Self-Hosting
Run the open-source Lux runtime on your own infrastructure. Same core system as Lux Cloud, with full operational control.
When to self-host
Self-host Lux when you want full control over deployment, data location, networking, and operations. Use Lux Cloud when you want the fastest managed path. The point is choice, not lock-in.
Docker
Quick run
docker run -d \
--name lux -p 6379:6379 -v lux-data:/data -e LUX_PASSWORD=changeme -e LUX_SAVE_INTERVAL=60 ghcr.io/lux-db/lux:latestDocker Compose
services:
lux:
image: ghcr.io/lux-db/lux:latest
ports:
- "6379:6379"
volumes:
- lux-data:/data
environment:
LUX_PASSWORD: changeme
LUX_DATA_DIR: /data
LUX_SAVE_INTERVAL: 60
LUX_MAXMEMORY: 512mb
restart: unless-stopped
volumes:
lux-data:Binary
Build from source with Rust 1.75+ when you want to run or modify Lux directly:
git clone https://github.com/lux-db/lux.git
cd lux
cargo build --release
./target/release/luxConfiguration
All configuration is done through environment variables. No config files needed.
| Variable | Default | Description |
|---|---|---|
LUX_PORT | 6379 | Port to listen on |
LUX_PASSWORD | none | Require AUTH for all connections. Strongly recommended in production. |
LUX_RESTRICTED | false | Disable dangerous commands (FLUSHALL, FLUSHDB, DEBUG, CONFIG SET) |
LUX_HTTP_PORT | disabled | Enable the HTTP API and app auth routes on a separate port |
LUX_AUTH_ENABLED | false | Create auth tables and expose /auth/v1 routes |
LUX_AUTH_PUBLISHABLE_KEY | generated | Browser-safe key for app auth HTTP requests |
LUX_AUTH_SECRET_KEY | generated | Server/admin key for auth configuration and trusted requests |
LUX_DATA_DIR | ./data | Directory for persistence snapshots |
LUX_SAVE_INTERVAL | 300 | Snapshot interval in seconds. Set to 0 to disable persistence. |
LUX_SHARDS | auto | Number of data shards. Defaults to CPU count for optimal parallelism. |
LUX_MAXMEMORY | 0 (unlimited) | Max memory limit (e.g. 256mb, 1gb) |
LUX_MAXMEMORY_POLICY | noeviction | Eviction policy when memory limit is reached |
Persistence
Lux persists data using periodic snapshots written to LUX_DATA_DIR. The snapshot interval is controlled by LUX_SAVE_INTERVAL (in seconds). Data is serialized in a compact binary format and reloaded automatically on startup.
For Docker deployments, always mount a volume to /data to ensure snapshots survive container restarts.
Security
Set LUX_PASSWORD to require authentication. Clients must send AUTH password before any other command.
Enable LUX_RESTRICTED=true in production to disable destructive commands like FLUSHALL and CONFIG SET.
docker run -d \
-p 6379:6379 -e LUX_PASSWORD=your-strong-password -e LUX_RESTRICTED=true ghcr.io/lux-db/lux:latestApp Auth
App auth is optional. Enable it when you want Lux to manage users, sessions, OAuth identities, and JWTs for an application.
It is separate from LUX_PASSWORD, which still protects direct database access.
docker run -d \
-p 6379:6379 -p 8080:8080 -e LUX_HTTP_PORT=8080 -e LUX_AUTH_ENABLED=true -e LUX_AUTH_PUBLISHABLE_KEY=lux_pub_local -e LUX_AUTH_SECRET_KEY=lux_sec_local ghcr.io/lux-db/lux:latestAuth stores state in reserved tables such as auth.users, auth.identities, auth.sessions, auth.keys, and auth.providers.
Configure OAuth providers through the admin auth API using the secret key.
Memory Management
Set LUX_MAXMEMORY to cap memory usage. When the limit is reached, the behavior depends on LUX_MAXMEMORY_POLICY:
| Policy | Behavior |
|---|---|
noeviction | Return errors on writes when memory is full (default) |
allkeys-lru | Evict least recently used keys from all keys |
volatile-lru | Evict least recently used keys that have a TTL set |
allkeys-random | Evict random keys from all keys |
volatile-random | Evict random keys that have a TTL set |