Deployment
Configure SSL and reverse proxy for your Checkend installation.
Deployment Modes
Checkend supports two deployment modes:
- Direct SSL: Checkend handles SSL certificates automatically using Let's Encrypt via Thruster
- Reverse Proxy: Use your own nginx, Caddy, or other proxy to handle SSL and forward requests to Checkend on port 3000
The deployment mode is configured during setup. When using a reverse proxy, the setup script creates a
compose.override.yml that exposes port 3000.
Direct SSL Mode
For direct SSL mode, set the THRUSTER_TLS_DOMAIN environment variable to your domain. Checkend will automatically provision and renew SSL certificates from Let's Encrypt.
Make sure your domain's DNS is pointing to your server before starting Checkend.
Reverse Proxy Setup
When using a reverse proxy, configure it to forward requests to localhost:3000.
nginx
nginx.conf
server {
listen 443 ssl;
server_name checkend.example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}Caddy
Caddy automatically provisions SSL certificates:
Caddyfile
checkend.example.com {
reverse_proxy localhost:3000
}Switching Modes
To switch between deployment modes, run the setup script again:
Terminal
cd /opt/checkend
./setup.sh # Select your new deployment mode
docker compose up -d --buildDNS Configuration
Make sure your domain's DNS is configured and propagated before deploying. SSL certificate provisioning will fail if the domain doesn't resolve to your server.