Docker Compose
The fastest way to deploy Auxot with all dependencies:
curl -fsSLO https://get.auxot.com/docker-compose.yml
docker compose up -d
This downloads a production-ready docker-compose.yml that includes Auxot (ghcr.io/auxothq/auxot-server:latest), Postgres 16, and Redis 7. Generate a secret key before starting:
export AUXOT_SECRET_KEY=$(openssl rand -hex 32)
docker compose up -d
Auxot runs migrations automatically on startup. Open http://localhost:8080 to begin the first-run setup.
Production Hardening
For production Docker deployments:
- Use managed Postgres (RDS, Cloud SQL) and Redis (ElastiCache, Memorystore) instead of containerized instances.
- Pin the image tag to a specific version instead of
latest. - Store
AUXOT_SECRET_KEYin a secrets manager (AWS Secrets Manager, Vault). - Put a reverse proxy (nginx, Caddy) in front for TLS termination.
- Set resource limits on the Auxot container.
Systemd Service
For bare-metal or VM deployments, run Auxot as a systemd service.
Install the Binary
Download the binary for your platform from the releases page and place it on your PATH:
wget https://github.com/auxothq/auxot-server/releases/latest/download/auxot-server-linux-amd64
sudo install -m 755 auxot-server-linux-amd64 /usr/local/bin/auxot-server
Note: The quick-start script (
curl https://get.auxot.com/install | sh) deploys Auxot using Docker Compose. For a bare-metal systemd deployment, use the binary download above instead.
Create the Service File
# /etc/systemd/system/auxot.service
[Unit]
Description=Auxot AI Router
After=network.target postgresql.service redis.service
Requires=postgresql.service redis.service
[Service]
Type=simple
User=auxot
Group=auxot
WorkingDirectory=/opt/auxot
EnvironmentFile=/opt/auxot/.env
ExecStart=/usr/local/bin/auxot-server
Restart=always
RestartSec=5
LimitNOFILE=65536
# Security hardening
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/auxot
[Install]
WantedBy=multi-user.target
Enable and Start
sudo useradd --system --home-dir /opt/auxot --create-home auxot
sudo cp /path/to/.env /opt/auxot/.env
sudo chown auxot:auxot /opt/auxot/.env
sudo chmod 600 /opt/auxot/.env
sudo systemctl daemon-reload
sudo systemctl enable auxot
sudo systemctl start auxot
# Check status
sudo systemctl status auxot
sudo journalctl -u auxot -f
Kubernetes
For clusters running Kubernetes 1.25+, deploy Auxot as a Deployment with a Service and Secret.
Secret
Create a Secret with the required environment variables:
# auxot-secret.yaml
# In production, use a secrets operator (External Secrets, Sealed Secrets, etc.)
# instead of checking secrets into version control.
apiVersion: v1
kind: Secret
metadata:
name: auxot
namespace: auxot
stringData:
DATABASE_URL: "postgres://auxot:changeme@postgres:5432/auxot?sslmode=require"
REDIS_URL: "redis://redis:6379"
AUXOT_SECRET_KEY: "replace-with-openssl-rand-hex-32"
kubectl create namespace auxot
kubectl apply -f auxot-secret.yaml
Deployment
# auxot-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: auxot
namespace: auxot
labels:
app: auxot
spec:
replicas: 2
selector:
matchLabels:
app: auxot
template:
metadata:
labels:
app: auxot
spec:
containers:
- name: auxot
# Pin to a specific tag in production (e.g. ghcr.io/auxothq/auxot-server:1.2.0)
image: ghcr.io/auxothq/auxot-server:latest
ports:
- containerPort: 8080
protocol: TCP
envFrom:
- secretRef:
name: auxot
resources:
requests:
cpu: 250m
memory: 256Mi
limits:
cpu: "1"
memory: 512Mi
livenessProbe:
httpGet:
path: /api/health
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /api/health
port: 8080
initialDelaySeconds: 3
periodSeconds: 5
Service
# auxot-service.yaml
apiVersion: v1
kind: Service
metadata:
name: auxot
namespace: auxot
spec:
selector:
app: auxot
ports:
- port: 80
targetPort: 8080
protocol: TCP
Note: This creates a ClusterIP service. Add an Ingress resource or switch to
type: LoadBalancerfor external access.
Apply everything:
kubectl apply -f auxot-deployment.yaml -f auxot-service.yaml
Production Notes
- Use managed databases. Run Postgres and Redis outside the cluster (RDS, Cloud SQL, ElastiCache, Memorystore). In-cluster databases work for testing but lack backup and HA guarantees.
- Multiple replicas are safe. Auxot is stateless — all state lives in Postgres and Redis. Scale the Deployment horizontally as needed.
- GPU workers are separate. Deploy
auxot-workeras a DaemonSet or Deployment on GPU-capable nodes. See GPU Workers → for details. - Air-gapped clusters. Pre-load the Auxot image into your private registry before deploying. See Air-Gapped Installation below.
- Helm chart. A Helm chart is on the roadmap but not yet available. Use the manifests above for now.
Air-Gapped Installation
For environments with no internet access, pre-stage all binaries and models on a transfer machine.
1. Download on an Internet-Connected Machine
# Download the Docker image for air-gapped transfer
docker pull ghcr.io/auxothq/auxot-server:1.2.0
docker save ghcr.io/auxothq/auxot-server:1.2.0 -o auxot-server.tar
# Download the open-source worker binary from GitHub releases
wget https://github.com/auxothq/auxot/releases/latest/download/auxot-worker-linux-amd64
# Download GGUF models
auxot-worker models pull llama-3.3-70b-q4_k_m --download-dir ./models/
2. Transfer to Air-Gapped Network
Copy the binaries and models to the target machines via USB drive, secure file transfer, or whatever mechanism your environment permits:
auxot-server-linux-amd64 → /usr/local/bin/auxot-server
auxot-worker-linux-amd64 → /usr/local/bin/auxot-worker
models/ → ~/.auxot/models/
3. Deploy
On the air-gapped server, follow the same systemd or Docker setup above. The server runs entirely offline — no phone-home for license validation, no external model downloads, no telemetry.
# Verify the installation works offline
auxot-server --version
auxot-worker --type gpu --offline
For Docker air-gapped deployments, load the saved images:
# On air-gapped machine
docker load -i auxot-server.tar