets."

Here's an overview of the important environment variables when deploying to production. Make sure to review all of these in your .env file.

ENVIRONMENT=production

# (1) AI Provider Keys (you need at least one)
ANTHROPIC_API_KEY=
OPENAI_API_KEY=
GOOGLE_GENERATIVE_AI_API_KEY=
AZURE_API_KEY=

# (2) From Nango dashboard at http://<vm_ip>:3050
NANGO_SECRET_KEY=

# (3) From SigNoz dashboard at http://<vm_ip>:3080
SIGNOZ_API_KEY=

# (4) Set these for the Manage UI at http://<vm_ip>:3000
PUBLIC_INKEEP_AGENTS_API_URL=http://<vm_ip>:3002
PUBLIC_NANGO_SERVER_URL=http://<vm_ip>:3050
PUBLIC_NANGO_CONNECT_BASE_URL=http://<vm_ip>:3051
PUBLIC_SIGNOZ_URL=http://<vm_ip>:3080

# (5) Set these for Agents API
INKEEP_AGENTS_MANAGE_UI_URL=http://<vm_ip>:3000
INKEEP_AGENTS_API_URL=http://<vm_ip>:3002
INKEEP_AGENTS_RUN_API_BYPASS_SECRET=<REPLACE_WITH_INKEEP_AGENTS_RUN_API_BYPASS_SECRET>
Tip
Tip

For long-running agents or custom deployment requirements, you can override runtime limits like execution timeouts, maximum transfers, and generation steps. See Configure Runtime Limits for examples and the complete list of overridable settings.

Run with Docker:

docker compose up -d

Then open http://<vm_ip>:3000 in a browser!

Upgrading

Upgrading the Inkeep Agent Platform

To upgrade the Inkeep Agent Platform to the latest version, run the following commands:

cd inkeep
docker compose down
wget -O docker-compose.yml https://raw.githubusercontent.com/inkeep/agents/main/docker-compose.yml
docker compose pull
docker compose up -d --remove-orphans

These commands replace your Docker Compose file with the latest version, pull any newer image versions, and restart all the services. Existing database data is preserved, but there will be downtime while the services restart.

To clean up old unused Docker images and free disk space:

docker image prune -a

Upgrading SigNoz and Nango

To upgrade Signoz and Nango, run the following commands:

cd inkeep-external-services
git pull
docker compose down
docker compose pull
docker compose up -d --remove-orphans

These commands pull the latest changes from the repository (including the Docker Compose file), pull any newer image versions, and restart all the services. Existing database data is preserved, but there will be downtime while the services restart.

To clean up old unused Docker images and free disk space:

docker image prune -a

GCP Compute Engine

Deploy to GCP Compute Engine with Docker Compose

Custom Image

How to build your own Docker images

On this page

Create a server
Install Docker Compose
Deploy SigNoz and Nango
Retrieve your SigNoz and Nango API Keys
Deploy the Inkeep Agent Framework
Upgrading
Upgrading the Inkeep Agent Platform
Upgrading SigNoz and Nango