Skip to main content
markhuang.ai
Manuals
Pages
Dense-MemSource wiki

Public HTTPS And Redis

Standalone memory service for AI tools, with durable memory, evidence, team isolation, and MCP access.

Public HTTPS And Redis

The base compose setup is local-only. Use the expert compose example when you need public HTTPS, Traefik edge controls, optional Redis, or local database ports for development.

For exact variables and defaults, see Configuration.

Public HTTPS

Download the expert compose file after the local setup works:

bash
curl -fsSLo docker-compose.yml \
  https://raw.githubusercontent.com/markhuangai/dense-mem/main/examples/docker-compose.expert.yml

Set public HTTPS values in .env:

DENSE_MEM_DOMAIN=dense-mem.example.com
[email protected]

Start Traefik:

bash
docker compose --profile traefik up -d

Traefik exposes the main MCP and API service over HTTPS. It does not route to the control portal. Keep the control portal bound to loopback or another private interface.

Public Edge Controls

The expert compose file includes Traefik middleware for:

ControlVariable
Average request rateTRAEFIK_RATE_AVERAGE
Rate windowTRAEFIK_RATE_PERIOD
Burst allowanceTRAEFIK_RATE_BURST
Max request body sizeTRAEFIK_MAX_BODY_BYTES
Max in-flight requestsTRAEFIK_INFLIGHT_REQUESTS

These controls protect the public edge. Dense-Mem also has server-side runtime limits documented in Configuration.

Redis

Redis is optional for a single local server. Use it when you run more than one Dense-Mem server instance or need shared rate limits and shared SSE concurrency controls.

With the expert compose Redis service, set:

REDIS_ADDR=redis:6379

Then start the Redis profile:

bash
docker compose --profile redis up -d

For non-Compose deployments, set REDIS_ADDR to the Redis host and port that the Dense-Mem server process can reach.

Combined Public Stack

To run public HTTPS and Redis together:

bash
docker compose --profile traefik --profile redis up -d

Keep these boundaries clear:

SurfaceShould be public?
/mcpOnly when intentionally serving public MCP/API over HTTPS.
/api/v1/*Same public boundary as /mcp.
/uiPublic only if you intentionally allow users to reach the main API domain and authenticate with their own keys.
Control portal :8090No. Keep private.
Prometheus :9090No. Keep private.

Checks

bash
docker compose ps
docker compose logs -f traefik
docker compose logs -f server
curl https://dense-mem.example.com/health

If HTTPS does not work, check DNS, DENSE_MEM_DOMAIN, ACME_EMAIL, public port 80/443 reachability, and Traefik logs.