Deployment Guide
Deploy Gryt locally or in production
Deployment options
Desktop App (Embedded Server)
Host a server directly from the Gryt desktop app — one click, no setup, all platforms.
Docker Compose
Fastest way to self-host — pre-built images, no cloning, one command.
Windows (no Docker)
Run on any Windows PC — extract a zip, edit one file, double-click start.
Cloudflare Tunnel
Self-host with automatic HTTPS tunnels — no port forwarding for HTTP.
Monitoring
Optional Prometheus + Grafana stack for metrics and dashboards.
Production requirements
These apply to all deployment methods.
- HTTPS/WSS required — browsers require a secure context for WebRTC microphone access.
- UDP media ports — the SFU needs a dedicated UDP port range reachable from the internet (default
10000-10019/udp). - JWT_SECRET — used by the signaling server for session tokens. Generate with
openssl rand -base64 48.
Quick comparison
| Method | Best for | TLS | Needs open ports? |
|---|---|---|---|
| Embedded (desktop app) | LAN parties, quick hosting, zero setup | N/A (local) | No (LAN only) |
| Docker Compose | Self-hosting on a VPS or bare metal | Add Caddy/Nginx | Yes (443 TCP + UDP) |
| Windows (no Docker) | LAN parties, local teams, Windows PCs | Manual / reverse proxy | Yes |
| Cloudflare Tunnel | Hosting behind NAT / no static IP | Automatic | UDP only |
| Kubernetes (Helm) | Scaled / multi-node clusters | cert-manager | Yes |
Docker Compose (recommended)
Download two files, edit .env, and run docker compose up -d — no repo clone needed:
mkdir gryt && cd gryt
curl -Lo docker-compose.yml https://raw.githubusercontent.com/Gryt-chat/gryt/main/ops/deploy/compose/prod.yml
curl -Lo .env https://raw.githubusercontent.com/Gryt-chat/gryt/main/ops/deploy/compose/.env.example
# Edit .env — at minimum set a real JWT_SECRET:
# openssl rand -base64 48
docker compose up -dSee the full Docker Compose guide for configuration, TLS, upgrades, and production hardening.
Kubernetes (Helm)
helm install gryt ./ops/helm/gryt -f ops/helm/gryt/examples/production-values.yamlAll images are pulled from ghcr.io/gryt-chat/*.
Docker images
All services are published to GitHub Container Registry under the gryt-chat org:
| Service | Image |
|---|---|
| Web Client | ghcr.io/gryt-chat/client |
| Signaling Server | ghcr.io/gryt-chat/server |
| SFU (Media) | ghcr.io/gryt-chat/sfu |
| Landing Site | ghcr.io/gryt-chat/site |
| Documentation | ghcr.io/gryt-chat/docs |
Each image is tagged with latest and semver tags (e.g. 1.2.3, 1.2, 1). Multi-arch builds (amd64 + arm64).
Ports
| Port | Proto | Service |
|---|---|---|
443 | TCP | TLS termination (proxy / tunnel edge) |
443 | UDP | SFU WebRTC media (if using ICE_UDP_MUX_PORT=443) |
3666 | TCP | Web client (dev / direct access) |
5000 | TCP | Signaling server |
5005 | TCP | SFU WebSocket |
10000-10019 | UDP | SFU WebRTC media (if not using UDP mux; must be public) |
Health checks
All services expose a health endpoint:
curl http://localhost:5000/health # server
curl http://localhost:5005/health # sfu
curl http://localhost:3666/health # clientMonitoring
Both Server and SFU expose Prometheus metrics at /metrics. An optional
Prometheus + Grafana stack is included — see the Monitoring guide.
Interested in offering Gryt hosting?
We're looking to partner with hosting and infrastructure providers who want to offer managed Gryt instances to their customers. If you're a server provider interested in adding Gryt to your platform, reach out at [email protected].