> ## Documentation Index
> Fetch the complete documentation index at: https://docs.helicone.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Cloud Deployment

> Set up Helicone on cloud infrastructure. Step-by-step instructions for deploying the LLM observability platform on a single node or Kubernetes cluster in the cloud.

# Running on a single node

Create your node on the cloud. For example, on AWS, you can create an EC2 instance.
Make sure that the instance has enough memory and disk space to run Helicone.
For example, you can use the `m5.xlarge` instance type on AWS.

Recommended Requirements

* 4 vCPUs
* 16 GB RAM
* 100 GB disk space

## Option 1: All-in-One Image (Recommended)

The simplest approach uses the pre-built `helicone-all-in-one` Docker image.

### Within your remote machine

[Install Docker](https://docs.docker.com/engine/install/)

Run the container with your server's public IP:

```bash theme={null}
export PUBLIC_URL="http://YOUR_IP:3000"
export JAWN_URL="http://YOUR_IP:8585"
export S3_URL="http://YOUR_IP:9080"

docker run -d \
  --name helicone \
  -p 3000:3000 \
  -p 8585:8585 \
  -p 9080:9080 \
  -e SITE_URL="$PUBLIC_URL" \
  -e BETTER_AUTH_URL="$PUBLIC_URL" \
  -e BETTER_AUTH_SECRET="$(openssl rand -base64 32)" \
  -e NEXT_PUBLIC_APP_URL="$PUBLIC_URL" \
  -e NEXT_PUBLIC_HELICONE_JAWN_SERVICE="$JAWN_URL" \
  -e NEXT_PUBLIC_IS_ON_PREM=true \
  -e S3_ENDPOINT="$S3_URL" \
  helicone/helicone-all-in-one:latest
```

See the [Docker guide](/getting-started/self-host/docker) for environment variables, user setup, and troubleshooting.

### Adding HTTPS through a reverse proxy (optional)

If you want to serve Helicone through a custom domain with HTTPS, you'll need a reverse proxy. Caddy is one option that provides automatic HTTPS with Let's Encrypt certificates. You can also use nginx, Traefik, or any other reverse proxy.

1. Point a domain to your server's IP (A record), e.g., `helicone-api.yourdomain.com`

2. Install Caddy:

```bash theme={null}
curl -L "https://github.com/caddyserver/caddy/releases/latest/download/caddy_linux_amd64.tar.gz" -o caddy.tar.gz
tar -xzf caddy.tar.gz caddy
sudo mv caddy /usr/local/bin/
sudo chmod +x /usr/local/bin/caddy
```

3. Create `/etc/caddy/Caddyfile`:

```caddyfile theme={null}
helicone-api.yourdomain.com {
    reverse_proxy localhost:8585
}
```

4. Run Caddy:

```bash theme={null}
sudo mkdir -p /var/log/caddy /etc/caddy

sudo tee /etc/systemd/system/caddy.service > /dev/null <<'EOF'
[Unit]
Description=Caddy web server
After=network.target

[Service]
Type=notify
User=root
ExecStart=/usr/local/bin/caddy run --config /etc/caddy/Caddyfile
ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable caddy
sudo systemctl start caddy
```

Now you can access the API via `https://helicone-api.yourdomain.com`.

***

## Option 2: Build from Source

For more control, you can build and run Helicone from source using Docker Compose.

### Within your remote machine

[Install Docker](https://docs.docker.com/engine/install/)

Step 1: Clone the repo

```bash theme={null}
git clone https://github.com/Helicone/helicone.git
```

Step 2: Run docker compose

```bash theme={null}
cd helicone/docker
cp .env.example .env
./helicone-compose.sh helicone up
```

### Accessing via SSH tunnel

Assuming you have your ssh config setup like this:

```
Host helicone
    HostName 1.1.1.1
    User ubuntu
    IdentityFile ~/Desktop/secret.pem
```

Test it by running this command on your localhost:

```bash theme={null}
ssh -N \
  -L 3000:localhost:3000 \
  -L 8989:localhost:8989 \
  -L 8000:localhost:8000 \
  -L 8787:localhost:8787 \
  -L 8788:localhost:8788 \
  helicone
```

Now you can access the Helicone UI at [http://localhost:3000](http://localhost:3000)

You can add users by going here: [http://localhost:8989/project/default/auth/users](http://localhost:8989/project/default/auth/users)
and clicking "Add User".

After you add a user, you can connect to the dashboard at [http://localhost:3000/signin](http://localhost:3000/signin)

The proxy is setup at localhost:8787 for OpenAI.

You can test it works by adding a new key on the [http://localhost:3000](http://localhost:3000) and then running this command on your localhost:

```bash theme={null}
# Test command
curl localhost:8787/helicone/test

# Example log command
curl --request POST \
    --url http://localhost:8787/v1/chat/completions \
    --header "Authorization: Bearer <<YOUR_OPENAI_API_KEY>>" \
    --header "Content-Type: application/json" \
    --header "Helicone-Auth: Bearer <<YOUR_HELICONE_API_KEY>>" \
    --data '{
        "model": "gpt-4o-mini",
        "messages": [
            {
                "role": "system",
                "content": "Say Hello!"
            }
        ],
        "temperature": 1,
        "max_tokens": 30
 }'
```

You should see all the data show up on Helicone.

***

## Production Checklist

The next steps before becoming production ready are:

1. Follow the instructions [here](https://supabase.com/docs/guides/self-hosting/docker#securing-the-dashboard) like

   * Change the default password
   * Add a custom domain
   * Add SSL
   * Add a SMTP server
   * Generate API keys

2. Add a load balancer in front of the server

   * Add HTTPS to web and workers
   * Change public variables for our backend routes. (NEXT\_PUBLIC\_BASE\_PATH, SUPABASE\_PUBLIC\_URL, API\_EXTERNAL\_URL)

3. Add a database backup strategy and change the volume to a persistent volume
