Deploying AutoGPT (https://github.com/Significant-Gravitas/AutoGPT) in a production environment requires careful configuration and infrastructure setup. Below is a professional deployment workflow I recently implemented for a production server. Always replace placeholder values with your actual credentials.

# Enable Oracle Linux 9 developer repo
sudo dnf config-manager --set-enabled ol9_developer

# Add Docker repository
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

# Install system dependencies
sudo dnf install -y git libffi-devel bzip2-devel ncurses-devel \
    readline-devel wget make gcc zlib-devel openssl-devel \
    mesa-libGL poppler-utils tesseract

# Install Docker components
sudo dnf install -y docker-ce docker-ce-cli containerd.io
sudo systemctl enable --now docker

Command Explanation:

  • dnf config-manager: Manages repository configurations
  • yum-config-manager --add-repo: Adds external package repositories
  • System package installations provide compilation tools, OCR support (Tesseract), and graphics libraries
  • Docker installation creates container runtime environment
  • systemctl enable --now: Enables immediate and persistent service startup

Network & Security Configuration

# Verify Docker status
sudo systemctl status docker

# Install Node.js v23
curl -fsSL https://rpm.nodesource.com/setup_23.x -o nodesource_setup.sh
sudo bash nodesource_setup.sh
sudo dnf install nodejs -y

# Configure firewall
sudo firewall-cmd --permanent --add-port={80,443,8000,8006,8001,3000,8015,8007}/tcp
sudo firewall-cmd --reload

# Install Nginx and Certbot
sudo dnf install -y nginx
sudo dnf install epel-release -y
sudo dnf install certbot python3-certbot-nginx -y

# Obtain SSL certificates
sudo certbot --nginx -d theagenticai.io -d www.theagenticai.io -d db.theagenticai.io

Command Explanation:

  • firewall-cmd: Manages persistent firewall rules for required ports
  • Certbot automates SSL certificate acquisition/renewal via Let's Encrypt
  • Ports include: HTTP(S), WebSockets (8001), API endpoints (8006/8015), and frontend (3000)

Supabase Configuration

  1. Create project at https://supabase.com/

  2. Retrieve critical credentials:

  • JWT Token
  • Anon Key (public)
  • Service Role Secret (private)
  • Vault Secret
  • NEXT_PUBLIC_SUPABASE_ANON_KEY

AutoGPT Deployment

# Download and extract release
wget https://github.com/Significant-Gravitas/AutoGPT/releases/[LATEST_RELEASE].zip
unzip autogpt-platform-beta-v0.6.18.zip
mv AutoGPT-autogpt-platform-beta-v0.6.18/ AutoGPT/
cd AutoGPT/autogpt_platform/

Configuration Management

Replace placeholder values using mass find/replace operations:

# PostgreSQL password
find . -type f -exec sed -i 's/your-super-secret-and-long-postgres-password//gI' {} +

# JWT token (32+ chars)
find . -type f -exec sed -i 's#your-super-secret-jwt-token-with-at-least-32-characters-long##gI' {} +

# Supabase keys
find . -type f -exec sed -i 's|your-supabase-anon-key|eyJhbGciOiJIUzI1NiIs...|g' {} +
find . -type f -exec sed -i 's|your-service-role-key|eyJhbGciOiJIUzI1NiIs...|g' {} +

# Environment configuration
find . -type f -exec sed -i 's|SUPABASE_URL=http://localhost:8000|SUPABASE_URL=|g' {} +

# API keys injection (example)
find . -type f -exec sed -i 's|OPENAI_API_KEY=|OPENAI_API_KEY=sk-proj-...|g' {} +
find . -type f -exec sed -i 's|ANTHROPIC_API_KEY=|ANTHROPIC_API_KEY=sk-ant-...|g' {} +

Critical Replacements:

  1. Database credentials and encryption keys

  2. All API endpoints (Supabase, frontend, WebSockets)

  3. OAuth providers (GitHub, Google)

  4. SMTP credentials for transactional emails

  5. AI service keys (OpenAI, Anthropic, Replicate)

  6. Environment mode switching (CLOUD/prod)

Final Step Build your Container Images

sudo docker compose up -d --build

Verify Installation  

Check running containers:  
sudo docker ps -a

Nginx Proxy Configuration File

create a file under /etc/nginx/conf.d/

# HTTP server block
server {
if ($host = theagenticai.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name theagenticai.io;
large_client_header_buffers 4 32k;
# Serve ACME challenge static files

# !! This is necessary for the HTTP-01 webroot challenge

location ~ /.well-known/acme-challenge {
root /var/www/certbot/theagenticai.io;
allow all;
}


# Redirect all other traffic to HTTPS
location / {
return 301 https://$server_name$request_uri;
}

}

server {
listen 443;
server_name theagenticai.io;
ssl_certificate /etc/letsencrypt/live/theagenticai.io-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theagenticai.io-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
large_client_header_buffers 4 64k;
proxy_set_header Connection "";
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
client_max_body_size 100M; # Increase limit to 10MB


# Reverse proxy for NextJS app

location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;

# Extract token from query string
set $token "";
if ($args ~* "token=([^&]+)") {
set $token $1;
add_header Authorization "Bearer $token" always;
}

# Use token if present, otherwise use Authorization header
proxy_set_header Authorization $http_authorization;
proxy_set_header X-Query-Token $token;
proxy_pass_header Authorization;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

proxy_read_timeout 90;

# Handle CORS preflight requests
if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io/';
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain; charset=utf-8';
return 204;
}

