> ## Documentation Index
> Fetch the complete documentation index at: https://docs.packmind.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Install Packmind on your server

Find how to deploy Packmind using Docker Compose or Kubernetes, and how to customize the setup.

For comprehensive information about security, data ownership, and privacy in self-hosted deployments, please see [Security & Privacy (Self-Hosted)](/security/security-privacy-self-hosted).

## With Docker Compose

For Linux and MacOS users, run this script to create a `./packmind` folder with a Docker Compose setup inside:

```bash theme={null}
mkdir packmind && \
cd packmind && \
curl -fsSL -o install.sh https://raw.githubusercontent.com/PackmindHub/packmind/refs/heads/main/dockerfile/prod/setup-packmind-compose.sh && \
chmod +x install.sh && \
./install.sh
```

Once this command is executed, Packmind is now available at [http://localhost:8081/](http://localhost:8081/), and you can start using it right away.

<Note>
  There are no default credentials. When accessing Packmind for the first time,
  you must complete the sign-up process to create your first organization and
  user account. See [Managing
  Organizations](/administration/manage-organizations) for more details about
  creating and switching organizations.
</Note>

Update later with `docker compose pull && docker compose up -d`.

## With Helm on Kubernetes

Get started on the [Helm Chart GitHub repository](https://github.com/PackmindHub/packmind-ai-helm-chart) to deploy Packmind on Kubernetes.

## Connect your LLM (Optional but important)

Connecting a LLM offers a better experience when distributing your standards and commands in your Git Repositories, while it's *not mandatory* and you can use Packmind without this.

Packmind supports multiple AI providers: **OpenAI**, **Anthropic Claude**, **Google Gemini**, **Azure OpenAI**, and **OpenAI-Compatible** providers. See [LLM Configuration](/administration/llm-configuration) for full details on configuring each provider.

The Docker Compose template includes OpenAI configuration by default. To use Docker Compose with OpenAI, update the `docker-compose.yml` file:

```yaml theme={null}
x-openai-config: &openai-config
  OPENAI_API_KEY: <YOUR_KEY>
```

Restart then with:

```bash theme={null}
docker compose up -d
```

## Add custom CA certificates (Docker Compose)

If your infrastructure uses self-signed certificates or custom Certificate Authorities (CA), you can configure Packmind to trust them:

1. Create a `certs` directory next to your `docker-compose.yml`:

   ```bash theme={null}
   mkdir certs
   ```

2. Place your CA certificate(s) in PEM format as `certs/ca-bundle.pem`:

   ```bash theme={null}
   # For a single certificate
   cp your-ca-cert.pem certs/ca-bundle.pem

   # For multiple certificates, combine them
   cat cert1.pem cert2.pem > certs/ca-bundle.pem
   ```

3. Edit `docker-compose.yml` and uncomment the certificate lines in both `api` and `mcp-server` services:

   ```yaml theme={null}
   api:
     environment:
       NODE_EXTRA_CA_CERTS: /ca-certs/ca-bundle.pem # Uncomment this line
     volumes:
       - ./certs/ca-bundle.pem:/ca-certs/ca-bundle.pem:ro # Uncomment these 2 lines

   mcp-server:
     environment:
       NODE_EXTRA_CA_CERTS: /ca-certs/ca-bundle.pem # Uncomment this line
     volumes:
       - ./certs/ca-bundle.pem:/ca-certs/ca-bundle.pem:ro # Uncomment these 2 lines
   ```

4. Restart the services:
   ```bash theme={null}
   docker compose up -d
   ```

## Enable social login with WorkOS (Optional)

Packmind supports social login via [WorkOS AuthKit](https://workos.com/), allowing users to sign in with Google, Microsoft, or GitHub. To enable it, you need a WorkOS account and the following three environment variables:

* `WORKOS_API_KEY` - Your WorkOS API key
* `WORKOS_CLIENT_ID` - Your WorkOS application Client ID
* `WORKOS_REDIRECT_URI` - The callback URL for OAuth redirects (e.g., `https://your-packmind-instance.com/api/v0/auth/social/callback`)

If you use Docker Compose, add these variables to the `api` section of your `docker-compose.yml`:

```yaml theme={null}
api:
  environment:
    WORKOS_API_KEY: <YOUR_WORKOS_API_KEY>
    WORKOS_CLIENT_ID: <YOUR_WORKOS_CLIENT_ID>
    WORKOS_REDIRECT_URI: https://your-packmind-instance.com/api/v0/auth/social/callback
```

Then restart with:

```bash theme={null}
docker compose up -d
```

Once configured, social login buttons (Google, Microsoft, GitHub) will appear on the sign-in page.

