Docker (OpenAPI)
This feature was added in: v0.55.0.
This page assumes you’ve gone through the OpenAPI quickstart.
To deploy BAML as a RESTful API, you’ll need to do three things:
- host your BAML functions in a Docker container
- update your app to call it
- run BAML and your app side-by-side using
docker-compose
Read on to learn how to do this with docker-compose
.
You can also run baml-cli
in a subprocess from your app directly, and we
may recommend this approach in the future. Please let us know if you’d
like to see instructions for doing so, and in what language, by asking in
Discord or on the GitHub issue.
Host your BAML functions in a Docker container
In the directory containing your baml_src/
directory, create a
baml.Dockerfile
to host your BAML functions in a Docker container:
Using docker-compose
Using docker
Assuming you intend to run your own application in a container, we recommend
using docker-compose
to run your app and BAML-over-HTTP side-by-side:
To call the BAML server from your laptop (i.e. the host machine), you must use
localhost:2024
. You may only reach it as baml-over-http:2024
from within
another Docker container.
To verify for yourself that BAML-over-HTTP is up and running, you can run:
Update your app to call it
Update your code to use BAML_ENDPOINT
, if set, as the BAML address. This
will allow you to point it at baml-cli
running in another Docker container.
Go
Java
PHP
Ruby
Rust
Run your app with docker-compose
Replace debug-container
with the Dockerfile for your app in the
docker-compose.yaml
file:
Additionally, you’ll want to make sure that you generate the BAML client at
image build time, because baml_client/
should not be checked into your repo.
This means that in the CI workflow you use to push your Docker images, you’ll want to do something like this:
(Optional) Secure your BAML functions
To secure your BAML server, you can also set a password on it using the
BAML_PASSWORD
environment variable:
bash
Dockerfile
This will require incoming requests to attach your specified password as
authorization metadata. You can verify this by confirming that this returns 403 Forbidden
:
If you attach your password to the request, you’ll see that it now returns 200 OK
:
Using HTTP basic auth
Using X-BAML-API-KEY
BAML_PASSWORD
will secure all endpoints except /_debug/ping
, so that you
can always debug the reachability of your BAML server.