Home Features Screenshots Downloads Docs FAQ GitHub

Documentation

Everything you need to deploy, configure, and extend Bastion.

Getting Started

Bastion is designed to be easy to self-host. The quickest way to get started is with Docker Compose, which sets up the entire stack — backend, database, and cache — in a single command.

Terminal 
git clone https://github.com/Calmingstorm/bastion.git
cd bastion
cp .env.example .env    # Edit with your settings
docker compose up -d

That's it! Open http://localhost:8080 in your browser to access your Bastion instance. The first user to register becomes the server owner.

Requirements

Minimum requirements for self-hosting:

Component Minimum Recommended
CPU1 core2+ cores
RAM512 MB1+ GB
Storage1 GB10+ GB (for file uploads)
Docker20.10+Latest
Docker Composev2.0+Latest

Bastion runs well on budget VPS providers like Linode, DigitalOcean, or Hetzner. A $5/month instance is sufficient for small communities.

Installation

Detailed installation steps:

1. Clone the repository

Terminal
git clone https://github.com/Calmingstorm/bastion.git
cd bastion

2. Configure environment

Terminal
cp .env.example .env

Edit .env with your preferred settings. At minimum, change JWT_SECRET to a random string. See Configuration for all options.

3. Start the stack

Terminal
docker compose up -d

4. Verify

Terminal
# Check all containers are running
docker compose ps

# View logs
docker compose logs -f bastion

Configuration

Bastion is configured via environment variables. Here are the key options:

Variable Default Description
DATABASE_URLPostgreSQL connection string
REDIS_URLRedis connection string
JWT_SECRETSecret for JWT token signing (required)
PORT8080HTTP server port
UPLOAD_MAX_SIZE25MBMaximum file upload size
UPLOAD_DIR./uploadsFile upload storage path
S3_ENDPOINTS3-compatible storage endpoint (optional)
S3_BUCKETS3 bucket name
S3_ACCESS_KEYS3 access key
S3_SECRET_KEYS3 secret key
CORS_ORIGINS*Allowed CORS origins (comma-separated)
LOG_LEVELinfoLogging level (debug, info, warn, error)

Reverse Proxy

For production deployments, use a reverse proxy with automatic HTTPS. Here's a recommended Caddy configuration:

Caddyfile
chat.yourdomain.com {
    reverse_proxy localhost:8080
}

Nginx alternative:

nginx.conf
server {
    server_name chat.yourdomain.com;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Bot Development

Bastion supports bots with a familiar API. Create a bot user in your server settings, then use the bot token to authenticate API requests.

Creating a Bot

  1. Go to Server Settings → Bots
  2. Click "Create Bot"
  3. Give it a name and save
  4. Copy the bot token (keep it secret!)

Example: Sending a Message

Python
import requests

TOKEN = "your-bot-token"
BASE_URL = "https://your-instance.com/api/v1"

# Send a message to a channel
response = requests.post(
    f"{BASE_URL}/channels/{channel_id}/messages",
    headers={"Authorization": f"Bot {TOKEN}"},
    json={"content": "Hello from my bot!"}
)

Slash Commands

Register slash commands via the API, then handle interactions via your configured webhook endpoint:

Python
# Register a slash command
requests.post(
    f"{BASE_URL}/applications/{app_id}/commands",
    headers={"Authorization": f"Bot {TOKEN}"},
    json={
        "name": "ping",
        "description": "Check if the bot is alive",
        "type": 1
    }
)

API Overview

Bastion exposes a RESTful API at /api/v1/. All endpoints accept and return JSON. Authentication is via Bearer token in the Authorization header.

Key Endpoints

MethodEndpointDescription
POST/auth/registerCreate a new account
POST/auth/loginGet access token
GET/users/@meGet current user
GET/guildsList user's servers
POST/guildsCreate a server
GET/channels/{id}/messagesGet channel messages
POST/channels/{id}/messagesSend a message
GET/guilds/{id}/membersList server members
GET/guilds/{id}/rolesList server roles

WebSocket connections for real-time events are established at /ws with a valid access token.

Webhooks

Webhooks let you send messages to channels from external services without a bot user. Create a webhook in channel settings, then POST to the webhook URL:

cURL
curl -X POST "https://your-instance.com/api/v1/webhooks/{id}/{token}" \
  -H "Content-Type: application/json" \
  -d '{"content": "Deployment successful!", "username": "CI Bot"}'

Troubleshooting

Container won't start

Check logs with docker compose logs bastion. Common issues: missing environment variables (especially JWT_SECRET), database not ready yet (restart with docker compose restart bastion).

WebSocket connection fails

If using a reverse proxy, ensure WebSocket upgrade headers are passed through. See the Reverse Proxy section for correct configuration.

File uploads not working

Ensure the UPLOAD_DIR exists and is writable by the container. If using S3, verify your credentials and bucket permissions.

Database migration errors

Migrations run automatically on startup. If they fail, check that your PostgreSQL version is 14+ and the database user has CREATE TABLE permissions.

← Back to Home FAQ →