temporalio/server
Workflow as Code (TM) to build and operate resilient applications
10M+
This is the Temporal Server image, which is intended to be deployed into a production environment to connect to an external database -- one of Cassandra (default), MySQL, or PostgreSQL. To deploy Temporal with a preconfigured database, refer to the auto-setup image.
Temporal also optionally also supports Elasticsearch for visibility.
For more sample docker-compose
files, refer to the docker-compose Github repository.
You can also Sign up for Temporal Cloud, ask questions in our community Slack, schedule time with an expert, or dive into our documentation.
To configure this deployment, refer to this list of environment variables:
Name | Description | Default Value |
---|---|---|
DB | Specifies the type of database you're connecting to. Allowed values are cassandra , mysql8 , and postgres12 . | cassandra |
Name | Description | Default Value |
---|---|---|
KEYSPACE | Specifies the name of your Cassandra keyspace. | temporal |
CASSANDRA_SEEDS | Specifies your Cassndra hostname. | unset |
CASSANDRA_PORT | Specifies the port to connect to Cassandra on. | 9042 |
CASSANDRA_USER | Specifies your Cassandra username. | unset |
CASSANDRA_PASSWORD | Specifies your Cassandra password. | unset |
CASSANDRA_TLS_ENABLED | Specifies whether you are using TLS to connect to Cassandra. | false |
CASSANDRA_CERT | Specifies the path to your Cassandra security certificate, if you are using TLS. | unset |
CASSANDRA_CERT_DATA | Allows you to pass a Cassandra security certificate as an object rather than a file path. | unset |
CASSANDRA_CERT_KEY | Specifies the path to your Cassandra security certificate key, if you are using TLS. | unset |
CASSANDRA_CERT_KEY_DATA | Allows you to pass a Cassandra security certificate key as an object rather than a file path. | unset |
CASSANDRA_CA | Specifies the path to your Cassandra security certificate authority, if needed. | unset |
CASSANDRA_CA_DATA | Allows you to pass a Cassandra security certificate authority as an object rather than a file path. | unset |
CASSANDRA_HOST_VERIFICATION | Specifies whether Cassandra should perform host key verification. | false |
CASSANDRA_HOST_NAME | Specifies the hostname of your Cassandra DB. | unset |
CASSANDRA_ADDRESS_TRANSLATOR | Cassandra drivers have an AddressTranslator interface that can translate IP addresses received from Cassandra nodes into locally queriable addresses. | unset |
CASSANDRA_ADDRESS_TRANSLATOR_OPTIONS | Allows you to specify AddressTranslator options | unset |
Name | Description | Default Value |
---|---|---|
DBNAME | Specifies the name of your MySQL / Postgres database. | temporal |
VISIBILITY_DBNAME | Specifies the name of your MySQL / Postgres visibility database, separate from the main Temporal database. | temporal_visibility |
VISIBILITY_DB_PORT | Specifies the port to connect to MySQL/PostgrSQL on for your visibility database. | 3306 for MySQL, 5432 for Postgres |
VISIBILITY_MYSQL_SEEDS | Specifies your MySQL hostname for your visibility database. | unset |
VISIBILITY_MYSQL_USER | Specifies your MySQL username for your visibility database. | unset |
VISIBILITY_MYSQL_PWD | Specifies your MySQL password for your visibility database. | unset |
VISIBILITY_POSTGRES_SEEDS | Specifies your PostgreSQL hostname for your visibility database. | unset |
VISIBILITY_POSTGRES_USER | Specifies your PostgreSQL username for your visibility database. | unset |
VISIBILITY_POSTGRES_PWD | Specifies your PostgreSQL password for your visibility database. | unset |
DB_PORT | Specifies the port to connect to MySQL/PostgreSQL on. | 3306 for MySQL, 5432 for Postgres |
MYSQL_SEEDS | Specifies your MySQL hostname. | unset |
MYSQL_USER | Specifies your MySQL username. | unset |
MYSQL_PWD | Specifies your MySQL password. | unset |
MYSQL_TX_ISOLATION_COMPAT | Enables compatibility with pre-5.7.20 MySQL installations, if needed. | false |
SQL_VIS_MAX_CONNS | This variables specifies the maximum allowed active connections to your visibility database. | 10 |
SQL_VIS_MAX_IDLE_CONNS | This variables specifies the maximum allowed idle connections to your visibility database. | 10 |
SQL_VIS_MAX_CONN_TIME | Specifies how long connections to your visibility database are allowed to remain open. | 1h |
SQL_MAX_CONNS | This variables specifies the maximum allowed active database connections. | 20 |
SQL_MAX_IDLE_CONNS | This variables specifies the maximum allowed idle database connections. | 20 |
SQL_MAX_CONN_TIME | Specifies how long connections to your database are allowed to remain open. | 1h |
SQL_TLS_ENABLED | This variale specifies whether you use TLS to connect to your SQL database. | false |
SQL_CA | Specifies the path to your SQL security certificate authority, if needed. | unset |
SQL_CERT | Specifies the path to your SQL security certificate, if needed. | unset |
SQL_CERT_KEY | Specifies the path to your SQL security certificate key, if needed. | unset |
SQL_HOST_VERIFICATION | Specifies whether your SQL database connection should perform hostname verification. | false |
SQL_HOST_NAME | Specifies which hostname your database connection should validate against when using TLS. | unset |
POSTGRES_SEEDS | Specifies your Postgres hostname. | unset |
POSTGRES_USER | Specifies your PostgreSQL username. | unset |
POSTGRES_PWD | Specifies your PostgreSQL password. | unset |
POSTGRES_TLS_ENABLED | Specifies whether you are using TLS to connect to Postgres. | false |
POSTGRES_TLS_DISABLE_HOST_VERIFICATION | Specifies whether Postgres should skip host key verification (e.g. if you can't easily verify server certs when using Amazon RDS). | false |
POSTGRES_TLS_CERT_FILE | Specifies the path to your Postgres security certificate, if you are using TLS. | unset |
POSTGRES_TLS_KEY_FILE | Specifies the path to your Postgres security certificate key, if you are using TLS. | unset |
POSTGRES_TLS_CA_FILE | Specifies the path to your Postgres security certificate authority, if needed. | unset |
POSTGRES_TLS_SERVER_NAME | Specifies the host of your Postgres TLS server, if needed. | unset |
Name | Description | Default Value |
---|---|---|
ENABLE_ES | Specifies whether you are using Elasticsearch. | false |
ES_SCHEME | Specifies how you are connecting to Elasticsearch. Allowed values are http and https . | http |
ES_SEEDS | Specifies a comma-separated list of Elasticsearch nodes. | unset |
ES_PORT | Specifies the port to connect to Elasticsearch on. | 9200 |
ES_USER | Specifies your Elasticsearch username. | unset |
ES_PWD | Specifies your Elasticsearch password. | unset |
ES_VERSION | Specifies your Elasticsearch version. | v7 |
ES_VIS_INDEX | Specifies the name of your Elasticsearch index. | temporal_visibility_v1_dev |
ES_SEC_VIS_INDEX | Specifies the name of your secondary visibility Elasticsearch index. | unset |
Name | Description | Default Value |
---|---|---|
BIND_ON_IP | Specifies the IP address that the Temporal frontend service should be available on. | 127.0.0.1 / localhost |
TEMPORAL_BROADCAST_ADDRESS | Needs to be specified when the IP Address used by connecting clients is different than your BIND_ON_IP , such as when you are listening on 0.0.0.0 or using a proxy IP address. | unset |
PPROF_PORT | If specified, will initialize pprof upon process start on the listed port. | 0 |
TEMPORAL_TLS_REFRESH_INTERVAL | Specifies how often to refresh TLS certificates. | 0s |
TEMPORAL_TLS_EXPIRATION_CHECKS_CHECK_INTERVAL | Specifies how often TLS certificates should be checked for expiration. | 0s |
TEMPORAL_TLS_EXPIRATION_CHECKS_WARNING_WINDOW | Specifies the window within which pending TLS expiration should trigger a warning. | 0s |
TEMPORAL_TLS_EXPIRATION_CHECKS_ERROR_WINDOW | Specifies the window within which pending TLS expiration should throw an error. | 0s |
TEMPORAL_TLS_REQUIRE_CLIENT_AUTH | Specifies whether Temporal clients (including all Workers, CLI and SDK code) are required to authenticate via TLS. | false |
TEMPORAL_TLS_SERVER_CERT | Specifies the path to your Temporal security certificate, if you are using TLS. | unset |
TEMPORAL_TLS_SERVER_CERT_DATA | Allows you to pass a Temporal security certificate as an object rather than a file path. | unset |
TEMPORAL_TLS_SERVER_KEY | Specifies the path to your Temporal security certificate key, if you are using TLS. | unset |
TEMPORAL_TLS_SERVER_KEY_DATA | Allows you to pass a Temporal security certificate key as an object rather than a file path. | unset |
TEMPORAL_TLS_SERVER_CA_CERT | Specifies the path to your Temporal security certificate authority, if needed. | unset |
TEMPORAL_TLS_SERVER_CA_CERT_DATA | Allows you to pass a Temporal security certificate authority as an object rather than a file path. | unset |
TEMPORAL_TLS_INTERNODE_DISABLE_HOST_VERIFICATION | Specifies whether Temporal should skip host key verification when connecting to an internode (e.g., the history or matching services). | false |
TEMPORAL_TLS_INTERNODE_SERVER_NAME | Specifies which hostname your internode connection should validate against when using TLS. | unset |
TEMPORAL_TLS_FRONTEND_CERT | Specifies the path to your frontend security certificate, if you are using TLS. | unset |
TEMPORAL_TLS_FRONTEND_CERT_DATA | Allows you to pass a frontend security certificate as an object rather than a file path. | unset |
TEMPORAL_TLS_FRONTEND_KEY | Specifies the path to your frontend security certificate key, if you are using TLS. | unset |
TEMPORAL_TLS_FRONTEND_KEY_DATA | Allows you to pass a frontend security certificate key as an object rather than a file path. | unset |
TEMPORAL_TLS_FRONTEND_DISABLE_HOST_VERIFICATION | Specifies whether the frontend should skip host key verification. | false |
TEMPORAL_TLS_FRONTEND_SERVER_NAME | Specifies which hostname your frontend should validate against when using TLS. | unset |
TEMPORAL_TLS_CLIENT1_CA_CERT | Specifies the TLS certificate that the frontend presents to external clients. | unset |
TEMPORAL_TLS_CLIENT1_CA_CERT_DATA | Allows you to pass a client security certificate as an object rather than a file path. | unset |
TEMPORAL_TLS_CLIENT2_CA_CERT | Allows you to specify an additional TLS certificate that the frontend presents to external clients. | unset |
TEMPORAL_TLS_CLIENT2_CA_CERT_DATA | Allows you to pass an additional client security certificate as an object rather than a file path. | unset |
STATSD_ENDPOINT | Allows you to specify an endpoint to connect to statsd for observability. | unset |
PROMETHEUS_ENDPOINT | Allows you to specify an endpoint to listen on for scrape requests from Prometheus, for observability. | unset |
PROMETHEUS_TIMER_TYPE | Specifies which type of Prometheus metric is used for timer metrics. | histogram |
TEMPORAL_AUTH_AUTHORIZER | Allows you to configure the Authorizer plugin. | unset |
TEMPORAL_AUTH_CLAIM_MAPPER | Allows you to configure the ClaimMapper plugin. | unset |
TEMPORAL_JWT_KEY_SOURCE1 | Allows you to specify a JWT key source for a ClaimMapper integration. | unset |
TEMPORAL_JWT_KEY_SOURCE2 | Allows you to specify another JWT key source for a ClaimMapper integration. | unset |
TEMPORAL_JWT_KEY_REFRESH | Specifies how frequently JWT keys should be refreshed. | 1m |
TEMPORAL_JWT_PERMISSIONS_CLAIM | Specifies the property name of your JWT permissions claim. | permissions |
FRONTEND_GRPC_PORT | Specifies the port that Temporal's frontend service GRPC endpoint is available on. | 7233 |
FRONTEND_HTTP_PORT | Specifies the port that Temporal's frontend service HTTP endpoint is available on. | 7243 |
FRONTEND_MEMBERSHIP_PORT | Specifies the port that Temporal's frontend service membership endpoint is available on. | 6933 |
INTERNAL_FRONTEND_GRPC_PORT | Specifies the port that Temporal's frontend service internal GRPC endpoint is available on. | 7236 |
INTERNAL_FRONTEND_MEMBERSHIP_PORT | Specifies the port that Temporal's frontend service internal membership endpoint is available on. | 6936 |
MATCHING_GRPC_PORT | Specifies the port that Temporal's matching service GRPC endpoint is available on. | 7235 |
MATCHING_MEMBERSHIP_PORT | Specifies the port that Temporal's matching service membership endpoint is available on. | 6935 |
HISTORY_GRPC_PORT | Specifies the port that Temporal's history service GRPC endpoint is available on. | 7234 |
HISTORY_MEMBERSHIP_PORT | Specifies the port that Temporal's history service membership endpoint is available on. | 6934 |
WORKER_GRPC_PORT | Specifies the port that Temporal's worker service GRPC endpoint is available on. | 7239 |
WORKER_MEMBERSHIP_PORT | Specifies the port that Temporal's worker service membership endpoint is available on. | 6939 |
USE_INTERNAL_FRONTEND | Specifies whether to deploy an additional internal frontend service, needed for some auth configurations. | unset |
PUBLIC_FRONTEND_ADDRESS | Can be used to override the public frontend address derived from BIND_ON_IP and ``FRONTEND_GRPC_PORT`. | unset |
DYNAMIC_CONFIG_FILE_PATH | Specifies the path to a YAML file that dynamic configuration keys can be read from. | /etc/temporal/config/dynamicconfig/docker.yaml |
docker pull temporalio/server