khoj-aio

Overview

Khoj is a self-hosted AI second brain for chatting with your docs, the web, and local or hosted LLMs.

All-In-One Unraid Edition
khoj-aio packages the Khoj server with an internally managed PostgreSQL database so beginners can get a clean first boot on Unraid without wiring a separate database container.

Quick Install (Beginners)

Install the template and leave the default appdata paths in place.
Optionally set [code]KHOJ_ADMIN_EMAIL[/code], [code]KHOJ_ADMIN_PASSWORD[/code], and [code]KHOJ_DJANGO_SECRET_KEY[/code].
Leave [code]KHOJ_ANONYMOUS_MODE=true[/code] for the simplest private LAN-first install, then click Apply.
Wait for first boot to finish, open [code]http://SERVER_IP:42110[/code], and restart the container once after the initial setup so all settings are applied cleanly.
If you left the password or secret blank, the container generates secure values and saves them in your mapped config folder at [code]/root/.khoj/aio/generated.env[/code].

Power Users (Advanced View)

Advanced View exposes the practical upstream self-hosted environment surface plus AIO-specific controls.
You can keep the bundled internal PostgreSQL default, or point Khoj at external PostgreSQL, search providers, code sandboxes, identity providers, upload storage, Twilio/Notion integrations, and OpenAI-compatible local or hosted LLM endpoints.
Leave defaults in place for the easiest install. Only set the overrides you actually need.

Important Notes

This image intentionally keeps PostgreSQL bundled because that is the critical first-boot dependency for Khoj on Unraid. Search, sandbox, and provider integrations remain optional advanced add-ons.
If you expose Khoj outside your LAN, set strong admin credentials, configure [code]KHOJ_DOMAIN[/code] and [code]KHOJ_ALLOWED_DOMAIN[/code] correctly, and strongly consider disabling anonymous mode.
Upstream currently documents Google OAuth mainly against the prod [code]khoj-cloud[/code] image, so the Google auth variables below should be treated as expert-only and tested carefully in this standard self-host image flow.

Requirements

For public internet exposure, do not leave anonymous mode enabled unless you intentionally accept that risk. Set strong admin credentials and configure KHOJ_DOMAIN / KHOJ_ALLOWED_DOMAIN before remote access.

Runtime arguments

Web UI: http://[IP]:[PORT:42110]
Network: bridge
Shell: sh
Privileged: false

Template configuration

Web UI PortPorttcp

The main Khoj web interface port.

Target: 42110
Default: 42110
Value: 42110

AppData - Khoj ConfigPathrw

Stores generated credentials, uploads, and Khoj configuration state.

Target: /root/.khoj
Default: /mnt/user/appdata/khoj-aio/config
Value: /mnt/user/appdata/khoj-aio/config

AppData - PostgreSQL DataPathrw

Internal PostgreSQL database storage for the AIO deployment.

Target: /var/lib/postgresql/data
Default: /mnt/user/appdata/khoj-aio/postgres
Value: /mnt/user/appdata/khoj-aio/postgres

Admin EmailVariable

Admin login email for the Khoj admin panel. You can change it later.

Target: KHOJ_ADMIN_EMAIL
Default: admin@khoj.local
Value: admin@khoj.local

Admin PasswordVariable

Optional. Leave blank to auto-generate a secure admin password on first boot and save it in the mapped config folder.

Target: KHOJ_ADMIN_PASSWORD

Django Secret KeyVariable

Optional but recommended. Leave blank to auto-generate a secure secret key on first boot and save it in the mapped config folder.

Target: KHOJ_DJANGO_SECRET_KEY

Anonymous ModeVariable

Leave true for the simplest single-user LAN-first install. Set false if you want user sign-in and multi-user auth flows.

Target: KHOJ_ANONYMOUS_MODE
Default: true|false
Value: true

AppData - Hugging Face CachePathrw

Persistent cache for Hugging Face downloads and model assets.

Target: /root/.cache/huggingface
Default: /mnt/user/appdata/khoj-aio/models/huggingface
Value: /mnt/user/appdata/khoj-aio/models/huggingface

AppData - SentenceTransformers CachePathrw

Persistent cache for SentenceTransformers embeddings and related model files.

Target: /root/.cache/torch/sentence_transformers
Default: /mnt/user/appdata/khoj-aio/models/sentence-transformers
Value: /mnt/user/appdata/khoj-aio/models/sentence-transformers

[Code] Docker SocketPathrw

Optional Docker socket mount for advanced operator/computer workflows. Do not enable this unless you understand the security tradeoff.

Target: /var/run/docker.sock

Use Internal PostgreSQLVariable

Default single-container mode. Set false only if you are intentionally using an external PostgreSQL database.

