Skip to main content

Self Hosting GrowthBook

GrowthBook consists of a NextJS front-end, an ExpressJS API, and a Python stats engine. Everything is bundled together in a single Docker Image.

In addition to the app itself, you will also need a MongoDB instance to store login credentials, cached experiment results, and metadata.

tip

Don't want to install or host the app yourself? GrowthBook Cloud is a fully managed version that's free to get started.

Installation

You can use docker compose to get started quickly:

# docker-compose.yml
services:
mongo:
image: "mongo:latest"
environment:
- MONGO_INITDB_ROOT_USERNAME=root
- MONGO_INITDB_ROOT_PASSWORD=password
volumes:
- mongodata:/data/db
growthbook:
image: "growthbook/growthbook:latest"
ports:
- "3000:3000"
- "3100:3100"
depends_on:
- mongo
environment:
- MONGODB_URI=mongodb://root:password@mongo:27017/growthbook?authSource=admin
volumes:
- uploads:/usr/local/src/app/packages/back-end/uploads
volumes:
uploads:
mongodata:

Then, just run docker compose up -d to start everything and view the app at http://localhost:3000

caution

The use of the mongo image within the docker-compose.yml is meant to quickly get a dev or staging environment up and running. For production you may want to use a more scalable and stable solution (ie. AWS DocumentDB, Google Cloud MongoDB Atlas, Azure Cosmos DB for Mongo, etc.) You may also want to have a Growthbook Proxy running as well for speed, scalability, security, and real-time feature rollouts.

Docker Tags

Builds are published automatically from the GitHub repo main branch. The most recent commit is tagged with latest.

GitHub Releases are also tagged using SemVer (e.g. 0.2.1).

If you need to reference the image for a specific git commit for any reason, you can use the git shorthash tag (e.g. git-41278e9).

Updating to Latest

If you are using docker-compose, and assuming you specify the growthbook container with :latest, you can update with:

docker compose pull growthbook
docker compose stop growthbook
docker compose up -d growthbook

Kubernetes (Helm) Installation

tip

Our official Helm chart to deploy GrowthBook on Kubernetes is distributed as a OCI artifact via ghcr.io:

  • For production and scalable cloud-native deployments, use GCP (GKE) or AWS (EKS).
  • For local testing and development, use Minikube.

Minimal Prerequisites

Before you apply the example values files, make sure you complete these minimal prerequisites for your environment:

Kubernetes Cluster Access

Ensure you have access to a running Kubernetes cluster (Minikube, GKE, or EKS) with permissions to deploy workloads and required controllers (such as load balancer controllers) installed. You'll need kubectl and the GrowthBook Helm chart, which is available on Artifact Hub.

Authentication Secrets

Generate and Store JWT and encryption secrets for backend authentication and encryption:

openssl rand -hex 32  # Run twice, once for each secret

Store them as Kubernetes secrets in the same namespace as the one where the chart will be installed (replace the values with your generated secrets):

kubectl create secret generic jwt-secret \
--from-literal=jwt-secret=YOUR_JWT_SECRET
kubectl create secret generic encryption-key \
--from-literal=encryption-key=YOUR_ENCRYPTION_KEY

Reference these secrets in your environment specific values file.

DNS Resolution for Testing

For quick testing without configuring DNS, you can use public DNS services that automatically resolve to your cluster's ingress IP.

Services like sslip.io and traefik.me provide wildcard DNS that resolves based on the IP address in the hostname:

  • sslip.io: If your ingress IP is 35.X.X.X, then myapp.35.X.X.X.sslip.io resolves to 35.X.X.X
  • traefik.me: Similar functionality but with dashes, e.g., myapp.35-X-X-X.traefik.me

These services are useful for:

  • Local development with Minikube
  • Quick testing in cloud environments before setting up proper DNS
  • Temporary deployments or demos

The example values files below use sslip.io for demonstration purposes. For production, you should use proper DNS records in your cloud provider.