<Warning>
  Social login is a convenience feature that provides additional sign-in methods
  alongside email/password. It is not a full SSO solution: you cannot restrict
  users to a specific social login provider or disable email/password
  authentication in favor of social login only.
</Warning>

## Configure deployment and environment variables

### Override environment variables

#### With Docker Compose

You can override both `api` and `mcp` sections of the `docker-compose.yaml` file.

Here is an example of how to add the `SMTP_FROM` variable to Docker Compose.

```yaml theme={null}
  api:
    image: packmind/api:${PACKMIND_TAG:-latest}
    container_name: packmind-api
    ports:
      - '3000:3000'
    environment:
      <<: [*database-url, *redis-config, *openai-config]
      SMTP_FROM: username@acme.org
```

#### With Helm Chart

Follow the instructions on the [Helm Chart GitHub repository](https://github.com/PackmindHub/packmind-ai-helm-chart) on how the YAML values file.

### List of Environment variables

Database Configuration:

* `DATABASE_URL`️ - PostgreSQL database connection URL used by the API, TypeORM migrations, and data sources

Application URLs & CORS:

* `APP_WEB_URL` - Base URL of the web application, used for generating links in password reset and invitation emails
* `CORS_ORIGINS` - Comma-separated list of allowed origins for CORS (Cross-Origin Resource Sharing) configuration

Redis Configuration:

* `REDIS_URI` - Full Redis connection URI used for caching and SSE (Server-Sent Events) client connections

### SMTP Configuration

* `SMTP_HOST` - SMTP server hostname for sending emails
* `SMTP_PORT` - SMTP server port number
* `SMTP_SECURE` - Whether to use secure connection (TLS/SSL) for SMTP
* `SMTP_USER` - Username for SMTP authentication
* `SMTP_PASSWORD` - Password for SMTP authentication
* `SMTP_FROM` - Default sender email address for outgoing emails
* `SMTP_IS_EXCHANGE_SERVER` - Flag indicating if the SMTP server is a Microsoft Exchange server

Authentication & Security:

* `JWT_SECRET` - Secret key used for signing and verifying JWT tokens for authentication
* `ENCRYPTION_KEY` - Key used for encrypting sensitive data like password reset tokens, invitations, and git provider credentials
* `MAX_LOGIN_ATTEMPTS` - Maximum number of failed login attempts before rate limiting is triggered (defaults to a configured value if not set)
* `LOGIN_BAN_TIME_SECONDS` - Duration (in seconds) for which user will not be allow to try to login again.

Social Login (WorkOS):

* `WORKOS_API_KEY` - API key from your WorkOS dashboard for social login authentication
* `WORKOS_CLIENT_ID` - Client ID of your WorkOS application
* `WORKOS_REDIRECT_URI` - OAuth callback URL, must point to your Packmind instance (e.g., `https://your-packmind-instance.com/api/v0/auth/social/callback`)

API Integration:

* `OPENAI_API_KEY` - API key for accessing OpenAI services for customizing standards and commands for AI Agents.

Rate Limiting:

* `RATE_LIMIT_MAX_REQUESTS` - Maximum number of requests allowed within the rate limit time window (defaults to 100)
* `RATE_LIMIT_TIME_WINDOW` - Time window in milliseconds for rate limiting (defaults to 60000ms / 1 minute)

Monitoring & Debugging:

* `PACKMIND_LOG_LEVEL` - Log level for Packmind logger (e.g., 'debug', 'info', 'warn', 'error')

## Next Steps

After setting up your self-hosted Packmind instance:

1. **[Install the CLI](./gs-cli-setup)** - Set up the Packmind CLI and authenticate with your instance
2. **[Start Onboarding](./gs-onboarding)** - Scan your codebase to create your first standards
