Gryt

Deployment Guide

Deploy Gryt locally or in production

Deployment options

Docker Compose

Fastest way to self-host — pre-built images, no cloning, one command.

Cloudflare Tunnel

Self-host with automatic HTTPS tunnels — no port forwarding for HTTP.

Production requirements

These apply to all deployment methods.

  • HTTPS/WSS required — browsers require a secure context for WebRTC microphone access.
  • UDP media ports — the SFU needs a dedicated UDP port range reachable from the internet (default 10000-10019/udp).
  • JWT_SECRET — used by the signaling server for session tokens. Generate with openssl rand -base64 48.

Quick comparison

MethodBest forTLSNeeds open ports?
Docker ComposeSelf-hosting on a VPS or bare metalAdd Caddy/NginxYes (443 TCP + UDP)
Cloudflare TunnelHosting behind NAT / no static IPAutomaticUDP only
Kubernetes (Helm)Scaled / multi-node clusterscert-managerYes

Download two files and run docker compose up -d — no repo clone needed:

mkdir gryt && cd gryt
curl -LO https://raw.githubusercontent.com/Gryt-chat/gryt/main/docker-compose.yml
curl -LO https://raw.githubusercontent.com/Gryt-chat/gryt/main/.env.example
cp .env.example .env
docker compose up -d

See the full Docker Compose guide for configuration, TLS, upgrades, and production hardening.

Kubernetes (Helm)

helm install gryt ./ops/helm/gryt -f ops/helm/gryt/examples/production-values.yaml

All images are pulled from ghcr.io/gryt-chat/*.

Docker images

All services are published to GitHub Container Registry under the gryt-chat org:

ServiceImage
Web Clientghcr.io/gryt-chat/client
Signaling Serverghcr.io/gryt-chat/server
SFU (Media)ghcr.io/gryt-chat/sfu
Landing Siteghcr.io/gryt-chat/site
Documentationghcr.io/gryt-chat/docs

Each image is tagged with semver (1.0.0, 1.0, 1) and latest. Multi-arch builds (amd64 + arm64).

Ports

PortProtoService
443TCPTLS termination (proxy / tunnel edge)
3666TCPWeb client (dev / direct access)
5000TCPSignaling server
5005TCPSFU WebSocket
10000-10019UDPSFU WebRTC media (must be public)

Health checks

All services expose a health endpoint:

curl http://localhost:5000/health   # server
curl http://localhost:5005/health   # sfu
curl http://localhost:3666/health   # client

Docker Compose

Self-host Gryt with a single docker compose up — no cloning required

On this page

Deployment optionsProduction requirementsQuick comparisonDocker Compose (recommended)Kubernetes (Helm)Docker imagesPortsHealth checks