Engineering Guides
Software DevelopmentCloud EngineeringAI Engineering (soon)
Deployment

Kamal Configuration

Configure Kamal deployment YAML and secrets for Hetzner deployment.

When to use this page

  • You already installed Kamal locally.
  • You are ready to configure deployment files before first deploy.

Preflight checks

  • Confirm SSH works to your server:
ssh root@<server-ip>
  • Confirm you are in app root where config/deploy.yml exists.

App config file

Create or update:

  • config/deploy.yml

Example config/deploy.yml

Use this as a starting point and replace values for your project:

service: example-app

image: example-app

builder:
  arch: amd64

registry:
  server: localhost:5555

servers:
  web:
    - 159.69.223.212

ssh:
  user: root

proxy:
  hosts:
    - app.example.com
  ssl: true
  app_port: 3000
  healthcheck:
    path: /healthz
    interval: 10
    timeout: 3

env:
  clear:
    NODE_ENV: production
    PORT: 3000
    REDIS_URL: redis://example-app-redis:6379
  secret:
    - DATABASE_URL

accessories:
  redis:
    image: redis:7-alpine
    host: 159.69.223.212
    port: 6379
    cmd: redis-server --appendonly yes
    directories:
      - /mnt/main-volume/example-app/redis-data:/data
  postgres:
    image: postgres:16
    host: 159.69.223.212
    port: 5432
    env:
      clear:
        POSTGRES_DB: example_app_production
        POSTGRES_USER: example
      secret:
        - POSTGRES_PASSWORD
    directories:
      - /mnt/main-volume/example-app/postgres-data:/var/lib/postgresql/data
  db_backup:
    image: eeshugerman/postgres-backup-s3:16
    host: 159.69.223.212
    env:
      clear:
        SCHEDULE: "@daily"
        BACKUP_KEEP_DAYS: 7
        S3_REGION: nbg1
        S3_ENDPOINT: https://nbg1.your-objectstorage.com
        S3_BUCKET: <your-existing-bucket>
        S3_PREFIX: backups
        POSTGRES_HOST: example-app-postgres
        POSTGRES_DATABASE: example_app_production
        POSTGRES_USER: example
      secret:
        - POSTGRES_PASSWORD
        - S3_ACCESS_KEY_ID
        - S3_SECRET_ACCESS_KEY

S3_BUCKET should point to any existing bucket in your S3-compatible storage.

Secrets file

Create .kamal/secrets:

POSTGRES_PASSWORD=...
DATABASE_URL=postgres://example:...@example-app-postgres:5432/example_app_production
S3_ACCESS_KEY_ID=...
S3_SECRET_ACCESS_KEY=...

One-time setup commands

kamal setup
kamal accessory boot redis
kamal accessory boot postgres
kamal accessory boot db_backup

Verify

  • Proxy is up and app endpoint resolves.
  • Accessories are running:
kamal accessory details redis
kamal accessory details postgres
kamal accessory details db_backup

Server Setup

Minimal host preparation for Kamal and accessories.

Manual Deployment

Deploy directly from your machine with Kamal.

On this page

When to use this pagePreflight checksApp config fileExample config/deploy.ymlSecrets fileOne-time setup commandsVerify