Quickstart
This guide gets a production-ready Breeze instance running on a single server with automatic TLS.
-
Clone the repository
Terminal window git clone https://github.com/LanternOps/breeze.gitcd breeze -
Create your environment file
Terminal window cp .env.example .env.prodEdit
.env.prodand set the required production values:Terminal window # Domain & TLSBREEZE_DOMAIN=breeze.yourdomain.comACME_EMAIL=admin@yourdomain.com# Generate secrets (run each command, paste output into .env.prod)openssl rand -base64 64 # → JWT_SECRETopenssl rand -hex 32 # → AGENT_ENROLLMENT_SECRETopenssl rand -hex 32 # → APP_ENCRYPTION_KEYopenssl rand -hex 32 # → MFA_ENCRYPTION_KEYopenssl rand -hex 32 # → ENROLLMENT_KEY_PEPPERopenssl rand -hex 32 # → MFA_RECOVERY_CODE_PEPPERopenssl rand -hex 32 # → METRICS_SCRAPE_TOKENopenssl rand -hex 32 # → SESSION_SECRET# DatabasePOSTGRES_PASSWORD=<strong-password># MonitoringGRAFANA_ADMIN_PASSWORD=<strong-password># API URLPUBLIC_API_URL=https://breeze.yourdomain.com/api/v1 -
Install dependencies
Terminal window pnpm install -
Deploy
Terminal window ./scripts/prod/deploy.sh .env.prodThis single command:
- Validates all required environment variables
- Starts PostgreSQL and Redis, waits for readiness
- Runs database migrations
- Builds and starts the API, web dashboard, and Caddy reverse proxy
- Provisions a TLS certificate from Let’s Encrypt
- Starts the monitoring stack (Prometheus, Grafana, Loki)
- Runs health checks to verify the deployment
-
Verify
Open
https://breeze.yourdomain.comin your browser. You should see the Breeze login page.Check the API health endpoint:
Terminal window curl https://breeze.yourdomain.com/health# {"status":"ok"}
What’s Running
After deployment, these containers are active:
| Container | Port | Purpose |
|---|---|---|
breeze-caddy | 80, 443 | Reverse proxy + auto-TLS |
breeze-api | 3001 (internal) | Hono API server |
breeze-web | 4321 (internal) | Astro SSR dashboard |
breeze-postgres | 5432 (localhost) | PostgreSQL 16 database |
breeze-redis | 6379 (localhost) | Redis 7 (BullMQ + caching) |
breeze-prometheus | 9090 (localhost) | Metrics collection |
breeze-grafana | 3000 (localhost) | Dashboards |
breeze-loki | 3100 (localhost) | Log aggregation |
Next: Enroll Your First Agent
Download and install the Breeze agent on a device:
# On the target device:curl -fsSL https://breeze.yourdomain.com/api/v1/agents/install.sh | \ BREEZE_SERVER=https://breeze.yourdomain.com \ BREEZE_ENROLLMENT_SECRET=<your-enrollment-secret> \ bashSee Agent Installation for detailed instructions per platform.