Self-hosting dembrane

On this page

Running dembrane yourself means standing up a small set of services and pointing them at your own database, object storage, and language-model providers. This page is the orientation: the moving parts, how to bring them up locally, the ports they listen on, and where the configuration lives.

Note

Read the licensing terms before you run dembrane in production. The code is BSL 1.1: non-production use is unrestricted; production use is free below the €1M finance threshold and otherwise needs a commercial licence.

When you’d self-host

If none of those apply, the managed service at dembrane.com saves you the operational work.

The services you’ll run

dembrane is a handful of cooperating services. You run all of them.

Service Port What it does
FastAPI backend 8000 The API: v1 routes under /api/*, v2 under /api/v2/*, plus the BFF layer api/v2/bff/*.
Agent service 8001 Agentic chat (tool-using “Ask”); leases coordinated in Redis.
Directus 8055 The data layer, authentication, and file storage.
Workers (network, cpu) - Background jobs via Dramatiq: transcription, merge, summaries, reports.
Scheduler - APScheduler dispatching periodic jobs (billing, digests, reconciliation) to the workers.
Dashboard (web) 5173 The host dashboard frontend.
Participant portal (web) 5174 The no-account recording experience.

The dashboard and the portal are the same frontend codebase; it picks the right router by hostname, which is why they’re two ports in development.

For a code-level tour of how these fit together, see the internal architecture and background jobs & scheduler guides.

Backing infrastructure

These are the dependencies the services need. You can run them in the dev container, on your own boxes, or as managed cloud services.

Running it locally: the dev container + mprocs

The repository ships a dev container (under .devcontainer/) that provisions the tooling and local infrastructure for you: pnpm and uv for the JavaScript and Python toolchains, plus local PostgreSQL, Valkey, and Directus. Opening the repo in a dev-container-aware editor builds it once and drops you into a ready environment.

Inside the container, the services are orchestrated with mprocs, driven by mprocs.yaml. A single mprocs invocation brings up:

mprocs gives you one pane per process, so you can read each service’s logs and restart any one of them independently. The internal local development guide covers the day-to-day workflow in more detail.

Tip

Bring your own S3, or run MinIO locally. If you point STORAGE_S3_* at a MinIO instance in the same network, the participant upload flow (presigned URLs → confirm) works exactly as it does in production. See the participant API for that sequence.

Configuration: environment files

Configuration is by environment variable, split across the services:

Keep secrets out of version control. The .env.sample files are the canonical list of what each service expects; treat them as the source of truth when a variable here and the code disagree.

Important

Directus owns authentication and file storage. The backend talks to Directus for both, so the two services must agree on their shared secrets and connection details. How the backend trusts Directus-issued tokens is covered in authentication.

A first-run checklist

  1. Provision PostgreSQL with pgvector, Redis/Valkey, and an S3 bucket (or MinIO).
  2. Copy server/.env.sampleserver/.env and directus/.env and fill them in.
  3. Configure at least one deployment per language-model group and a transcription provider - see configuration & LLM providers.
  4. Bring up Directus (8055) and apply its schema/migrations.
  5. Start the backend (8000), the workers, and the scheduler.
  6. Start the dashboard (5173) and the portal (5174).
  7. Set SERVE_API_DOCS=1 while you’re integrating, so the OpenAPI explorer is available at /docs and /redoc. See the participant API.

EU residency

dembrane is built and operated with European data residency in mind, and the self-hosted stack can be configured the same way. The levers:

Note

On the managed service, the fully EU-sovereign stack (CLOUD-Act-safe hosting and sovereign models) is the Guardian tier and is coming soon. When you self-host you assemble residency from your own choice of regions and providers; the configuration scheme is designed to make that straightforward. See tiers & billing and data ownership & compliance.

Related

Comments