More Docker. Easy Access. New Streamlined Plans. Learn more.
server logo

temporalio/server

Verified Publisher

By Temporal Technologies Inc

Updated about 2 months ago

Workflow as Code (TM) to build and operate resilient applications

Image
11

10M+

This is the Temporal Server image, which is intended to be deployed into a production environment to connect to an external database -- one of Cassandra (default), MySQL, or PostgreSQL. To deploy Temporal with a preconfigured database, refer to the auto-setup image.

Temporal also optionally also supports Elasticsearch for visibility.

For more sample docker-compose files, refer to the docker-compose Github repository.

You can also Sign up for Temporal Cloud, ask questions in our community Slack, schedule time with an expert, or dive into our documentation.

To configure this deployment, refer to this list of environment variables:

General Environment Variables
NameDescriptionDefault Value
DBSpecifies the type of database you're connecting to. Allowed values are cassandra, mysql8, and postgres12.cassandra
Cassandra Environment Variables
NameDescriptionDefault Value
KEYSPACESpecifies the name of your Cassandra keyspace.temporal
CASSANDRA_SEEDSSpecifies your Cassndra hostname.unset
CASSANDRA_PORTSpecifies the port to connect to Cassandra on.9042
CASSANDRA_USERSpecifies your Cassandra username.unset
CASSANDRA_PASSWORDSpecifies your Cassandra password.unset
CASSANDRA_TLS_ENABLEDSpecifies whether you are using TLS to connect to Cassandra.false
CASSANDRA_CERTSpecifies the path to your Cassandra security certificate, if you are using TLS.unset
CASSANDRA_CERT_DATAAllows you to pass a Cassandra security certificate as an object rather than a file path.unset
CASSANDRA_CERT_KEYSpecifies the path to your Cassandra security certificate key, if you are using TLS.unset
CASSANDRA_CERT_KEY_DATAAllows you to pass a Cassandra security certificate key as an object rather than a file path.unset
CASSANDRA_CASpecifies the path to your Cassandra security certificate authority, if needed.unset
CASSANDRA_CA_DATAAllows you to pass a Cassandra security certificate authority as an object rather than a file path.unset
CASSANDRA_HOST_VERIFICATIONSpecifies whether Cassandra should perform host key verification.false
CASSANDRA_HOST_NAMESpecifies the hostname of your Cassandra DB.unset
CASSANDRA_ADDRESS_TRANSLATORCassandra drivers have an AddressTranslator interface that can translate IP addresses received from Cassandra nodes into locally queriable addresses.unset
CASSANDRA_ADDRESS_TRANSLATOR_OPTIONSAllows you to specify AddressTranslator optionsunset
MySQL/PostgreSQL Environment Variables
NameDescriptionDefault Value
DBNAMESpecifies the name of your MySQL / Postgres database.temporal
VISIBILITY_DBNAMESpecifies the name of your MySQL / Postgres visibility database, separate from the main Temporal database.temporal_visibility
VISIBILITY_DB_PORTSpecifies the port to connect to MySQL/PostgrSQL on for your visibility database.3306 for MySQL, 5432 for Postgres
VISIBILITY_MYSQL_SEEDSSpecifies your MySQL hostname for your visibility database.unset
VISIBILITY_MYSQL_USERSpecifies your MySQL username for your visibility database.unset
VISIBILITY_MYSQL_PWDSpecifies your MySQL password for your visibility database.unset
VISIBILITY_POSTGRES_SEEDSSpecifies your PostgreSQL hostname for your visibility database.unset
VISIBILITY_POSTGRES_USERSpecifies your PostgreSQL username for your visibility database.unset
VISIBILITY_POSTGRES_PWDSpecifies your PostgreSQL password for your visibility database.unset
DB_PORTSpecifies the port to connect to MySQL/PostgreSQL on.3306 for MySQL, 5432 for Postgres
MYSQL_SEEDSSpecifies your MySQL hostname.unset
MYSQL_USERSpecifies your MySQL username.unset
MYSQL_PWDSpecifies your MySQL password.unset
MYSQL_TX_ISOLATION_COMPATEnables compatibility with pre-5.7.20 MySQL installations, if needed.false
SQL_VIS_MAX_CONNSThis variables specifies the maximum allowed active connections to your visibility database.10
SQL_VIS_MAX_IDLE_CONNSThis variables specifies the maximum allowed idle connections to your visibility database.10
