Is this Compose file official?
No. It is an Agent Guide adaptation of the official Docker run pattern. Verify it against the official Docker docs before production use.
Repeatable Docker service
Hermes Agent Docker Compose guide
Docker Compose is useful when you want the official Docker run pattern in a repeatable service file. Use a dedicated data mount, bind ports locally by default, generate API keys outside the file, and back up the data directory before upgrades.
Agent Guide is an independent editorial resource. It is not affiliated with, endorsed by, or sponsored by Nous Research, Hermes Agent, or Hermes/Hermes brand owners. Product names and marks belong to their respective owners.
Short answer
Use Docker Compose for Hermes Agent when you want the same data directory, ports, environment variables, and restart policy to be repeatable. Do not expose the API or dashboard to the internet until you understand authentication, CORS, and gateway allowlists.
The most important choice is the data mount. The official Docker docs describe a mounted directory at /opt/data; that directory contains persistent user data such as config, API keys, sessions, skills, and memories.
Minimal Compose template
This template binds the API port to localhost on the host. If you need external access, put an authenticated reverse proxy in front of it and revisit CORS and allowlists.
services:
hermes:
image: nousresearch/hermes-agent:latest
container_name: hermes
restart: unless-stopped
command: gateway run
volumes:
- ./data:/opt/data
ports:
- "127.0.0.1:8642:8642"
environment:
API_SERVER_ENABLED: "true"
API_SERVER_HOST: "0.0.0.0"
API_SERVER_KEY: "${API_SERVER_KEY}"
# Before first run:
# mkdir -p data
# export API_SERVER_KEY="$(openssl rand -hex 32)"
# docker compose up -dOperating checklist
- Create
./dataintentionally and include it in your backup plan. - Generate
API_SERVER_KEYoutside the Compose file and do not commit.envwith real secrets. - Use localhost port binding first; add external access only after authentication and firewall review.
- Run
docker compose logs --tail=100 hermesafter startup and save sanitized errors. - Back up
./databeforedocker compose pulland recreate.
Failure modes and fixes
| Symptom | Probable cause | Fix |
|---|---|---|
| Container starts but setup is missing | Data directory not initialized | Run an interactive setup first or inspect logs for setup prompts. |
| API is reachable from too many places | Port bound to all interfaces or exposed by proxy | Bind to 127.0.0.1 and add an authenticated proxy only if needed. |
| Secrets appear in git | .env or Compose override committed | Rotate keys and add secret files to ignore rules. |
| Update loses state | Wrong data mount or removed volume | Restore backup and confirm /opt/data maps to the expected host directory. |
Security notes
- Compose is not a security boundary by itself; Docker settings, mounts, ports, and secrets are the boundary.
- Do not mount your full home directory into the container.
- Treat the Hermes data directory as sensitive because it can hold provider configuration and session state.
- Do not publish logs until API keys, chat tokens, paths, and private prompts are scrubbed.
Direct answer
Docker Compose is useful when you want the official Docker run pattern in a repeatable service file. Use a dedicated data mount, bind ports locally by default, generate API keys outside the file, and back up the data directory before upgrades.
This page is part of Agent Guide's independent Hermes Agent cluster. It is source-backed and labelled when first-hand execution has not been run.
What this page does not cover
- It does not replace the official Hermes Agent documentation.
- It does not claim official affiliation with Nous Research.
- It does not claim first-hand testing unless the page explicitly says so.
Official sources reviewed
| Source | Used for | Last checked | Confidence |
|---|---|---|---|
| Hermes Agent Docker guide | Docker run modes, mounted data directory, gateway operation, ports, and production cautions. | 2026-06-02 | high |
| Hermes Agent security guide | Approval modes, gateway authorization, Docker terminal backend hardening, and credential cautions. | 2026-06-02 | high |
| Hermes Agent configuration guide | Provider, model, backend, and environment configuration patterns. | 2026-06-02 | high |
Known caveats: The official Docker docs show docker run examples. This Compose file is an Agent Guide template adapted from that source pattern; test it in a disposable environment before production.
FAQ
Should I expose port 8642 publicly?
Not by default. Bind locally first, then add authentication, firewalling, and a reverse proxy only when external access is required.
Operator checklist
Get the Agent Guide launch checklist
Receive the smoke-test order for install path, sandbox boundary, provider setup, source review, and production checks.