Skip to main content
For production deployments, serve the Avatar Server over HTTPS so that browsers and LiveKit agents can connect securely. Avaluma ships a Caddy reverse proxy configuration alongside the Avatar Server that automatically obtains and renews TLS certificates from Let’s Encrypt — no manual certificate management required. The proxy and the Avatar Server share a Docker bridge network called avaluma-net, so both Compose stacks must be running at the same time.

Steps

1

Start the Avatar Server

Make sure the Avatar Server is already running before you start the proxy. If you have not set it up yet, follow the Setup guide first, then return here.Confirm the server is healthy by running the following from the avatar-server/ directory:
docker compose logs -f
2

Update the Domain

Open reverse_proxy/Caddyfile and replace api.avaluma.ai with your own domain name:
your-domain.com {
    reverse_proxy avaluma-avatar-server:8080
}
Caddy routes all incoming HTTPS traffic on port 443 to the Avatar Server container using the shared avaluma-net network. The container name avaluma-avatar-server is the DNS name Caddy uses to reach the server — do not change it unless you also rename the service in docker-compose.yaml.
3

Start the Proxy

From the reverse_proxy/ directory, start the Caddy container:
cd reverse_proxy
docker compose up -d
Caddy automatically requests a TLS certificate for your domain and begins renewing it before it expires. Certificates are persisted in a named Docker volume (caddy_data) so they survive container restarts.To verify the proxy is running:
docker compose logs -f
4

Update the Avatar Server Config

Now that the server is accessible over HTTPS, update API_SERVER_HOST in the avatar server’s docker-compose.yaml to match your domain:
environment:
  - API_SERVER_HOST=your-domain.com
Restart the Avatar Server to apply the change:
docker compose up -d

Full Reverse Proxy Reference

# Change this to your own domain name
api.avaluma.ai {
    reverse_proxy avaluma-avatar-server:8080

    @css {
        path *.css
    }
    header @css Content-Type "text/css; charset=utf-8"

    @js {
        path *.js
    }
    header @js Content-Type "application/javascript; charset=utf-8"
}
Both Compose files must use the same Docker network. The included configurations define avaluma-net as a bridge network. Do not rename this network unless you update both avatar-server/docker-compose.yaml and reverse_proxy/docker-compose.yaml to match.
After enabling HTTPS, update the AVATAR_SERVER_URL variable in your LiveKit agent’s .env.local file to https://your-domain.com so the agent connects over the secure endpoint.