Self-Hosting

Run Orion on your own infrastructure. You need Node.js 18+, PostgreSQL 14+, and optionally Docker.

Quick start with Docker

git clone https://github.com/your-org/orion
cd orion/orion-api
cp .env.example .env
# Fill in your .env values (see below)
docker compose up -d

Environment variables

All variables are required unless marked optional.

Database

DB_HOST=localhost
DB_PORT=5432
DB_NAME=orion
DB_USER=orion
DB_PASSWORD=your-password

Server

PORT=3001
NODE_ENV=production
APP_URL=https://api.example.com
FRONTEND_URL=https://app.example.com
WEBSITE_URL=https://example.com
ALLOWED_ORIGINS=https://app.example.com,https://example.com
JWT_EXPIRES_IN=7d

WebAuthn (passkeys)

RP_ID=app.example.com         # Must match your frontend domain exactly
RP_NAME=Orion

Email (Resend)

RESEND_API_KEY=re_...
RESEND_FROM_EMAIL=noreply@example.com

Stripe (optional — billing)

STRIPE_SECRET_KEY=sk_live_...
STRIPE_WEBHOOK_SECRET=whsec_...
STRIPE_PRO_PRICE_ID=price_...

WebSocket

WS_BASE_URL=wss://api.example.com

Manual setup

1. PostgreSQL

Create the database and user:

CREATE DATABASE orion;
CREATE USER orion WITH PASSWORD 'your-password';
GRANT ALL PRIVILEGES ON DATABASE orion TO orion;

2. Generate RSA keys

The API uses asymmetric JWTs. Generate keys before first start:

cd orion-api
npm run generate-keys

This writes keys/private.pem and keys/public.pem.

3. Install and start

cd orion-api
npm install
npm run build
npm start

The API runs on port 3001. The database schema is created automatically on first start.

4. Frontend

cd orion-web
npm install
npm run build
npm start   # port 3000

Reverse proxy (nginx)

server {
    listen 443 ssl;
    server_name api.example.com;

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

The Upgrade/Connection headers are required for WebSocket support.

Background jobs

Two cron jobs run automatically within the API process:

  • alerts.cron.ts — Evaluates alert rules and dispatches notifications
  • retention.cron.ts — Deletes logs older than the project's retention period

No external queue or worker process is needed.

Production checklist

  • [ ] NODE_ENV=production
  • [ ] RSA keys generated and stored securely (not in source control)
  • [ ] PostgreSQL with regular backups
  • [ ] ALLOWED_ORIGINS set to your exact frontend domains
  • [ ] RP_ID matches your frontend domain exactly (WebAuthn requirement)
  • [ ] TLS/HTTPS on all public endpoints
  • [ ] Stripe webhook endpoint registered if billing is enabled