Target: KHOJ_USE_INTERNAL_POSTGRES
Default: true|false
Value: true

Bind HostVariable

Container bind address. Leave at 0.0.0.0 for standard Unraid bridge networking.

Target: KHOJ_HOST
Default: 0.0.0.0
Value: 0.0.0.0

Non-Interactive StartupVariable

Recommended for unattended container startup.

Target: KHOJ_NON_INTERACTIVE
Default: true|false
Value: true

Extra CLI ArgsVariable

Optional extra arguments appended to the Khoj startup command.

Target: KHOJ_EXTRA_ARGS

Debug ModeVariable

Set true only when troubleshooting with more verbose upstream debug behavior.

Target: KHOJ_DEBUG
Default: false|true
Value: false

[Runtime] Gunicorn WorkersVariable

Optional worker-process override. Leave blank for the upstream default.

Target: GUNICORN_WORKERS

[Runtime] Gunicorn TimeoutVariable

Optional request timeout in seconds. Leave blank for the upstream default.

Target: GUNICORN_TIMEOUT

[Runtime] Gunicorn Graceful TimeoutVariable

Optional graceful shutdown timeout in seconds. Leave blank for the upstream default.

Target: GUNICORN_GRACEFUL_TIMEOUT

[Runtime] Gunicorn Keep AliveVariable

Optional keep-alive timeout in seconds. Leave blank for the upstream default.

Target: GUNICORN_KEEP_ALIVE

[Runtime] LLM SeedVariable

Optional deterministic seed for supported model providers. Useful for repeatable debugging and testing.

Target: KHOJ_LLM_SEED

[Runtime] Research IterationsVariable

Optional cap for research-mode iterations. Leave blank for the upstream default.

Target: KHOJ_RESEARCH_ITERATIONS

[External DB] PostgreSQL HostVariable

Optional external PostgreSQL host. When set, the bundled PostgreSQL stays idle.

Target: POSTGRES_HOST

[External DB] PostgreSQL PortVariable

External PostgreSQL port.

Target: POSTGRES_PORT
Default: 5432
Value: 5432

[External DB] PostgreSQL DatabaseVariable

External PostgreSQL database name.

Target: POSTGRES_DB
Default: postgres
Value: postgres

[External DB] PostgreSQL UserVariable

External PostgreSQL username.

Target: POSTGRES_USER
Default: postgres
Value: postgres

[External DB] PostgreSQL PasswordVariable

External PostgreSQL password.

Target: POSTGRES_PASSWORD

[AI] OpenAI API KeyVariable

API key for OpenAI itself or other OpenAI-compatible gateways that require auth.

Target: OPENAI_API_KEY

[AI] Anthropic API KeyVariable

Anthropic API key for Claude models. Also required for Khoj operator/computer workflows.

Target: ANTHROPIC_API_KEY

[AI] Gemini API KeyVariable

Google Gemini API key for Gemini chat or image workflows.

Target: GEMINI_API_KEY

[AI] OpenAI-Compatible Base URLVariable

Use this for Ollama, vLLM, LM Studio, LiteLLM, LocalAI, or any OpenAI-compatible endpoint. Example: http://host.docker.internal:11434/v1/.

Target: OPENAI_BASE_URL

[AI] Default Chat ModelVariable

Optional default chat model name for your configured OpenAI-compatible endpoint.

Target: KHOJ_DEFAULT_CHAT_MODEL

[Search] External SearxNG URLVariable

Optional SearxNG endpoint for online search. Example: http://192.168.1.20:8080.

Target: KHOJ_SEARXNG_URL

[Search] Serper API KeyVariable

Optional paid web-search API key from Serper.

Target: SERPER_DEV_API_KEY

[Search] Google Search API KeyVariable

Optional Google Custom Search JSON API key for expert search routing.

Target: GOOGLE_SEARCH_API_KEY

[Search] Google Search Engine IDVariable

Optional Google Programmable Search Engine ID paired with GOOGLE_SEARCH_API_KEY.

Target: GOOGLE_SEARCH_ENGINE_ID

[Search] OloStep API KeyVariable

Optional webpage-read API key from OloStep.

Target: OLOSTEP_API_KEY

[Search] OloStep API URLVariable

Optional OloStep API base URL override. Leave blank for the upstream default.

Target: OLOSTEP_API_URL

[Search] Firecrawl API KeyVariable

Optional Firecrawl API key for search and webpage reading.

Target: FIRECRAWL_API_KEY

[Search] Firecrawl API URLVariable

Optional Firecrawl API base URL override. Leave blank for the upstream default.

Target: FIRECRAWL_API_URL

[Search] Exa API KeyVariable

Optional Exa API key for search and webpage reading.

