How-to
How to deploy Meilisearch on Docker in 5 minutes
You can have a production-ready Meilisearch running on Docker in under five minutes — one container, one persistent volume, one master key, and a reverse proxy for HTTPS. This guide walks through the minimum viable deployment and the small operational details that matter.
The 30-second version
docker run -d \
--name meilisearch \
-p 7700:7700 \
-v $(pwd)/meili_data:/meili_data \
-e MEILI_MASTER_KEY="$(openssl rand -hex 32)" \
-e MEILI_ENV="production" \
--restart unless-stopped \
getmeili/meilisearch:v1.13
That's a complete production Meilisearch deployment. Let's walk through what each line does and why it matters.
Step 1: pin the version
Use a specific version tag (v1.13) instead of latest. Meilisearch ships breaking changes between minor versions occasionally, and "the engine version updated when the container restarted" is exactly the kind of bug you don't want at 3am.
Step 2: persistent storage
Mount a host directory (or named Docker volume) at /meili_data. Without this, every container restart wipes your indexes. The directory needs ~3× the disk space of your largest index for indexing-time scratch space.
Step 3: set the master key
Generate a strong master key once and store it in a secret manager. The example uses openssl rand -hex 32 to generate 64 random hex characters. The key has to be at least 16 bytes for Meilisearch to accept it in production mode.
Once you set the master key, write it down somewhere safe. If you lose it, the only recovery is to reset the database and reindex. See our admin key security guide for the full operational story.
Step 4: production mode
Setting MEILI_ENV=production enables several safety checks: it requires a master key, disables anonymous telemetry, and enforces stricter HTTP defaults. Always set this in production. The default development mode is for local-only work.
Step 5: restart policy
--restart unless-stopped tells Docker to restart the container after host reboots and after the process exits unexpectedly. Combined with the persistent volume from step 2, this gives you a Meilisearch that survives both crashes and reboots.
Step 6: add a reverse proxy for HTTPS
Meilisearch listens on plain HTTP. For production, put a reverse proxy in front of it that terminates TLS. Caddy is the simplest option:
# /etc/caddy/Caddyfile
search.example.com {
reverse_proxy localhost:7700
}
Caddy automatically provisions a Let's Encrypt certificate on first request. Nginx or Traefik work the same way with their own config syntax.
Production checklist
- ✅ Pinned version tag (not
latest) - ✅ Persistent volume for
/meili_data - ✅ Master key set via env var, stored in a secret manager
- ✅
MEILI_ENV=production - ✅ Reverse proxy with HTTPS (Caddy / nginx / Traefik)
- ✅ Restart policy set to
unless-stopped - ✅ Backup strategy (see our dumps vs snapshots guide)
- ✅ Monitoring (at minimum: a hit on
GET /healthevery 5 minutes)
docker-compose alternative
For projects that already use Docker Compose, here's the equivalent:
# docker-compose.yml
services:
meilisearch:
image: getmeili/meilisearch:v1.13
container_name: meilisearch
ports:
- "7700:7700"
volumes:
- meili_data:/meili_data
environment:
MEILI_MASTER_KEY: ${MEILI_MASTER_KEY}
MEILI_ENV: production
restart: unless-stopped
volumes:
meili_data:
Set MEILI_MASTER_KEY in a .env file (gitignored) and you're done.
Resource sizing
| Index size | RAM | Disk |
|---|---|---|
| < 100k documents | 1 GB | 2 GB |
| 100k–1M documents | 2 GB | 10 GB |
| 1M–10M documents | 4–8 GB | 50 GB |
| 10M+ documents | 16 GB+ | 100 GB+ |
These are starting points. Indexing temporarily uses more RAM than serving queries, so size for the indexing workload, not the steady-state.
FAQ
Can I run Meilisearch in Kubernetes?
Yes — there are community Helm charts. The single-node nature of Meilisearch means you typically run it as a StatefulSet with one replica and a PersistentVolumeClaim, not as a horizontally-scaled Deployment.
Do I need to expose port 7700 to the internet?
Only if your application servers are outside the same Docker network. If your application runs in the same Docker network (or VPC), keep Meilisearch on the internal network and don't expose the port at all.
How do I upgrade Meilisearch versions?
Take a dump first (POST /dumps), then change the image tag in your compose file or docker run command, recreate the container, and import the dump if the data didn't carry over (it usually does for minor upgrades). Always read the Meilisearch changelog for breaking changes between major versions.
What's the best dashboard for managing the deployed instance?
Once your Meilisearch is running, you'll need a way to edit settings, manage API keys, and watch tasks without writing curl by hand. AdminDex exists for exactly this — point it at the URL + master key from this guide and you're set up in 30 seconds.
Stop running Meilisearch from a terminal.
AdminDex gives you a visual dashboard for every Meilisearch instance you own — settings, API keys, tasks, and search analytics.
Related reading
-
Meilisearch admin key security: a complete guide
How Meilisearch admin keys work, what scopes you can grant, how to rotate them safely, and the operational best practices for treating them like production secrets.
-
Self-hosted Meilisearch vs Meilisearch Cloud: when each one wins
Choosing between self-hosting Meilisearch and using Meilisearch Cloud — cost, control, compliance, and operational tradeoffs at every team size.
-
Scaling Meilisearch: when to shard, when to replicate, when to scale up
Meilisearch is single-node by design. Here's how to know when you've outgrown one box and what your scaling options look like at every stage.
Spotted an inaccuracy? Email the AdminDex team →