Coequal

Appearance

Running with Docker

Coequal publishes multi-architecture Docker images (amd64 and arm64) to a private Amazon ECR repository.

Image 

845238243589.dkr.ecr.us-east-2.amazonaws.com/coequal:latest

The image is built on gcr.io/distroless/static:nonroot — it contains only the static binary, CA certificates, and a non-root user. No shell, no package manager, minimal attack surface.

Authenticating to the registry

The registry is private. Contact Coequal to receive an AWS IAM access key ID and secret access key with pull-only access to the repository (the coequal-ecr-customer-pull managed policy).

Configure the credentials locally — either via aws configure or environment variables:

bash
export AWS_ACCESS_KEY_ID="AKIA..."
export AWS_SECRET_ACCESS_KEY="..."
export AWS_DEFAULT_REGION="us-east-2"

Then log Docker in to ECR. The token is valid for 12 hours:

bash
aws ecr get-login-password --region us-east-2 \
  | docker login --username AWS --password-stdin 845238243589.dkr.ecr.us-east-2.amazonaws.com

TIP

For long-running hosts, configure the Amazon ECR Docker Credential Helper so Docker refreshes ECR tokens automatically — no cron job needed.

Run

bash
docker run -d \
  --name coequal \
  -p 8080:8080 \
  -e DATABASE_URL="postgres://user:pass@host:5432/coequal?sslmode=disable" \
  -e KINDE_DOMAIN="https://your-tenant.kinde.com" \
  -e KINDE_CLIENT_ID="your-client-id" \
  -e KINDE_CLIENT_SECRET="your-client-secret" \
  -e KINDE_REDIRECT_URI="https://app.example.com" \
  -e KINDE_LOGOUT_URI="https://app.example.com" \
  -e MAILER_TRANSPORT="log" \
  -e MAILER_FROM_NAME="Coequal" \
  -e MAILER_FROM_EMAIL="noreply@example.com" \
  845238243589.dkr.ecr.us-east-2.amazonaws.com/coequal:latest

Docker Compose

yaml
services:
  postgres:
    image: postgres:17
    environment:
      POSTGRES_USER: coequal
      POSTGRES_PASSWORD: coequal
      POSTGRES_DB: coequal
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U coequal"]
      interval: 5s
      timeout: 5s
      retries: 5

  coequal:
    image: 845238243589.dkr.ecr.us-east-2.amazonaws.com/coequal:latest
    ports:
      - "8080:8080"
    depends_on:
      postgres:
        condition: service_healthy
    environment:
      DATABASE_URL: "postgres://coequal:coequal@postgres:5432/coequal?sslmode=disable"
      KINDE_DOMAIN: "https://your-tenant.kinde.com"
      KINDE_CLIENT_ID: "your-client-id"
      KINDE_CLIENT_SECRET: "your-client-secret"
      KINDE_REDIRECT_URI: "https://app.example.com"
      KINDE_LOGOUT_URI: "https://app.example.com"
      MAILER_TRANSPORT: "log"
      MAILER_FROM_NAME: "Coequal"
      MAILER_FROM_EMAIL: "noreply@example.com"

volumes:
  pgdata:
bash
docker compose up -d

Pinning a version

Use a specific version tag instead of latest:

bash
845238243589.dkr.ecr.us-east-2.amazonaws.com/coequal:1.2.0