GC
6 min read·Updated 2026-04-12

Deployment

Three ways to run the bot — Docker, Compose, JAR. Docker is the right default. The production checklist covers volumes, auth, TLS, backups, and health.

Three ways to run it

The bot ships three ways: a Docker image, a Docker Compose skeleton, and a standalone JAR. They are three packaging choices around the same process — pick the one that fits how you run things.

Picking one

Docker

The right default. One command, one volume, runs anywhere Docker runs. Start here unless you have a reason not to.

Recommended

Docker Compose

Use it when you also need other containers alongside the bot — LightRAG, a database, anything sidecar. Keeps everything in one file.

Multi-service

JAR

Use it when Docker is not an option — host development, a managed Java service, an air-gapped environment.

Direct

If you do not yet know which you need, use Docker. Move to Compose only when you add a second container. Use the JAR only when Docker is off the table.

Docker Compose example

A working docker-compose.yml
yaml
services:
  golemcore-bot:
    image: ghcr.io/alexk-dev/golemcore-bot:latest
    restart: unless-stopped
    shm_size: 256m
    cap_add:
      - SYS_ADMIN
    environment:
      STORAGE_PATH: /app/workspace
      TOOLS_WORKSPACE: /app/sandbox
    volumes:
      - ./workspace:/app/workspace
      - ./sandbox:/app/sandbox
    ports:
      - "8080:8080"
Start it
bash
docker compose up -d

Production checklist

Before you call a deployment production-ready, walk this list. Every item has bitten real operators; none are optional.

  • Volumes mounted. workspace and sandbox are on a named volume or host mount. Verify with docker inspect golemcore-bot.
  • Admin password rotated. The temporary password from the logs has been replaced via Settings → Security, or BOT_DASHBOARD_ADMIN_PASSWORD is set at container start.
  • Provider keys set through the dashboard. Keys belong in Settings → LLM Providers on the persistent volume — never baked into a custom image.
  • Model router has a balanced model set. At minimum, the balanced tier is pointing at a real model in Settings → Model Router.
  • Browser flags set if you use the browser plugin. --shm-size=256m and --cap-add=SYS_ADMIN are present. Chromium crashes silently without them.
  • Dashboard behind TLS. Do not expose port 8080 directly on the public internet. Put a reverse proxy in front of it that terminates TLS.
  • Workspace volume backed up. Volume snapshots or file-level backup on a schedule.
  • Logs going somewhere. docker logs tailing into your log aggregator.
  • Health endpoint watched. /actuator/health polled by your monitoring system.

What to do next

Configuration

How settings work, why you need a persistent volume, and where to find each setting in the dashboard.

Concept

Troubleshooting

Symptom-to-fix lookup for common deployment problems.

Reference

Related pages

User Guide

Configuration

How settings work, why you need a persistent volume, and where to find each setting in the dashboard.

User Guide

Quickstart

Get GolemCore running on your machine in five minutes: one Docker command, sign in, add a provider key, send a message.