Skip to content
Galley beta

Self-host

Runs on a box you own.

One compose file, one wildcard DNS record, and a host with Docker. Source and database snapshots stay on your network. There is no hosted version. Yet.

Why

Why self-hosted.

Teams that want real-database previews usually can't ship that data to a vendor. Self-hosted keeps snapshots, secrets, and build logs on infrastructure you already control. Cost-wise, previews are compute, not seats — a $40 VPS handles a dozen-engineer team.

Requirements

What it needs.

  • One Linux host with Docker. 2 vCPU + 4 GB RAM to start.
  • Wildcard DNS*.preview.yourco.dev pointed at the host.
  • A master key — 32 random bytes. Encrypts secrets. No recovery if lost.

v1 is single-host. Multi-host fleets are roadmap.

Install

Three lines to a working server.

One compose file pulls every control-plane service as a published image. Point a wildcard DNS record at the host and you have previews. 

curl -fsSL https://galley.sh/install/docker-compose.yml -o docker-compose.yml
echo "GALLEY_MASTER_KEY=$(openssl rand -hex 32)" > .env
docker compose up -d
# On a separate host, after generating a token in
# Admin → Agents → New agent.
sudo docker create --name x galleysh/agent:v1
sudo docker cp x:/usr/local/bin/galley-agent /usr/local/bin/
sudo docker rm x
sudo systemctl enable --now galley-agent

Full walk-through with DNS, TLS, and the master key in the quick start docs ↗.

Telemetry

None at all.

No license check, no crash reporting, no usage stats — v1 ships with zero telemetry wired in. Once docker compose up finishes, the server only reaches out to services you point it at (GitHub for repos + webhooks, your DNS provider for ACME challenges, Let's Encrypt for cert issuance). For air-gapped operation, mirror the images into a private registry and front the proxy with your own PKI material; nothing else phones home.

Operations

Upgrades and backups.

Upgrade: docker compose pull + docker compose up -d. Migrations run on boot; agents reconnect. Forward-only — pin a Postgres backup if you need to revert.

Backups: dump Postgres the way you already do — every project, env, audit row, and encrypted secret is in there. Back up the master key separately; without it the ciphertext is unrecoverable.