Self-host Crypton BYOD

Run the BYOD SMS platform on your infrastructure with a single Docker container. Same Companion app, your URL, your data.

Quick start (local test) Source & registry docs

Before you start

A short checklist so the first boot goes smoothly.

  • Docker installed (Docker Desktop or Engine on Linux)
  • A few GB free disk space for the image and persistent /data volume
  • Companion requires https:// — the image includes self-signed HTTPS on port 9443 by default
  • Crypton Companion app on your Android device (download from this site); Server URL must be https://

Quick start (local test)

Try the published image in a few minutes on your machine.

Pull the public image from GitLab Container Registry 
docker pull registry.gitlab.com/rinzler-labs/crypton-byod-platform:latest
Single container — FrankenPHP/Caddy serves HTTP :9090 and HTTPS :9443 on 0.0.0.0 
docker run -d --name crypton-byod \
  -p 0.0.0.0:9090:9090 -p 0.0.0.0:9443:9443 \
  -v crypton-byod-data:/data registry.gitlab.com/rinzler-labs/crypton-byod-platform:latest
Setup wizard and web UI (accept the self-signed cert warning in the browser) 
https://localhost:9443/setup
https://localhost:9443
Companion on your phone — set BYOD_TLS_LAN_IP to your host LAN IP (cert SAN must match) 
# compose.env (or docker run -e …)
BYOD_TLS_LAN_IP=192.168.1.10
BYOD_LAN_URL=https://192.168.1.10:9443

Setup walkthrough

From empty server to a provisioned phone.

1

Pull the Docker image

Images are published as latest, 0.1, and v0.1 tags. Use latest for testing or pin a version for production.

2

Start the container

One container exposes HTTP on 9090 and self-signed HTTPS on 9443 (bound to 0.0.0.0). Certs are generated under /data/certs on first start. All state lives on the /data volume — back it up before upgrades.

3

First-time install & wizard

On first launch the container installs PHP and frontend dependencies, then shows a waiting page. When ready, open /setup over HTTPS: environment, owner account, preferences, then encryption and recovery in the web UI.

4

Connect Companion

Create a device in the dashboard and copy the CRYPT code. In Companion, set Server URL to your https:// origin (no trailing slash), then provision. The app only allows HTTPS — not http:// to the container. Self-signed certificates work if you enable “Allow self-signed TLS” in Companion.

5

Production HTTPS

For a public domain, set BYOD_PUBLIC_URL=https://your.domain and open ports 80 and 443 — Caddy obtains Let's Encrypt automatically. To use nginx, Traefik, or a cloud load balancer instead, set BYOD_TLS=off and proxy to http://…:9090.

HTTPS for Companion

Companion requires https:// for your Server URL. The quick start serves https://localhost:9443 (self-signed) and http://localhost:9090.

A publicly trusted certificate is ideal for production (set BYOD_PUBLIC_URL to your domain). On a private LAN, use the built-in self-signed cert and enable “Allow self-signed TLS” in Companion.

Optional — external nginx when BYOD_TLS=off (proxy to container HTTP port) 
server {
    listen 443 ssl;
    server_name byod.example.com;

    ssl_certificate     /etc/ssl/byod/fullchain.pem;
    ssl_certificate_key /etc/ssl/byod/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:9090;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
Server URL in Companion (HTTPS only) 
https://byod.example.com

Docker Compose (optional)

For a repeatable deployment, use the compose files from the project repository.

Clone or download crypton-byod-platform, set BYOD_IMAGE_TAG and BYOD_TLS_LAN_IP in compose.env, then docker compose pull && docker compose up -d. See the repository README for optional profiles (mail testing).

View repository on GitLab

Prefer hosted BYOD on crypton.sh?

You do not have to self-host. Subscribe to BYOD on Crypton, use crypton.sh as Server URL in Companion, and manage devices from your Crypton account.

Learn about hosted BYOD

Common questions

Self-hosting basics.

The platform software is the same family of features (devices, SMS, web UI). Hosted BYOD on crypton.sh is a managed subscription on our infrastructure. Self-hosting means you operate Crypton BYOD Platform on your own servers; Companion points at your URL instead of https://crypton.sh.

No. Self-hosting works standalone with your own SMTP or log mailer. Optionally you can link the instance to crypton.sh for notification email relay and install registry — configure that in the web UI under Account → Instance.

Always from crypton.sh, even when your BYOD server is self-hosted. Only the Server URL in the app changes.

Docker is the supported path. Bare-metal PHP/npm installs are not supported for production use.

No. Companion only accepts https:// for the Server URL. Use https://localhost:9443 on this machine, or https://:9443 from a phone — set BYOD_TLS_LAN_IP in compose.env so the self-signed certificate matches your host IP.
Companion app Source & registry docs