Self-Hosting
h4ckbot is designed to run entirely on your own infrastructure. This page covers production deployment with Docker Compose.
Licence key required
Self-hosting uses the same model that runs on h4ckbot.com. Access is not open — you need an approved licence key before you can run a production instance.
Email artur.chlebicki@volue.com with a brief description of your use case. We reply within a few days.
Prerequisites
- Docker Engine 24+ and Docker Compose v2
- An approved h4ckbot licence key (see above)
- A domain with HTTPS (Nginx Proxy Manager or Caddy recommended)
- At least 2 GB RAM and 10 GB disk
Environment variables
Copy backend/.env.example to backend/.env and fill in:
# Required H4CKBOT_MODEL_KEY=<your-licence-key> SECRET_KEY=<64-char random hex> DATABASE_URL=postgresql+asyncpg://postgres:yourpassword@postgres:5432/pentest_ai # Optional — email verification SMTP_HOST=smtp.example.com SMTP_PORT=587 SMTP_USER=noreply@example.com SMTP_PASSWORD=... EMAIL_FROM=noreply@example.com # Optional — analytics NEXT_PUBLIC_PLAUSIBLE_DOMAIN=your-domain.com
SECRET_KEY
Generate with
python -c "import secrets; print(secrets.token_hex(32))". Rotating this key invalidates all existing sessions.Starting the stack
docker compose up -d docker compose exec backend alembic upgrade head
The first build compiles the Next.js frontend — allow 3–5 minutes.
Reverse proxy (Nginx)
Point your reverse proxy to the frontend container on port 3000. Ensure these headers are forwarded:
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
SSE (streaming chat) requires proxy_buffering off and an elevated proxy_read_timeout (120s+).
Health checks
curl https://your-domain.com/api/health
# → {"status":"ok"}See also
- Configuration reference — all env vars
- Upgrading — safe upgrade procedure