Skip to content
Sylo

Self-Hosting

Run Sylo on your own infrastructure. One command, fully self-contained.

Requirements

Section titled “Requirements”
  • A server with Docker installed (any cloud provider or bare metal)
  • A domain name pointed to your server (for automatic TLS)

Quick start

Section titled “Quick start”
Terminal window
git clone https://github.com/runplex/sylo.git
cd sylo/deploy
cp .env.example .env    # set DOMAIN to your domain
./setup.sh              # generates all secrets automatically
docker compose up -d

Your Sylo instance is now running at https://your-domain.com.

Configuration

Section titled “Configuration”

Only DOMAIN is required. All secrets are auto-generated by setup.sh:

Terminal window
# Your domain — Caddy auto-provisions TLS via Let's Encrypt
DOMAIN=sylo.example.com


# Auto-generated by setup.sh (leave empty, or set manually)
ENCRYPTION_KEY=          # 64-char hex, AES-256-GCM for credentials at rest
BETTER_AUTH_SECRET=      # session cookie signing
POSTGRES_PASSWORD=       # Postgres auth
REDIS_PASSWORD=          # Redis auth


# Optional: Google OAuth for dashboard login
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=

What’s inside

Section titled “What’s inside”
docker compose up -d
  ├── caddy       — reverse proxy + auto TLS (Let's Encrypt)
  ├── sylo        — platform API + tunnel server + mitmproxy
  ├── postgres    — session store + audit log
  └── redis       — session cache (fast reads)

Ports

Section titled “Ports”
PortServicePurpose
80CaddyHTTP → HTTPS redirect
443CaddyDashboard + API (TLS)
8443Tunnel serverTunnel connections (own TLS)

Port 8443 is exposed directly (not through Caddy) for the tunnel server.

Google OAuth setup

Section titled “Google OAuth setup”
  1. Go to Google Cloud Console
  2. Create an OAuth 2.0 Client ID
  3. Add https://your-domain.com/auth/callback/google as a redirect URI
  4. Set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET in .env

Data persistence

Section titled “Data persistence”
VolumeStores
postgres-dataSessions, audit logs, credentials, workspaces
redis-dataSession cache (rebuilds from Postgres on restart)
sylo-datamitmproxy CA cert, tunnel server TLS cert, auto-generated secrets
caddy-dataTLS certificates (Let’s Encrypt)

Updating

Section titled “Updating”
Terminal window
cd sylo
git pull
docker compose -f deploy/docker-compose.yml build sylo
docker compose -f deploy/docker-compose.yml up -d sylo

Backup & restore

Section titled “Backup & restore”
Terminal window
# Backup
docker compose exec postgres pg_dump -U postgres sylo > backup.sql


# Restore
docker compose exec -T postgres psql -U postgres sylo < backup.sql

Using your instance

Section titled “Using your instance”

Point the SDK at your domain:

const sylo = new SyloClient({
  apiUrl: "https://sylo.example.com",
  developerSecret: "sylo_sk_...",
});

Sandboxes connect to sylo.example.com:8443 for tunnel mode.