This README explains how to deploy Trigger v4 using Coolify v4 with Traefik, separating the Webapp and the Worker/Supervisor. It also considers an existing External Docker Registry.
Tested with the official
trigger.dev@4.0.0Docker Compose template as base and adapted for Coolify (withoutports:and leveraging Magic Env Vars likeSERVICE_FQDN_*andSERVICE_PASSWORD_*).
- Coolify v4 with Traefik active.
- Server (Webapp) and (Worker) added in Coolify and Healthy.
- DNS pointing to the Webapp server (for the Webapp domain).
- External Docker Registry operational, with credentials.
- (Optional) Wildcard domain in Coolify for automatic FQDNs.
- Webapp: exposed to Internet via Coolify's Traefik. Manages UI, API, worker group tokens, etc.
- Worker (Supervisor): not publicly exposed. Connects outbound to the Webapp via HTTPS (
TRIGGER_API_URL) and executes workloads in ephemeral containers via Docker. - Webapp internal services: Postgres, Redis, ElectricSQL (Realtime), ClickHouse (metrics), MinIO (object storage) β same as in the official Compose.
- Create "Docker Compose (Raw)" resource in Coolify for the Webapp, paste the
webappYAML below. - In the webapp resource Environment:
- Generate secrets with Magic Vars (
SERVICE_PASSWORD_*) or paste your own values. - Fill in External Registry credentials (
DEPLOY_REGISTRY_*) if you'll use deploys from the Webapp.
- Generate secrets with Magic Vars (
- Deploy Webapp and configure the domain generated by
SERVICE_FQDN_WEBAPP_3000asAPP_ORIGIN/LOGIN_ORIGIN/API_ORIGIN(already in the YAML). - In the Webapp log, check for the
TRIGGER_WORKER_TOKEN(shown once). Copy the token. - Create a Docker Compose (Raw) resource for the Worker, paste the
workerYAML below and set in Environment:TRIGGER_API_URL=https://your-webapp-domainOTEL_EXPORTER_OTLP_ENDPOINT=https://your-webapp-domain/otelTRIGGER_WORKER_TOKEN=<copied-token>MANAGED_WORKER_SECRET=<same as in Webapp>
- Deploy Worker. Verify in the Webapp that the worker appears as online.
- Use
SERVICE_PASSWORD_SESSION,SERVICE_PASSWORD_MAGIC,SERVICE_PASSWORD_ENCRYPTION,SERVICE_PASSWORD_MANAGEDWORKER,SERVICE_PASSWORD_POSTGRES,SERVICE_PASSWORD_MINIO,SERVICE_PASSWORD_64_CLICKHOUSE, etc. - Coolify generates them once per resource and maintains the same value between deployments (useful so sessions/tokens don't get invalidated accidentally).
- You can substitute them with your own values if you prefer.
- Webapp: open
https://<your-FQDN>β create initial account β check the log for the magic email link. - Logs: if Worker doesn't connect, check
TRIGGER_API_URL,OTEL_EXPORTER_OTLP_ENDPOINT,TRIGGER_WORKER_TOKENand that the server has Internet access.
- Worker doesn't appear online:
- Check
TRIGGER_WORKER_TOKEN(no spaces or line breaks). - Verify
TRIGGER_API_URLandOTEL_EXPORTER_OTLP_ENDPOINT(valid HTTPS). - Ensure Internet access from the Worker server.
- Check
- Build/pull errors for run images:
- Configure
DOCKER_REGISTRY_*in Worker and dodocker loginif using private images.
- Configure
- Email login links:
- If you don't configure provider (
EMAIL_TRANSPORT), magic links stay in Webapp logs.
- If you don't configure provider (
- Changed
SESSION_SECRET:- Existing sessions will be invalidated. Avoid in production.
- CORS/origins:
- Always use the same domain in
APP_ORIGIN/LOGIN_ORIGIN/API_ORIGIN(in this README they're derived fromSERVICE_FQDN_WEBAPP_3000).
- Always use the same domain in
- This README assumes split setup: that's why there's no
shared:/home/node/sharedvolume noruser: root/chown, norTRIGGER_WORKER_TOKEN=file://.... - If you ever run everything on the same host, you can restore the
sharedand "bootstrap" (TRIGGER_BOOTSTRAP_ENABLED=1) so the token gets deposited in a file.
Ready! Copy/paste the YAMLs in Coolify and fill in the minimum variables. If you want, also add a version without ClickHouse/MinIO pointing to external services.