Skip to main content
By default, self-hosted Khoj is only accessible on the machine it is running. To securely access it from a remote machine, follow these steps:
1

Set Domain

Set the KHOJ_DOMAIN environment variable to your remotely accessible IP or domain via shell or docker-compose.yml.Examples:
KHOJ_DOMAIN=my.khoj-domain.com
KHOJ_DOMAIN=192.168.0.4
2

Secure Your Installation

  • Ensure the Khoj Admin password and KHOJ_DJANGO_SECRET_KEY environment variable are securely set.
  • Setup Authentication.
3

Configure Firewall

Open access to the Khoj port (default: 42110) from your OS and Network firewall.

SSL Configuration

To expose Khoj on a custom domain over the public internet, use of an SSL certificate is strongly recommended. You can use Let’s Encrypt to get a free SSL certificate for your domain.
To disable HTTPS, set the KHOJ_NO_HTTPS environment variable to True. This can be useful if Khoj is only accessible behind a secure, private network. 
KHOJ_NO_HTTPS=True

Using Tailscale for Remote Access

You can use Tailscale for easy, secure access to your self-hosted Khoj over the network.
1

Configure Domain

Set KHOJ_DOMAIN to your machine’s Tailscale IP or FQDN on tailnet.
KHOJ_DOMAIN=100.4.2.0
# or
KHOJ_DOMAIN=khoj.tailfe8c.ts.net
2

Access from Any Device

Access Khoj by opening http://tailscale-ip-of-server:42110 or http://fqdn-of-server:42110 from any device on your Tailscale network.
See the Tailscale setup guide for more detailed instructions on using Tailscale with Khoj.

Build docs developers (and LLMs) love

Get started for freeTalk to us