Skip to main content
Self-hosting gives you the full roz server — REST API, gRPC sessions, persistent storage, and multi-user access — running on your own infrastructure. This guide covers the minimal setup with Docker Compose and the manual steps if you prefer to run each component separately.

Prerequisites

  • Docker and Docker Compose v2+
  • Rust 1.92+ (only if building from source outside Docker)
  • A configured LLM provider API key (see Local Mode for options)

Docker Compose

The fastest way to self-host is with Docker Compose. This starts the roz server, Postgres 16, NATS with JetStream, and Restate (for durable task workflows) in a single stack.
Restate is an open-source (Apache-2.0) durable execution engine. roz uses it for reliable task lifecycle management. It runs as a single Docker container with no external dependencies.
Start the stack:

Database Setup

If you are running Postgres outside Docker (or need to run migrations manually), use sqlx:
Migrations are in the migrations/ directory. Every table has Row Level Security (RLS) enabled — tenant isolation is enforced at the database layer.

Create Your First API Key

After the server is running and migrations are applied, create an API key. You can do this with SQL:
Or use the CLI:
API keys use the scheme roz_sk_<random> and are passed as Authorization: Bearer <key>. Keys do not expire by default — they remain valid until explicitly revoked.

Environment Variables

VariableRequiredDefaultDescription
DATABASE_URLYesPostgres connection string
NATS_URLYesNATS server URL
ROZ_API_URLNohttp://localhost:8080Public-facing URL for the API
RUST_LOGNoinfoLog level filter
PORTNo8080HTTP/gRPC listen port

Health Check

Verify the server is running:
A healthy response returns HTTP 200. The /health endpoint does not require authentication.

gRPC

REST and gRPC are multiplexed on the same port. The server routes requests by Content-Type header — requests with application/grpc go to the tonic gRPC handler, everything else goes to the axum REST router. gRPC requires HTTP/2. If you are running behind a reverse proxy, make sure it supports HTTP/2 end-to-end. gRPC reflection is enabled. You can inspect available services with grpcurl:
The gRPC session protocol follows this flow:
  1. StartSession — server responds with SessionStarted
  2. UserMessage — server streams TextDelta chunks, ends with TurnComplete
  3. RegisterTools — register MCP tools mid-session

Building from Source

If you prefer to build the server binary directly:
The binary is at target/release/roz-server. Run it with the environment variables above.

Next Steps