Blog Guide

Self-hosting ReliPay: Docker Compose & Dokploy

8 min read

ReliPay is yours to run. The whole stack — the API, the operator panel, and the database that holds your users and revenue — is a handful of containers you bring up wherever you like: a laptop, a single VPS, or a managed platform. No vendor holds your auth or your billing data. This guide takes you from an empty server to a signed-in operator panel two ways: a one-command Docker Compose boot, and a click-through Dokploy deploy.

What you need

A machine with Docker (or a Dokploy host), a domain you can point at it, and about fifteen minutes. Everything else — Postgres, Redis, the panel — comes up from the compose file in the ReliPay repository.

What you're running

Self-hosted ReliPay is four pieces. Two are ReliPay's — the API and the operator panel — and two are infrastructure it leans on:

  • API (Fastify, port 3030) — every auth, billing, and admin endpoint, plus the operator MCP server.
  • Operator panel (Next.js, port 3031) — the console you sign in to; it talks to the API.
  • PostgreSQL — the source of truth for tenants, applications, users, plans, and payments.
  • Redis — shared rate-limiting and the outbound-webhook queue. Required at boot.
APIFastify · :3030Operator panelNext.js · :3031PostgreSQLsource of truthRedisrate-limit · queue
The self-hosted topology: API + panel containers, backed by Postgres and Redis.

Option A — Docker Compose

The fastest path. Clone the repo, set your secrets, and bring it up.

terminal
git clone https://github.com/relipay-dev/relipay.git
cd relipay
cp .env.example .env

Open .env and set the four values the stack refuses to boot without, plus the public URLs:

.env
# Secrets — generate with: openssl rand -hex 32
JWT_SECRET=...                 # 64 hex chars
ENCRYPTION_KEY=...             # 64 hex chars (encrypts provider credentials)
SUPER_ADMIN_KEY=...            # bootstrap admin credential

# Public origins (what the browser and providers reach)
API_URL=https://api.yourdomain.com
PANEL_URL=https://panel.yourdomain.com
NEXT_PUBLIC_API_URL=https://api.yourdomain.com
CORS_ALLOWED_ORIGINS=https://panel.yourdomain.com

Then bring the whole stack up. The app services live behind a full profile (so a bare docker compose up starts only Postgres + Redis for local dev), so pass it explicitly:

terminal
docker compose --profile full up -d

Compose starts Postgres and Redis, the API runs database migrations automatically on boot, then the API and panel come up. When it settles, the API answers on :3030 and the panel on :3031. Put both behind your reverse proxy / TLS (the next section covers this on Dokploy; with raw Compose, terminate TLS at nginx/Caddy/Traefik).

Don't skip the public URLs

NEXT_PUBLIC_API_URL and PANEL_URL must be the public origins, not in-cluster hostnames. They show up in webhook URLs you paste into Stripe and in the operator-MCP sign-in redirect — an internal host like api:3030 there will silently break both.

Option B — Dokploy

Dokploy is an open-source, self-hostable PaaS — think a Heroku/Vercel you own. It wraps Docker Compose with a UI for domains, TLS, and env vars, so you get one-click HTTPS without hand-writing nginx.

1Fork / clone2Set env + secrets3docker compose up4Point DNS + TLS5Sign in to panel
The deploy, end to end — the same five steps whether you use raw Compose or Dokploy.
  1. In Dokploy, create a project and add a Compose service pointed at your fork of the ReliPay repo (or paste the compose file).
  2. Under Environment, set the same variables as the .env above. Generate the secrets with openssl rand -hex 32 and paste them in — Dokploy stores them encrypted.
  3. Under Domains, add a domain for the API service (e.g. api.yourdomain.com → container port 3030) and one for the panel (panel.yourdomain.com → 3031). Toggle HTTPS on for each; Dokploy provisions Let's Encrypt certificates automatically.
  4. Hit Deploy. Dokploy pulls, builds, runs migrations, and starts the stack. Watch the logs until the API logs server listening.
  5. Open https://panel.yourdomain.com and create your first workspace.

Point DNS first

Add A/AAAA records for both subdomains to your Dokploy host before you deploy, so the automatic certificate challenge can complete on the first try.

First sign-in

The first account you create on a fresh instance becomes the workspace owner. From there it's the same console the hosted plan uses — create an Application, mint API keys, configure auth, and connect a billing provider. The operator-panel walkthrough picks up exactly here.

Going to production

A short checklist before you put real traffic on it:

  • Back up Postgres. It holds everything that matters. Schedule pg_dump (Dokploy has built-in database backups to S3-compatible storage).
  • Keep your secrets. Losing ENCRYPTION_KEY means losing every stored provider credential — it can't be recovered.
  • Use live provider keys in the billing tab, and make sure the webhook URL the panel shows is your public API origin.
  • Set tight CORS_ALLOWED_ORIGINS — only the origins your panel and apps actually use.
  • Run more than one API replica if you need HA — Redis is shared, so rate-limits and the webhook queue work across replicas out of the box.

Where to go next:

Prefer not to run it yourself? Try the hosted plan — same product, we run the infrastructure.