Environment Configuration

In the next step you will need to decide on which environment to deploy to and configure your values files accordingly before installation.

info

The examples below provide minimal configurations to get you started quickly. For a complete list of all available configuration options and advanced customization, refer to the full values.yaml file in our repository.

Environment-Specific Values

Default hostnames below use sslip.io for quick testing.
For production, use a domain registered in your cloud provider's DNS (e.g., Route53 for AWS).
The hostnames in the values file must match the domain you intend to use for Ingress.
Replace INGRESS_IP with the external IP assigned to your Ingress object.

Minimal values-aws.yaml
global:
env:
- name: APP_ORIGIN
# For testing only! Replace with your real domain for production.
value: http://growthbook.<INGRESS_IP>.sslip.io

frontend:
service:
name: frontend
port: 3000
targetPort: 3000
env:
- name: API_HOST
# For testing only! Replace with your real domain for production.
value: http://api.<INGRESS_IP>.sslip.io

backend:
mongodbEnabled: true
service:
name: backend
port: 3100
targetPort: 3100
env:
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: jwt-secret
key: jwt-secret
- name: ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: encryption-key
key: encryption-key
- name: UPLOAD_METHOD
value: s3
# ===== S3 uploads configuration =====
- name: S3_BUCKET
value: "BUCKET_NAME"
# default: us-east-1
- name: S3_REGION
value: "S3_REGION"
# default: https://${S3_BUCKET}.s3.amazonaws.com/
- name: S3_DOMAIN
value: "https://${S3_BUCKET}.s3.${S3_REGION}.amazonaws.com/"

mongodb:
enabled: true

ingress:
enabled: true
className: "alb"
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/scheme: internet-facing
hosts:
- host: growthbook.<INGRESS_IP>.sslip.io # For testing only! Replace for production.
paths:
- path: /*
pathType: ImplementationSpecific
service: frontend
- host: api.<INGRESS_IP>.sslip.io # For testing only! Replace for production.
paths:
- path: /*
pathType: ImplementationSpecific
service: backend
tls: []

Installation:

helm install growthbook growthbook/growthbook -f values-aws.yaml

After Install: Update Hostnames

  1. Wait for your Ingress object to be assigned an external IP. This might take anywhere from 3 to 5 minutes.
  2. Update your values-aws.yaml file to use this IP in all sslip.io hostnames.
  3. Run helm upgrade --install growthbook oci://ghcr.io/growthbook/charts/growthbook -f values-aws.yaml to apply the change.

Accessing GrowthBook

After deploying with Helm, access GrowthBook using the Ingress hostnames you configured in your values file:

  • Minikube:

    • Run minikube tunnel in a separate terminal to expose the Ingress IP to your host.
    • Frontend: https://growthbook.${MINIKUBE-IP}.sslip.io
    • Backend/API: https://api.${MINIKUBE-IP}.sslip.io
    • (Replace ${MINIKUBE-IP} with the output of minikube ip)

    When running Minikube on MacOS with Docker Desktop, you may need to add some rules to your /etc/hosts file:

    echo "127.0.0.1 growthbook.${MINIKUBE-IP}.sslip.io" | sudo tee -a /etc/hosts
    echo "127.0.0.1 api.${MINIKUBE-IP}.sslip.io" | sudo tee -a /etc/hosts
  • AWS & GCP

    • Use the hostname you set in your values file
    • Check your Ingress/ALB resource for the external DNS name if using AWS Load Balancer Controller or domain if using a cloud-managed Ingress

Open the frontend URL in your browser to start using GrowthBook. The backend/API URL is used by the frontend and for API access.

Troubleshooting

If something isn't working as expected, use these commands to check the status of your resources:

  • List all pods and their status:
    kubectl get pods -A
  • Describe a specific pod (replace POD_NAME and NAMESPACE):
    kubectl describe pod POD_NAME -n NAMESPACE
  • Check the status of your services:
    kubectl get svc -A
  • Inspect your Ingress resources:
    kubectl get ingress -A
    kubectl describe ingress INGRESS_NAME -n NAMESPACE