> ## Documentation Index
> Fetch the complete documentation index at: https://support.rallly.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Installation

> Install Rallly on your own server.

This guide installs Rallly using the **Rallly CLI**. It bundles the app, a PostgreSQL database, S3-compatible object storage, and an HTTPS reverse proxy — everything runs on one machine with no extra setup. If you'd rather use a managed database or object store, see [External services](#external-services).

<Note>
  Already running Rallly from a hand-edited `docker-compose.yml` or `config.env`? Follow the [upgrade guide](/self-hosting/migration) to move onto the new stack without losing data.
</Note>

## Requirements

* A server with at least **2 GB RAM**
* **Docker 19.03+** with **Compose v2**
* Ports **80** and **443** open on the server (bundled proxy only — see [External reverse proxy](#external-reverse-proxy) if you're bringing your own)
* A domain name with a DNS `A` record pointing to the server's IP
* An **SMTP server** for sending emails (e.g. [Resend](https://resend.com), [Postmark](https://postmarkapp.com), [Mailgun](https://www.mailgun.com), [Brevo](https://www.brevo.com))

<Note>
  Use a transactional email provider. We don't recommend running your own SMTP server — deliverability depends on IP reputation, SPF/DKIM/DMARC, and reverse DNS, which are hard to get right. Consumer inboxes like Gmail or Proton Mail are also a poor fit: they rate-limit automated senders and will eventually block sign-in emails.
</Note>

## Quick install

Run the installer on your server:

```sh theme={null}
curl -fsSL https://get.rallly.co | bash
```

The installer will:

1. Check that Docker and the required ports are available.
2. Download the stack to `/opt/rallly`.
3. Walk you through configuration (domain, support email, SMTP).
4. Generate secure secrets automatically.
5. Start the stack.

On first boot, Traefik will request a Let's Encrypt certificate for your domain. This can take up to a minute. Once it's ready, your instance is available at `https://<your-domain>`.

## Claim the admin account

After the stack is running, the first user whose email matches `INITIAL_ADMIN_EMAIL` can navigate to `/control-panel` and claim the admin role. See the [Control Panel guide](/self-hosting/control-panel) for details.

## External services

The bundled reverse proxy, Postgres database, and object storage containers are the default. You can swap any of them for external providers (your own Nginx/Caddy/Cloudflare Tunnel, managed Postgres, AWS S3, Cloudflare R2, MinIO, etc.) by setting the relevant variables in `.env`. The installer uses Docker Compose profiles to skip any bundled service that has an external endpoint configured, so no stack edits are needed.

### External reverse proxy

Set `PROXY_MODE=external` to disable the bundled Traefik. The `web` container is then published on a host port that your reverse proxy can route to. `WEB_PORT` controls the bind — defaults to `127.0.0.1:3000` (loopback only).

```env theme={null}
PROXY_MODE=external
WEB_PORT=127.0.0.1:3000
```

Your reverse proxy is responsible for terminating TLS and forwarding to `WEB_PORT`. Set `WEB_PORT=0.0.0.0:3000` to expose on all interfaces, or pick a different port if 3000 is in use.

The installer prompts for this during `./rallly.sh setup` — pick option 2 ("external") at the reverse proxy step.

### External database

Set `DATABASE_URL` in `.env` to your Postgres connection string. When this variable is set, the bundled `db` container is not started.

```env theme={null}
DATABASE_URL=postgres://user:password@db.example.com:5432/rallly
```

### External object storage

Set the S3 variables in `.env` to point at your bucket. When `S3_ENDPOINT` is set to anything other than the bundled Garage endpoint, the bundled `garage` container is not started.

```env theme={null}
S3_ENDPOINT=https://s3.us-east-1.amazonaws.com
S3_BUCKET_NAME=my-rallly-bucket
S3_REGION=us-east-1
S3_ACCESS_KEY_ID=...
S3_SECRET_ACCESS_KEY=...
```

Apply changes with `./rallly.sh restart`.

## Next steps

* **[Configuration](/self-hosting/configuration)** — full environment variable reference.
* **[Management](/self-hosting/management)** — updating, backups, and day-to-day operations.
* **[Single Sign-On](/self-hosting/single-sign-on)** — enable Google, Microsoft, or OIDC login.