SQL_VIS_MAX_CONN_TIMESpecifies how long connections to your visibility database are allowed to remain open.1h
SQL_MAX_CONNSThis variables specifies the maximum allowed active database connections.20
SQL_MAX_IDLE_CONNSThis variables specifies the maximum allowed idle database connections.20
SQL_MAX_CONN_TIMESpecifies how long connections to your database are allowed to remain open.1h
SQL_TLS_ENABLEDThis variale specifies whether you use TLS to connect to your SQL database.false
SQL_CASpecifies the path to your SQL security certificate authority, if needed.unset
SQL_CERTSpecifies the path to your SQL security certificate, if needed.unset
SQL_CERT_KEYSpecifies the path to your SQL security certificate key, if needed.unset
SQL_HOST_VERIFICATIONSpecifies whether your SQL database connection should perform hostname verification.false
SQL_HOST_NAMESpecifies which hostname your database connection should validate against when using TLS.unset
POSTGRES_SEEDSSpecifies your Postgres hostname.unset
POSTGRES_USERSpecifies your PostgreSQL username.unset
POSTGRES_PWDSpecifies your PostgreSQL password.unset
POSTGRES_TLS_ENABLEDSpecifies whether you are using TLS to connect to Postgres.false
POSTGRES_TLS_DISABLE_HOST_VERIFICATIONSpecifies whether Postgres should skip host key verification (e.g. if you can't easily verify server certs when using Amazon RDS).false
POSTGRES_TLS_CERT_FILESpecifies the path to your Postgres security certificate, if you are using TLS.unset
POSTGRES_TLS_KEY_FILESpecifies the path to your Postgres security certificate key, if you are using TLS.unset
POSTGRES_TLS_CA_FILESpecifies the path to your Postgres security certificate authority, if needed.unset
POSTGRES_TLS_SERVER_NAMESpecifies the host of your Postgres TLS server, if needed.unset
Elasticsearch Environment Variables
NameDescriptionDefault Value
ENABLE_ESSpecifies whether you are using Elasticsearch.false
ES_SCHEMESpecifies how you are connecting to Elasticsearch. Allowed values are http and https.http
ES_SEEDSSpecifies a comma-separated list of Elasticsearch nodes.unset
ES_PORTSpecifies the port to connect to Elasticsearch on.9200
ES_USERSpecifies your Elasticsearch username.unset
ES_PWDSpecifies your Elasticsearch password.unset
ES_VERSIONSpecifies your Elasticsearch version.v7
ES_VIS_INDEXSpecifies the name of your Elasticsearch index.temporal_visibility_v1_dev
ES_SEC_VIS_INDEXSpecifies the name of your secondary visibility Elasticsearch index.unset
Server Configuration Environment Variables
NameDescriptionDefault Value
BIND_ON_IPSpecifies the IP address that the Temporal frontend service should be available on.127.0.0.1 / localhost
TEMPORAL_BROADCAST_ADDRESSNeeds to be specified when the IP Address used by connecting clients is different than your BIND_ON_IP, such as when you are listening on 0.0.0.0 or using a proxy IP address.unset
PPROF_PORTIf specified, will initialize pprof upon process start on the listed port.0
TEMPORAL_TLS_REFRESH_INTERVALSpecifies how often to refresh TLS certificates.0s
TEMPORAL_TLS_EXPIRATION_CHECKS_CHECK_INTERVALSpecifies how often TLS certificates should be checked for expiration.0s
TEMPORAL_TLS_EXPIRATION_CHECKS_WARNING_WINDOWSpecifies the window within which pending TLS expiration should trigger a warning.0s
TEMPORAL_TLS_EXPIRATION_CHECKS_ERROR_WINDOWSpecifies the window within which pending TLS expiration should throw an error.0s
TEMPORAL_TLS_REQUIRE_CLIENT_AUTHSpecifies whether Temporal clients (including all Workers, CLI and SDK code) are required to authenticate via TLS.false
TEMPORAL_TLS_SERVER_CERTSpecifies the path to your Temporal security certificate, if you are using TLS.unset
TEMPORAL_TLS_SERVER_CERT_DATAAllows you to pass a Temporal security certificate as an object rather than a file path.unset
TEMPORAL_TLS_SERVER_KEYSpecifies the path to your Temporal security certificate key, if you are using TLS.unset
TEMPORAL_TLS_SERVER_KEY_DATAAllows you to pass a Temporal security certificate key as an object rather than a file path.unset
TEMPORAL_TLS_SERVER_CA_CERTSpecifies the path to your Temporal security certificate authority, if needed.unset
TEMPORAL_TLS_SERVER_CA_CERT_DATAAllows you to pass a Temporal security certificate authority as an object rather than a file path.unset
