Docker Deploy is MIOSA’s dedicated workspace host model for customers that need many small apps, funnels, lead magnets, APIs, or client sites without creating a new production VM for every deployment.
How it works
When Docker Deploy is enabled for a workspace, MIOSA provisions one always-on managed Computer for that workspace. That Computer runs:
- A white-labeled Docker Deploy portal for the workspace.
- A MIOSA-private deployment agent.
- One or more app containers created from sandbox release artifacts.
The deployment still belongs to the MIOSA organization, workspace, project, and deployment records. The Docker host is execution capacity, not an authorization boundary.
Docker Deploy is not a label on a normal dynamic runtime. For Docker Deploy publishes, MIOSA must wait for the workspace host and private agent to be ready before the deployment can be marked ready. If the host is not active, the publish response stays pending instead of falling back to the standard runtime pool.
Host lifecycle
Create or inspect the workspace host before publishing customer apps:
miosa docker-deploy ensure --workspace <workspace-id>
miosa docker-deploy hosts --workspace <workspace-id>The host moves through provisioning states until the MIOSA Computer is reachable and the private Docker Deploy agent passes health checks.
| State | Meaning |
|---|---|
provisioning | MIOSA is creating or starting the workspace Computer. |
bootstrapping | The portal and private deployment agent are being installed. |
active | The host is healthy and can accept Docker Deploy publishes. |
failed | MIOSA could not provision or bootstrap the host. Retry after fixing the reported issue. |
Each enabled workspace normally has one Docker Deploy host. That host can run many app containers, and MIOSA still accounts deployments individually by organization, workspace, project, and deployment.
Default URL behavior
Until a custom domain is attached, MIOSA returns a managed URL. For a Clinic IQ style setup that might look like:
dr-smith-intake.cliniciq.miosa.appIf the organization configures its own preview/deployment domain, workspace and project deployments can use that domain instead:
intake.cliniciq.dev
program.drsmithclinic.comThe exact URL is always returned by the publish/deploy response. Do not construct it in your app.
Workspace and project scoping
Docker Deploy follows the same MIOSA attribution model as sandboxes and normal deployments:
organization
workspace
project
sandbox
deployment
domains
data servicesFor multi-tenant products, pass your external IDs when creating workspaces, projects, sandboxes, and deployments. MIOSA stores those for billing, support, and customer mapping.
Publishing to Docker Deploy
Use Docker Deploy when you want a sandbox artifact to run on the workspace Docker host instead of the standard dynamic runtime pool.
miosa deploy --docker-deployThe backend flow is:
- Freeze the sandbox files into a release artifact.
- Ensure the workspace Docker Deploy host is active.
- Upload the release to that workspace host.
- Build and run the app as a container on the host.
- Register MIOSA routing to the returned host port.
- Return the live deployment URL.
If the host is still provisioning, the API returns ready: false instead of silently serving the app through a standard runtime.
Starter templates
Docker Deploy templates are curated app shapes for agents, SDKs, and the UI. They do not replace your project code. They provide Dockerfile, Compose, command, port, environment, persistence, and design-context defaults before a sandbox or repository is published.
| Template | Best for | Runtime |
|---|---|---|
| Next.js App | SaaS portals, dashboards, client apps | Node |
| Next.js Funnel / Landing Page | funnels, lead magnets, campaign sites | Node |
| Vite React SPA | static React apps, calculators, widgets | Nginx |
| Express / Node API | webhooks, integrations, lightweight APIs | Node |
| FastAPI Service | Python APIs, AI helper services, data tools | Python |
| Static HTML Site | documents, one-page tools, static downloads | Nginx |
| Compose Full-Stack App | web + API + worker + Postgres + Redis on one host | Docker Compose |
Template metadata is returned by:
GET /api/v1/docker-deploy/templates
GET /api/v1/docker-deploy/templates/:idUse a template id as metadata when creating a deployment so the deployment center can show the intended build shape and recover the defaults later:
{
"deployment_product": "docker_deploy",
"metadata": {
"docker_deploy_template_id": "compose-full-stack"
}
}Runtime boundary
Docker Deploy uses two different host-side services:
| Service | Visibility | Purpose |
|---|---|---|
| Portal | User-facing, white-labeled | Shows the workspace deployment center. |
| Agent | MIOSA-private network only | Receives release artifacts and starts containers. |
Never expose the agent URL, Docker socket, host IP, or internal API key to browsers or customer code. SDKs, MCP tools, and customer apps should call MIOSA APIs; MIOSA talks to the workspace host.
Domains
Domains can be set at several levels:
| Level | Example | Use |
|---|---|---|
| Organization | cliniciq.dev | Default customer preview/deployment domain |
| Workspace | drsmith.cliniciq.dev | Client or expert workspace domain |
| Deployment | program.drsmithclinic.com | Exact app/site/funnel domain |
MIOSA still verifies DNS, issues TLS, and routes traffic. The Docker Deploy host only runs the app containers.
What users see
Customers see MIOSA or your white-labeled product language. They should not see provider names, raw host IPs, Docker socket details, or internal agent URLs.
API and SDKs
Use the Docker Deploy host APIs when your app needs to prepare a workspace before a publish:
GET /api/v1/docker-deploy/hosts?workspace_id=<workspace-id>
POST /api/v1/docker-deploy/hosts/ensure
GET /api/v1/docker-deploy/hosts/:idThe TypeScript and Python SDKs expose the same host operations. MCP tools are available for agents that need to check or ensure the workspace host before publishing.