Meilisearch Cloud is the recommended way to run Meilisearch in production environments.
Prerequisites
- A DigitalOcean droplet running Debian 12
- An SSH key pair to connect to that machine
Step 1: Install Meilisearch
Log into your server via SSH, update the list of available packages, and installcurl:
curl to download and run the Meilisearch command-line installer:
/usr/local/bin:
Step 2: Create system user
Running applications as root exposes you to unnecessary security risks. To prevent that, create a dedicated user for Meilisearch:Step 3: Create a configuration file
After installing Meilisearch and taking the first step towards keeping your data safe, you need to set up a basic configuration file. First, create the directories where Meilisearch will store its data:/etc:
meilisearch.toml file so Meilisearch uses the directories you created earlier to store its data, replacing MASTER_KEY with a 16-byte string:
Step 4: Run Meilisearch as a service
In Linux environments, a service is a process that can be launched when the operating system is booting and which will keep running in the background. If your program stops running for any reason, Linux will immediately restart the service, helping reduce downtime.4.1. Create a service file
Service files are text files that tell your operating system how to run your program. Run this command to create a service file in/etc/systemd/system:
4.2. Enable and start service
With your service file now ready to go, activate the service usingsystemctl:
systemctl enable, you’re telling the operating system you want it to run at every boot. systemctl start then immediately starts the Meilisearch service.
Ensure everything is working by checking the service status:
Step 5: Secure and finish your setup
At this point, Meilisearch is installed and running. It is also protected from eventual crashes and system restarts. The next step is to make your instance publicly accessible.5.1. Creating a reverse proxy with Nginx
A reverse proxy is an application that will handle every communication between the outside world and your application. In this tutorial, you will use Nginx as your reverse proxy to receive external HTTP requests and redirect them to Meilisearch. First, install Nginx on your machine:your_domain with your actual domain name (or use _ as a catch-all if you don’t have one yet):
5.2. Enable HTTPS
The only remaining problem is that Meilisearch processes requests via HTTP without any additional security. This is a major security flaw that could result in an attacker accessing your data. This tutorial assumes you have a registered domain name, and you have correctly configured its DNS’sA record to point to your DigitalOcean droplet’s IP address. Consult the DigitalOcean DNS documentation for more information.
Use certbot to enable HTTPS on your server.
First, install the required packages on your system:
2: Redirect.
Certbot will finish configuring Nginx. Once it is done, all traffic to your server will use HTTPS and you will have finished securing your Meilisearch instance.
Your security certificate must be renewed every 90 days. Certbot schedules the renewal automatically. Run a test to verify this process is in place: