Install & self-host
BreachFix Cloud runs as a gateway process (marketing site, dashboard, /v1 API) plus a Docker-based runtime for customer workloads. Production URL: https://cloud.breachfix.com (local default port 9876).
Production (Cloudflare tunnel)
Run the gateway on breachfix-net so breachfix-tunnel can reach it. See Cloudflare tunnel setup for wildcard routing.
cd /path/to/breachfix-cloud cp .env.example .env # set BREACHFIX_CLOUD_PUBLIC_URL=https://cloud.breachfix.com docker compose up -d --build docker restart breachfix-tunnel
Verify: curl -sI https://cloud.breachfix.com/ → 200
Service URL TLS: run ./scripts/verify-public-routing.sh before customer https://srv-….breachfix.com URLs work in browsers.
Production Docker (with deploy capability)
The gateway container mounts the Docker socket to build and run customer workloads on the host:
docker network create breachfix-cloud 2>/dev/null || true docker compose up -d --build
Customer traffic uses the gateway host proxy via Cloudflare tunnel — not host Traefik. Traefik Docker labels are reserved for a future edge option.
Local development
cd /path/to/breachfix-cloud ./scripts/start.sh
First run installs dependencies, builds all apps, and starts the API gateway on port 9876.
URLs (local)
- Marketing: http://127.0.0.1:9876/
- Dashboard: http://127.0.0.1:9876/dashboard/
- API: http://127.0.0.1:9876/v1/services
- Health: http://127.0.0.1:9876/api/health
Environment
Copy .env.example to .env. Set BREACHFIX_CLOUD_API_TOKEN, GitHub App credentials, and BreachFix billing keys as needed. See Connect GitHub for App setup.
systemd
sudo cp systemd/breachfix-cloud.service /etc/systemd/system/ sudo systemctl daemon-reload sudo systemctl enable --now breachfix-cloud