VM Deployment
Was this page helpful?
Loading OmniRoute...
Languages: 🇺🇸 English | 🇧🇷 Português (Brasil) | 🇪🇸 Español | 🇫🇷 Français | 🇮🇹 Italiano | 🇷🇺 Русский | 🇨🇳 中文 (简体) | 🇩🇪 Deutsch | 🇮🇳 हिन्दी | 🇹🇭 ไทย | 🇺🇦 Українська | 🇸🇦 العربية | 🇯🇵 日本語 | 🇻🇳 Tiếng Việt | 🇧🇬 Български | 🇩🇰 Dansk | 🇫🇮 Suomi | 🇮🇱 עברית | 🇭🇺 Magyar | 🇮🇩 Bahasa Indonesia | 🇰🇷 한국어 | 🇲🇾 Bahasa Melayu | 🇳🇱 Nederlands | 🇳🇴 Norsk | 🇵🇹 Português (Portugal) | 🇷🇴 Română | 🇵🇱 Polski | 🇸🇰 Slovenčina | 🇸🇪 Svenska | 🇵🇭 Filipino | 🇨🇿 Čeština
| CPU | ||
| RAM | ||
| Disk | ||
| OS | ||
| Domain | ||
| Docker |
Tested providers: Akamai (Linode), DigitalOcean, Vultr, Hetzner, AWS Lightsail.
)ssh root@203.0.113.10
apt update && apt upgrade -y
# Install dependencies apt install -y ca-certificates curl gnupg # Add official Docker repository install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $ (. /etc/os-release && echo “$VERSION_CODENAME”) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
apt install -y nginx
ufw default deny incoming ufw default allow outgoing ufw allow 22/tcp # SSH ufw allow 80/tcp # HTTP (redirect) ufw allow 443/tcp # HTTPS ufw enable
Tip: For maximum security, restrict ports 80 and 443 to Cloudflare IPs only. See the Advanced Security section.
mkdir -p /opt/omniroute
cat > /opt/omniroute/.env << ‘EOF’ # === Security === JWT_SECRET=CHANGE-TO-A-UNIQUE-64-CHAR-SECRET-KEY INITIAL_PASSWORD=YourSecurePassword123! API_KEY_SECRET=REPLACE-WITH-ANOTHER-SECRET-KEY STORAGE_ENCRYPTION_KEY=REPLACE-WITH-THIRD-SECRET-KEY STORAGE_ENCRYPTION_KEY_VERSION=v1 MACHINE_ID_SALT=CHANGE-TO-A-UNIQUE-SALT # === App === PORT=20128 NODE_ENV=production HOSTNAME=0.0.0.0 DATA_DIR=/app/data STORAGE_DRIVER=sqlite APP_LOG_TO_FILE=true AUTH_COOKIE_SECURE=false REQUIRE_API_KEY=false # === Domain (change to your domain) === BASE_URL=https://llms.seudominio.com NEXT_PUBLIC_BASE_URL=https://llms.seudominio.com # === Cloud Sync (optional) === # CLOUD_URL=https://cloud.omniroute.online # NEXT_PUBLIC_CLOUD_URL=https://cloud.omniroute.online EOF
IMPORTANT: Generate unique secret keys! Use for each key.
docker pull diegosouzapw/omniroute:latest docker run -d \ --name omniroute \ --restart unless-stopped \ --env-file /opt/omniroute/.env \ -p 20128:20128 \ -v omniroute-data:/app/data \ diegosouzapw/omniroute:latest
docker ps | grep omniroute docker logs omniroute --tail 20
and .
mkdir -p /etc/nginx/ssl # Paste the certificate nano /etc/nginx/ssl/origin.crt # Paste the private key nano /etc/nginx/ssl/origin.key chmod 600 /etc/nginx/ssl/origin.key
cat > /etc/nginx/sites-available/omniroute << ‘NGINX’
# Default server — blocks direct access via IP
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/ssl/origin.crt;
ssl_certificate_key /etc/nginx/ssl/origin.key;
server_name _;
return 444;
}
# OmniRoute — HTTPS
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name llms.yourdomain.com; # Change to your domain
ssl_certificate /etc/nginx/ssl/origin.crt;
ssl_certificate_key /etc/nginx/ssl/origin.key;
ssl_protocols TLSv1.2 TLSv1.3;
client_max_body_size 100M;
location / {
proxy_pass http://127.0.0.1:20128;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
# SSE (Server-Sent Events) — streaming AI responses
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
# HTTP → HTTPS redirect
server {
listen 80;
listen [::]:80;
server_name llms.yourdomain.com;
return 301 https://$server_name$request_uri;
}
NGINX
/ , raise /
above the same threshold.
# Remove default configuration rm -f /etc/nginx/sites-enabled/default # Enable OmniRoute ln -sf /etc/nginx/sites-available/omniroute /etc/nginx/sites-enabled/omniroute # Test and reload nginx -t && systemctl reload nginx
| (VM IP) |
SSL/TLS → Overview:
SSL/TLS → Edge Certificates:
curl -sI https://llms.seudominio.com/health # Should return HTTP/2 200
docker pull diegosouzapw/omniroute:latest docker stop omniroute && docker rm omniroute docker run -d --name omniroute --restart unless-stopped \ --env-file /opt/omniroute/.env \ -p 20128:20128 \ -v omniroute-data:/app/data \ diegosouzapw/omniroute:latest
docker logs -f omniroute # Real-time stream docker logs omniroute --tail 50 # Last 50 lines
# Copy data from the volume to the host docker cp omniroute:/app/data ./backup-$(date +%F) # Or compress the entire volume docker run --rm -v omniroute-data:/data -v $(pwd):/backup \ alpine tar czf /backup/omniroute-data-$(date +%F).tar.gz /data
docker stop omniroute docker run --rm -v omniroute-data:/data -v $(pwd):/backup \ alpine sh -c “rm -rf /data/* && tar xzf /backup/omniroute-data-YYYY-MM-DD.tar.gz -C /” docker start omniroute
cat > /etc/nginx/cloudflare-ips.conf << ‘CF’ # Cloudflare IPv4 ranges — update periodically # https://www.cloudflare.com/ips-v4/ set_real_ip_from 173.245.48.0/20; set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 108.162.192.0/18; set_real_ip_from 190.93.240.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 162.158.0.0/15; set_real_ip_from 104.16.0.0/13; set_real_ip_from 104.24.0.0/14; set_real_ip_from 172.64.0.0/13; set_real_ip_from 131.0.72.0/22; real_ip_header CF-Connecting-IP; CF
inside the block:
include /etc/nginx/cloudflare-ips.conf;
apt install -y fail2ban systemctl enable fail2ban systemctl start fail2ban # Check status fail2ban-client status sshd
# Prevent direct external access to port 20128 iptables -I DOCKER-USER -p tcp --dport 20128 -j DROP iptables -I DOCKER-USER -i lo -p tcp --dport 20128 -j ACCEPT # Persist the rules apt install -y iptables-persistent netfilter-persistent save
# In the local repository cd omnirouteCloud npm install npx wrangler login npx wrangler deploy
omnirouteCloud/README.md.