> ## Documentation Index
> Fetch the complete documentation index at: https://docs.onyx.app/llms.txt
> Use this file to discover all available pages before exploring further.

# EC2

> Deploy Onyx on AWS EC2

Using AWS EC2 is the recommended way of deploying Onyx.
It is simple to set up and should meet the performance needs of 90% of organizations looking to use Onyx!

## Guide

<Steps>
  <Step title="Create an EC2 instance">
    Create an EC2 instance with the appropriate resources. For this guide,
    we will use the recommended `m7g.xlarge` instance.

    <Note>
      Read our [Resourcing guide](/deployment/getting_started/resourcing) for more details.
    </Note>

    * Give your instance a descriptive name like `onyx-prod`
    * Select the `Amazon Linux 2023` AMI
    * Select the `64-bit (Arm)` architecture
    * Select the `m7g.xlarge` instance type
    * Select `Allow HTTPS traffic from the internet` in the *Network settings* section
    * Configure storage following the Resourcing Guide

    <img className="rounded-image" src="https://mintcdn.com/danswer/bNCAyv_0mlX0VYMw/assets/deployment/ec2_create_instance.png?fit=max&auto=format&n=bNCAyv_0mlX0VYMw&q=85&s=b9c29e7f77fe42980b25c9646133cc88" alt="EC2 Instance Creation" width="3340" height="2336" data-path="assets/deployment/ec2_create_instance.png" />

    <img className="rounded-image" src="https://mintcdn.com/danswer/bNCAyv_0mlX0VYMw/assets/deployment/ec2_https.png?fit=max&auto=format&n=bNCAyv_0mlX0VYMw&q=85&s=af9e59f992c7cee90b91b6cda7999242" alt="EC2 Security Group Configuration" width="2230" height="1082" data-path="assets/deployment/ec2_https.png" />
  </Step>

  <Step title="Create the instance">
    Click **Launch instance** and then view your instance details.

    <Tip>
      Save the **Public IPv4 address** of the instance!
    </Tip>

    <img className="rounded-image" src="https://mintcdn.com/danswer/bNCAyv_0mlX0VYMw/assets/deployment/ec2_ipv4.png?fit=max&auto=format&n=bNCAyv_0mlX0VYMw&q=85&s=a89807bc686c1606183aba2a7c9a7845" alt="EC2 Public IPv4 Address" width="1612" height="358" data-path="assets/deployment/ec2_ipv4.png" />
  </Step>

  <Step title="Point domain to the instance">
    <Note>
      If you don't have a domain, buy one from a DNS provider like [GoDaddy](https://www.godaddy.com/)
      or just skip HTTPS for now.
    </Note>

    To point our domain to the new instance, we need to add an `A` and `CNAME` record to our DNS provider.

    The `A` record should be the subdomain that you would like to use for the Onyx instance like `prod`.

    The `CNAME` record should be the same name with the `www.` in front resulting in `www.prod` pointing to the full
    domain like `prod.onyx.app`.

    <img className="rounded-image" src="https://mintcdn.com/danswer/bNCAyv_0mlX0VYMw/assets/deployment/arecord.png?fit=max&auto=format&n=bNCAyv_0mlX0VYMw&q=85&s=9fbd656a327d2671940f8be76191d32c" alt="DNS A Record Configuration" width="1597" height="605" data-path="assets/deployment/arecord.png" />

    <img className="rounded-image" src="https://mintcdn.com/danswer/bNCAyv_0mlX0VYMw/assets/deployment/cname.png?fit=max&auto=format&n=bNCAyv_0mlX0VYMw&q=85&s=486c85de9161b822a19b63ea5e7c4d9a" alt="DNS CNAME Record Configuration" width="1610" height="409" data-path="assets/deployment/cname.png" />
  </Step>

  <Step title="Install Onyx requirements">
    Onyx requires `git`, `docker`, and `docker compose`.

    To install these on Amazon Linux 2023, run the following:

    ```bash theme={null}
    sudo yum update -y

    sudo yum install docker -y
    sudo service docker start

    sudo curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-compose

    sudo yum install git
    ```
  </Step>

  <Step title="Install and Configure Onyx">
    To install Onyx, we'll need to clone the repo and set the necessary environment variables.

    ```bash theme={null}
    git clone --depth 1 https://github.com/onyx-dot-app/onyx.git

    cd onyx/deployment/docker_compose
    cp env.prod.template .env
    cp env.nginx.template .env.nginx
    ```

    Fill out the `.env` and `.env.nginx` files.

    ```bash .env expandable theme={null}
    WEB_DOMAIN=<YOUR_DOMAIN>  # Something like "onyx.app"

    # If your email is something like "chris@onyx.app", then this should be "onyx.app"
    # This prevents people outside your company from creating an account
    VALID_EMAIL_DOMAINS=<YOUR_COMPANIES_EMAIL_DOMAIN>

    # See our auth guides for options here
    AUTH_TYPE=
    ```

    ```bash .env.nginx theme={null}
    DOMAIN=<YOUR_DOMAIN>  # Something like "onyx.app"
    ```
  </Step>

  <Step title="Launch Onyx">
    Running the `init-letsencrypt.sh` script will get us a SSL certificate from letsencrypt and launch the Onyx stack.

    ```bash theme={null}
    ./init-letsencrypt.sh
    ```

    <Warning>
      You will hit an error if you fail the letsencrypt workflow more than 5 times.
      You will need to wait 72 hours or request a new domain.
    </Warning>

    If you are skipping the HTTPS setup, start Onyx manually:

    ```bash theme={null}
    docker compose -f docker-compose.dev.yml -p onyx-stack up -d --build --force-recreate
    ```

    <Note>
      Give Onyx a few minutes to start up.

      You can monitor the progress with `docker logs onyx-stack-api_server-1 -f`.
    </Note>

    You can access Onyx from the instance Public IPv4 or from the domain you set up earlier!
  </Step>
</Steps>

## Next Steps

<CardGroup cols={2}>
  <Card title="Configure Authentication" icon="shield-check" href="/deployment/authentication/basic">
    Set up authentication for your Onyx deployment with OAuth, OIDC, or SAML.
  </Card>

  <Card title="More Onyx Configuration Options" icon="gear" href="/deployment/configuration/configuration">
    Learn about all available configuration options for your Onyx deployment.
  </Card>
</CardGroup>