Deploying Braintrust with Docker
This guide walks through the process of deploying Braintrust through Docker. Broadly, we support two configurations:
- API (recommended): deploys the data plane through docker. If you choose this option, then all your data will be stored in the docker containers, and our servers will never be able to access it. However, you'll still be able to visit Braintrust through https://braintrustdata.com, and your browser will communicate with the API server running in docker directly. This is analogous to the self-hosted AWS configuration.
- Full: a heavier-weight configuration that deploys the entire Braintrust application (data plane and control plane) in a standalone fashion, including the API, web app, and auxiliary services. You almost certainly do not want this; however, we recognize that there are certain scenarios which require the utmost isolation and offer it as needed upon request. Please reach out to support for more information about the "full deployment" mode.
The files necessary for launching the API deployment are hosted on GitHub. The repository contains a docker compose configuration file for the API deployment. If needed, you may customize the environment variables in the compose file to suit your deployment needs. Although the deployment uses Docker compose, in practice, you only need to deploy 1-2 containers and so you can deploy it however you'd like (on an instance, using Kubernetes, etc.).
To get started, just pull down the deployment repo and launch Braintrust!
API configuration
To launch the API configuration:
The services can be shutdown with docker compose
as well:
Once you have started the docker containers, navigate to the API URL section of the settings page. Enter the URL of your server in the "API URL" section. The docker server defaults to http://localhost:8000
, which will work as long as the browser is running on the same machine as the API server. The external port can be configured by adjusting the first value of the port mapping in the compose file.
If the browser is successfully able to connect to your server, you should see the message "API ping successful". At this point, you should be able to use Braintrust as usual!
If this is your first time using Braintrust, you may want to go through the quickstart guide next.
Setting up HTTPS
If you wish to deploy the API server to a non-localhost URL, it will need to be exposed on an HTTPS endpoint. A common way to accomplish this is to obtain an SSL certificate for your domain, and forward traffic to your API server using a reverse proxy, such as nginx.
Deploying other services
In addition to the API server, you may also deploy the realtime service through docker. The realtime server transfers end-to-end encrypted user data using a key that's only available to the data plane. Self-hosting may be desirable to have complete control over these services and ensure that sensitive data in any form goes through only your own servers.
The realtime service is bundled in the full configuration, and you can include
it in the API configuration with minor modifications. The modified
docker-compose.api.yml
might look as follows:
If you are deploying the realtime service on a different machine, make sure to
adjust the URL set on the braintrust-standalone-api
service accordingly.
Finally, point the webapp to your realtime URL in the API URLs page .
You will want to use the publicly-accessible form of the URL, rather than the
docker-accessible form, so make sure to substitute host.docker.internal
with
localhost
if that applies.
The proxy is now bundled into the API, so you do not need to deploy it as a separate service, as long as your API is at least version 0.0.51.
If you wish to deploy more services yourself, such as the webapp, you will likely want to switch to the full configuration.
Detailed reference
To see a full list of the containers and environment variables you can configure, see the docker-compose.api.yml file in the braintrust-deployment repository.
Troubleshooting
The state of the Braintrust deployment is fully managed on docker. Therefore, if something is not running as expected, you should be able to inspect the container, either by dumping its logs or opening up a shell inside the container to poke around. For instance, after launching the API configuration, you should see three containers:
You can dump the logs of the API container using docker logs [CONTAINER ID]
,
or spawn a shell inside the container using docker exec -it [CONTAINER ID] bash
.
For further questions, feel free to reach out at
support@braintrust.dev.