TEMPORAL_TLS_INTERNODE_DISABLE_HOST_VERIFICATIONSpecifies whether Temporal should skip host key verification when connecting to an internode (e.g., the history or matching services).false
TEMPORAL_TLS_INTERNODE_SERVER_NAMESpecifies which hostname your internode connection should validate against when using TLS.unset
TEMPORAL_TLS_FRONTEND_CERTSpecifies the path to your frontend security certificate, if you are using TLS.unset
TEMPORAL_TLS_FRONTEND_CERT_DATAAllows you to pass a frontend security certificate as an object rather than a file path.unset
TEMPORAL_TLS_FRONTEND_KEYSpecifies the path to your frontend security certificate key, if you are using TLS.unset
TEMPORAL_TLS_FRONTEND_KEY_DATAAllows you to pass a frontend security certificate key as an object rather than a file path.unset
TEMPORAL_TLS_FRONTEND_DISABLE_HOST_VERIFICATIONSpecifies whether the frontend should skip host key verification.false
TEMPORAL_TLS_FRONTEND_SERVER_NAMESpecifies which hostname your frontend should validate against when using TLS.unset
TEMPORAL_TLS_CLIENT1_CA_CERTSpecifies the TLS certificate that the frontend presents to external clients.unset
TEMPORAL_TLS_CLIENT1_CA_CERT_DATAAllows you to pass a client security certificate as an object rather than a file path.unset
TEMPORAL_TLS_CLIENT2_CA_CERTAllows you to specify an additional TLS certificate that the frontend presents to external clients.unset
TEMPORAL_TLS_CLIENT2_CA_CERT_DATAAllows you to pass an additional client security certificate as an object rather than a file path.unset
STATSD_ENDPOINTAllows you to specify an endpoint to connect to statsd for observability.unset
PROMETHEUS_ENDPOINTAllows you to specify an endpoint to listen on for scrape requests from Prometheus, for observability.unset
PROMETHEUS_TIMER_TYPESpecifies which type of Prometheus metric is used for timer metrics.histogram
TEMPORAL_AUTH_AUTHORIZERAllows you to configure the Authorizer plugin.unset
TEMPORAL_AUTH_CLAIM_MAPPERAllows you to configure the ClaimMapper plugin.unset
TEMPORAL_JWT_KEY_SOURCE1Allows you to specify a JWT key source for a ClaimMapper integration.unset
TEMPORAL_JWT_KEY_SOURCE2Allows you to specify another JWT key source for a ClaimMapper integration.unset
TEMPORAL_JWT_KEY_REFRESHSpecifies how frequently JWT keys should be refreshed.1m
TEMPORAL_JWT_PERMISSIONS_CLAIMSpecifies the property name of your JWT permissions claim.permissions
FRONTEND_GRPC_PORTSpecifies the port that Temporal's frontend service GRPC endpoint is available on.7233
FRONTEND_HTTP_PORTSpecifies the port that Temporal's frontend service HTTP endpoint is available on.7243
FRONTEND_MEMBERSHIP_PORTSpecifies the port that Temporal's frontend service membership endpoint is available on.6933
INTERNAL_FRONTEND_GRPC_PORTSpecifies the port that Temporal's frontend service internal GRPC endpoint is available on.7236
INTERNAL_FRONTEND_MEMBERSHIP_PORTSpecifies the port that Temporal's frontend service internal membership endpoint is available on.6936
MATCHING_GRPC_PORTSpecifies the port that Temporal's matching service GRPC endpoint is available on.7235
MATCHING_MEMBERSHIP_PORTSpecifies the port that Temporal's matching service membership endpoint is available on.6935
HISTORY_GRPC_PORTSpecifies the port that Temporal's history service GRPC endpoint is available on.7234
HISTORY_MEMBERSHIP_PORTSpecifies the port that Temporal's history service membership endpoint is available on.6934
WORKER_GRPC_PORTSpecifies the port that Temporal's worker service GRPC endpoint is available on.7239
WORKER_MEMBERSHIP_PORTSpecifies the port that Temporal's worker service membership endpoint is available on.6939
USE_INTERNAL_FRONTENDSpecifies whether to deploy an additional internal frontend service, needed for some auth configurations.unset
PUBLIC_FRONTEND_ADDRESSCan be used to override the public frontend address derived from BIND_ON_IP and ``FRONTEND_GRPC_PORT`.unset
DYNAMIC_CONFIG_FILE_PATHSpecifies the path to a YAML file that dynamic configuration keys can be read from./etc/temporal/config/dynamicconfig/docker.yaml

Docker Pull Command

docker pull temporalio/server