Crikket
Self-Hosting

Production Setup

Configure domains, TLS, storage, and critical environment variables for production.

Required Environment Variables

Set these in apps/server/.env:

DATABASE_URL
BETTER_AUTH_SECRET
BETTER_AUTH_URL
CORS_ORIGINS
BETTER_AUTH_COOKIE_DOMAIN (required when app and API use different subdomains)
GOOGLE_CLIENT_ID
GOOGLE_CLIENT_SECRET
ENABLE_PAYMENTS (false)
STORAGE_BUCKET
STORAGE_ACCESS_KEY_ID
STORAGE_SECRET_ACCESS_KEY
STORAGE_REGION (required when STORAGE_ENDPOINT is unset)
STORAGE_ENDPOINT (recommended for R2/custom S3 endpoints)

Set these in apps/web/.env:

NEXT_PUBLIC_APP_URL
NEXT_PUBLIC_SERVER_URL

Google OAuth is currently the only login method. Keep GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET configured.

For self-hosting, set ENABLE_PAYMENTS=false and ignore POLAR_*.

Notes:

  • DATABASE_URL is the source of truth for the app.
  • POSTGRES_* vars are only for configuring the bundled Compose Postgres service.
  • Root .env is Docker-only (ports and bundled Postgres init).

These settings are not required for self-hosting, but they are recommended:

CAPTURE_SUBMIT_TOKEN_SECRET
UPSTASH_REDIS_REST_URL
UPSTASH_REDIS_REST_TOKEN
TURNSTILE_SITE_KEY
TURNSTILE_SECRET_KEY

What each one does:

  • CAPTURE_SUBMIT_TOKEN_SECRET enables signed short-lived capture submit tokens.
  • Upstash Redis enables rate limiting and one-time submit token replay protection.
  • Turnstile enables an anti-bot challenge for capture submissions.

Without them, self-hosted instances still work, but capture submission protections are reduced.

Reverse Proxy and HTTPS

Recommended layout:

  • Public traffic -> reverse proxy (80/443)
  • Proxy -> web:3001
  • API reachable via public URL (for example https://api.example.com)

Container routing note:

  • In the default compose file, web and server run as two containers.
  • web shares server networking, so server-side calls to localhost:3000 work without extra internal URL variables.

If using a separate API domain:

NEXT_PUBLIC_SERVER_URL=https://api.example.com
BETTER_AUTH_URL=https://api.example.com
CORS_ORIGINS=https://app.example.com,https://admin.example.com
BETTER_AUTH_COOKIE_DOMAIN=example.com

Storage

  • Cloud storage is mandatory in all environments.
  • Configure STORAGE_BUCKET, STORAGE_ACCESS_KEY_ID, and STORAGE_SECRET_ACCESS_KEY.
  • Use STORAGE_REGION for AWS S3.
  • Use STORAGE_ENDPOINT for Cloudflare R2/custom S3-compatible storage.
  • Set STORAGE_PUBLIC_URL if you want stable public URLs instead of signed URLs.

Data Durability

Compose volume persistence:

  • PostgreSQL data in postgres_data

Also implement off-host backups and periodic restore tests.

Quick Start

Fastest way to run Crikket, including prerequisites and deployment options.

Operations

Operations including updates, backups, monitoring, and runbook commands.

On this page

Required Environment VariablesRecommended SecurityReverse Proxy and HTTPSStorageData Durability