Skip to main content
For a deployment accessible beyond a single machine, follow these steps.

Steps

1

Put both services behind a reverse proxy with HTTPS

Browsers require a secure context (HTTPS) for WebRTC and the Screen Wake Lock API. Use Nginx, Caddy, Traefik, or a managed platform like Render or Fly.Proxy each service to a hostname you control:
  • app.your-domain.com to the client on :3000
  • api.your-domain.com to the signaling server on :3001
The signaling server uses WebSockets. Make sure your proxy forwards the Upgrade and Connection headers.
2

Set NEXT_PUBLIC_SOCKET_URL and rebuild

In .env:
NEXT_PUBLIC_SOCKET_URL=https://api.your-domain.com
Then rebuild the client image (required because this value is inlined at build time):
docker compose build client
docker compose up -d
3

Set CLIENT_URL

In .env:
CLIENT_URL=https://app.your-domain.com
This adds your client origin to the server’s CORS allow-list. Without it, browser requests from your domain will be blocked.
4

Set TRUSTED_PROXY_COUNT

Set this to the number of proxy hops in front of the signaling server so per-IP rate limiting reads real client IPs instead of proxy IPs:
TRUSTED_PROXY_COUNT=1

CORS note

The server’s allow-list also includes the official floe.one origins. Your CLIENT_URL is added on top of these, so browser clients on your domain and on floe.one can both reach your server. If you are running a private fork and want a strict allow-list, remove the hard-coded entries from server/server.js.