LibreChat is an open-source chat interface that connects to language model APIs from providers such as OpenAI, Anthropic, Google, and Ollama. It stores conversation history, supports multiple user accounts, and provides a single interface for switching between models and providers.

This article explains how to deploy LibreChat on a Linux server using Docker Compose with a Traefik reverse proxy that provisions a Let's Encrypt TLS certificate and exposes the interface over HTTPS.

Prerequisites

Before you begin, you need to:

• Have access to a Linux-based server as a non-root user with sudo privileges.
• Install Docker and Docker Compose.
• Create a DNS A record pointing to your server's IP address (for example, librechat.example.com).

Set Up the Directory Structure and Environment Variables

LibreChat's GitHub repository contains the Docker Compose configuration and default environment templates. The repository includes pre-configured services for MongoDB, Meilisearch, and vector database integration.

1. Clone the LibreChat repository.

   console Copy

   $ git clone https://github.com/danny-avila/LibreChat.git
   

   Explain Code

2. Navigate to the LibreChat directory.

   console Copy

   $ cd LibreChat
   

   Explain Code

3. Check out the latest stable release. Replace v0.8.3 with the current version from the LibreChat releases page.

   console Copy

   $ git checkout tags/v0.8.3
   

   Explain Code

4. Find the Meilisearch data directory name used by this release.

   console Copy

   $ grep -o 'meili_data_v[0-9.]*' docker-compose.yml | head -1
   

   Explain Code

   The output is the directory name tied to the Meilisearch version pinned in this release. For this example, assume the output is meili_data_v1.35.1. Use the value returned by the command in the next two steps.

5. Create the required data directories for LibreChat services. Replace meili_data_v1.35.1 with the value from the previous step if it differs.

   console Copy

   $ mkdir -p data-node images logs meili_data_v1.35.1 uploads
   

   Explain Code

   These directories store application data, search indexes, and uploaded files.

6. Assign ownership of the Meilisearch data directory to UID and GID 1000. Meilisearch runs as a non-root user inside its container and requires write access to this directory. Replace meili_data_v1.35.1 with the value from the earlier step if it differs.

   console Copy

   $ sudo chown -R 1000:1000 meili_data_v1.35.1
   

   Explain Code

7. Create a .env file from the included template.

   console Copy

   $ cp .env.example .env
   

   Explain Code

8. Open the .env file to set the user and group permissions. Without these values, Docker Compose logs ownership warnings on startup.

   console Copy

   $ nano .env
   

   Explain Code

9. Find and uncomment the following lines:

   ini Copy

   UID=1000
   GID=1000
   

   Explain Code

   Save and close the file.

Deploy with Docker Compose

The Docker Compose override file extends the base LibreChat configuration with a Traefik service that handles TLS termination and routes HTTPS traffic to the LibreChat API container.

1. Create the Docker Compose override file.

   console Copy

   $ nano docker-compose.override.yml
   

   Explain Code

2. Replace librechat.example.com with your domain name and admin@example.com with your email address, then add the following configuration.

   yaml Copy

   services:
     api:
       labels:
         - "traefik.enable=true"
         - "traefik.http.routers.librechat.rule=Host(`librechat.example.com`)"
         - "traefik.http.routers.librechat.entrypoints=websecure"
         - "traefik.http.routers.librechat.tls.certresolver=leresolver"
         - "traefik.http.services.librechat.loadbalancer.server.port=3080"
       volumes:
         - ./librechat.yaml:/app/librechat.yaml
   
     traefik:
       image: traefik:v3.6.10
       ports:
         - "80:80"
         - "443:443"
       volumes:
         - "/var/run/docker.sock:/var/run/docker.sock:ro"
         - "./letsencrypt:/letsencrypt"
       command:
         - "--providers.docker=true"
         - "--providers.docker.exposedbydefault=false"
         - "--entrypoints.web.address=:80"
         - "--entrypoints.websecure.address=:443"
         - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
         - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
         - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
         - "--certificatesresolvers.leresolver.acme.httpchallenge=true"
         - "--certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web"
         - "--certificatesresolvers.leresolver.acme.email=admin@example.com"
         - "--certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json"
   

   Explain Code

   Save and close the file. The override file defines the following:

   • api: Extends the base LibreChat API service with Traefik routing labels and mounts librechat.yaml for additional configuration. The labels instruct Traefik to route HTTPS requests for the configured domain to the container on port 3080.
   • traefik: Runs the Traefik reverse proxy on ports 80 and 443. It reads the Docker socket to discover containers by their labels, redirects all HTTP traffic to HTTPS, and uses the ACME HTTP-01 challenge to request and renew TLS certificates from Let's Encrypt. Certificates are stored in ./letsencrypt/acme.json.

3. Create an empty librechat.yaml configuration file. The override file mounts this path into the API container. Docker creates a directory at this path if the file does not exist, which causes a startup error.

   console Copy

   $ touch librechat.yaml
   

   Explain Code

4. Start all services in detached mode.

   console Copy

   $ docker compose up -d
   

   Explain Code

   Docker Compose starts the LibreChat API, MongoDB, Meilisearch, and Traefik containers. Traefik requests a TLS certificate from Let's Encrypt using the ACME HTTP-01 challenge and begins routing HTTPS traffic to the LibreChat container on port 3080.

5. Verify that all containers are running.

   console Copy

   $ docker compose ps
   

   Explain Code

   Verify that all containers show a STATUS of Up.

6. View the service logs to confirm the stack started without errors.

   console Copy

   $ docker compose logs --tail=50
   

   Explain Code

   The output shows MongoDB initialization, Meilisearch startup, Traefik registering routes for the configured domain, and the LibreChat API listening on port 3080.

   For more information on managing a Docker Compose stack, see the How to Use Docker Compose article.

Access the LibreChat Dashboard

LibreChat requires an account before the chat interface becomes accessible. The first user who registers can configure AI provider API keys through the dashboard settings.

1. Open the LibreChat registration page in your browser. Replace librechat.example.com with your configured domain.

   https://librechat.example.com/register

   The registration form loads and displays fields for your name, username, email, and password.

   Note

   LibreChat supports social logins through Google, GitHub, Discord, and OpenID Connect. To enable social login, set ALLOW_SOCIAL_LOGIN and ALLOW_SOCIAL_REGISTRATION to true in the .env file. Refer to the authentication configuration documentation for setup instructions.

2. Enter your Full Name, Username, Email, and Password, then click Continue. LibreChat creates the account and redirects to the login page.

   

3. Enter your email and password, then click Continue. The LibreChat dashboard loads and displays the model selector and conversation interface.

   

Conclusion

LibreChat is now running with Docker Compose and accessible over HTTPS on your domain name. Conversation history, uploaded files, and search indexes are stored in the project directories. For more information, refer to the official LibreChat documentation.