# Add CORS headers for actual requests
# add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With' always;
}

location /ws {
proxy_pass http://localhost:8001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;

# Extract token from query string
set $token "";
if ($args ~* "token=([^&]+)") {
set $token $1;
add_header Authorization "Bearer $token" always;
}

# Use token if present, otherwise use Authorization header
proxy_set_header Authorization $http_authorization;
proxy_set_header X-Query-Token $token;
proxy_pass_header Authorization;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
proxy_connect_timeout 86400s;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# CORS headers
# add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With' always;

# Handle preflight
if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io';
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain; charset=utf-8';
return 204;
}
}

location /auth/callback {
proxy_pass http://localhost:8006/auth/callback;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_set_header Host $host;

# Extract token from query string
set $token "";
if ($args ~* "token=([^&]+)") {
set $token $1;
add_header Authorization "Bearer $token" always;
}

# Use token if present, otherwise use Authorization header
proxy_set_header Authorization $http_authorization;
proxy_set_header X-Query-Token $token;
proxy_pass_header Authorization;


proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# Handle CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io';
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain; charset=utf-8';
return 204;
}


# Add CORS headers for actual requests
add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With' always;
}

location /api/v1/market {
proxy_pass http://localhost:8015/api/v1/market;
proxy_set_header Host $host;

# Extract token from query string
set $token "";
if ($args ~* "token=([^&]+)") {
set $token $1;
add_header Authorization "Bearer $token" always;
}


# Use token if present, otherwise use Authorization header
proxy_set_header Authorization $http_authorization;
proxy_set_header X-Query-Token $token;
proxy_pass_header Authorization;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# Handle CORS preflight requests

if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io';
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain; charset=utf-8';
return 204;
}


# Add CORS headers for actual requests
# add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With' always;
}

location /auth/v1 {
proxy_pass http://localhost:8006/auth/v1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;

# Handle CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io';
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain; charset=utf-8';
return 204;
}

# Add CORS headers for actual requests
add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With' always;
}

location /api {
proxy_pass http://localhost:8006/api;
proxy_set_header Host $host;

# Extract token from query string
set $token "";
if ($args ~* "token=([^&]+)") {
set $token $1;
add_header Authorization "Bearer $token" always;
}

# Use token if present, otherwise use Authorization header
proxy_set_header Authorization $http_authorization;
proxy_set_header X-Query-Token $token;

proxy_pass_header Authorization;
# proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# Handle CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io';
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain; charset=utf-8';
return 204;
}

# Add CORS headers for actual requests
add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With' always;
}


location /api/proxy/api/ {
proxy_pass http://localhost:3000/api/proxy/api/;
proxy_set_header Host $host;

# Extract token from query string
set $token "";
if ($args ~* "token=([^&]+)") {
set $token $1;
add_header Authorization "Bearer $token" always;
}

# Use token if present, otherwise use Authorization header
proxy_set_header Authorization $http_authorization;
proxy_set_header X-Query-Token $token;
proxy_pass_header Authorization;

# proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# Handle CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io';
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain; charset=utf-8';
return 204;
}

# Add CORS headers for actual requests
add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With' always;
}
}

# HTTP server block for www.
server {
if ($host = www.theagenticai.io) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;
server_name www.theagenticai.io;
location ~ /.well-known/acme-challenge {
root /var/www/certbot/theagenticai.io;
allow all;
}


location / {
return 301 https://theagenticai.io$request_uri;
}
}


# HTTP server block for www.
server {
listen 443 ssl; # managed by Certbot
server_name www.theagenticai.io;
ssl_certificate /etc/letsencrypt/live/theagenticai.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theagenticai.io/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
return 301 https://theagenticai.io$request_uri;
}

server {
listen 443 ssl;
server_name db.theagenticai.io;
ssl_certificate /etc/letsencrypt/live/db.theagenticai.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/db.theagenticai.io/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

location / {
proxy_pass http://localhost:8000; # Forward to your service
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;

# Handle CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://theagenticai.io';
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization,x-client-info,x-supabase-api-version,apikey,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain; charset=utf-8';
return 204;
}

# Add CORS headers for actual requests
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, PATCH, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,x-client-info,apikey,Origin,x-supabase-api-version,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With' always;
}
}


Production Considerations

  1. Secrets Management: Avoid hardcoding secrets in files. Use environment variables or secrets management tools

  2. Database: Use managed PostgreSQL instance instead of local DB

  3. Scaling: Implement load balancing for API containers

  4. Monitoring: Add Prometheus/Grafana for performance tracking

  5. Updates: Establish CI/CD pipeline for seamless upgrades

  6. Backups: Regular database backups with point-in-time recovery

Always validate configurations after mass replacements and test all service integrations before production traffic routing. The AutoGPT platform requires significant resources - ensure adequate CPU/Memory allocation especially for AI workloads.

For troubleshooting, monitor container logs with:

Troubleshooting


Docker Build Failures**: Ensure all API keys and credentials are correctly injected.  
Port Conflicts**: Verify ports `3000`, `8000`, and `8001` are open in the firewall.  
SSL Errors**: Renew certificates with `sudo certbot renew`.  

---

Security Notes 


1. Rotate Secrets**: Replace all default credentials post-installation.  
2. Restrict Access**: Use firewall rules to limit access to essential ports.  
3. Monitor Logs**: Check Docker logs with `sudo docker logs `.  

By following this guide, you’ll have a production-ready AutoGPT instance on Oracle Linux 9. For updates, refer to the [AutoGitHub repository](https://github.com/AutoGPT/AutoGPT).