Target: EXA_API_KEY

[Search] Exa API URLVariable

Optional Exa API base URL override. Leave blank for the upstream default.

Target: EXA_API_URL

[Search] Auto Read Search Result PagesVariable

Set true to have Khoj automatically read a small number of search result pages while researching online.

Target: KHOJ_AUTO_READ_WEBPAGE
Default: false|true
Value: false

[Code] Terrarium URLVariable

Optional external Terrarium sandbox URL for code execution. Example: http://192.168.1.30:8080.

Target: KHOJ_TERRARIUM_URL

[Code] E2B API KeyVariable

Optional E2B API key if you want remote code sandboxing instead of Terrarium.

Target: E2B_API_KEY

[Code] E2B TemplateVariable

Optional E2B template override. Leave blank for Khoj's upstream default template.

Target: E2B_TEMPLATE

[Operator] Enable Computer ToolVariable

Set true only if you intentionally enable Khoj's operator/computer features and understand the extra security and resource cost.

Target: KHOJ_OPERATOR_ENABLED
Default: false|true
Value: false

[Operator] Max IterationsVariable

Optional max-iteration cap for operator runs. Leave blank for the upstream default.

Target: KHOJ_OPERATOR_ITERATIONS

[Operator] External Browser CDP URLVariable

Optional Chrome DevTools Protocol URL for expert external-browser operator setups.

Target: KHOJ_CDP_URL

[Access] Public Domain or IPVariable

Required for remote access through a custom hostname or IP. Do not include http:// or https://.

Target: KHOJ_DOMAIN

[Access] Allowed Internal DomainVariable

Optional internal hostname/IP for reverse proxy or load balancer setups. If blank, Khoj defaults to KHOJ_DOMAIN.

Target: KHOJ_ALLOWED_DOMAIN

[Access] Disable HTTPS EnforcementVariable

Set true when intentionally serving over plain HTTP on a trusted LAN or behind a reverse proxy that terminates TLS.

Target: KHOJ_NO_HTTPS
Default: true|false
Value: true

[Auth] Resend API KeyVariable

Optional. Enables emailed magic-link login for multi-user access.

Target: RESEND_API_KEY

[Auth] Resend Sender EmailVariable

Optional sender address used for magic-link authentication emails.

Target: RESEND_EMAIL

[Auth] Resend Audience IDVariable

Optional Resend audience ID if you want Khoj to add users to a Resend audience after welcome email flows.

Target: RESEND_AUDIENCE_ID

[Auth] Google Client IDVariable

Expert-only Google OAuth client ID. Upstream currently documents Google auth mainly against the prod khoj-cloud image.

Target: GOOGLE_CLIENT_ID

[Auth] Google Client SecretVariable

Expert-only Google OAuth client secret paired with GOOGLE_CLIENT_ID.

Target: GOOGLE_CLIENT_SECRET

[Voice] ElevenLabs API KeyVariable

Optional. Enables text-to-speech voice responses using ElevenLabs.

Target: ELEVEN_LABS_API_KEY

[Integrations] Notion OAuth Client IDVariable

Optional Notion OAuth client ID for advanced self-hosted Notion integration flows.

Target: NOTION_OAUTH_CLIENT_ID

[Integrations] Notion OAuth Client SecretVariable

Optional Notion OAuth client secret.

Target: NOTION_OAUTH_CLIENT_SECRET

[Integrations] Notion Redirect URIVariable

Optional Notion OAuth redirect URI registered with your integration.

Target: NOTION_REDIRECT_URI

[Storage] AWS Access KeyVariable

Optional object-storage access key for advanced image upload offload paths.

Target: AWS_ACCESS_KEY

[Storage] AWS Secret KeyVariable

Optional object-storage secret key paired with AWS_ACCESS_KEY.

Target: AWS_SECRET_KEY

[Storage] Khoj Images BucketVariable

Optional bucket name for Khoj-generated image uploads.

Target: AWS_IMAGE_UPLOAD_BUCKET

[Storage] User Upload BucketVariable

Optional bucket name for user-uploaded images.

Target: AWS_USER_UPLOADED_IMAGES_BUCKET_NAME

[Twilio] Account SIDVariable

Optional Twilio Account SID for Twilio-backed verification or messaging flows.

Target: TWILIO_ACCOUNT_SID

[Twilio] Auth TokenVariable

Optional Twilio auth token paired with TWILIO_ACCOUNT_SID.

Target: TWILIO_AUTH_TOKEN

[Twilio] Verification Service SIDVariable

Optional Twilio Verify service SID.

Target: TWILIO_VERIFICATION_SID

[Privacy] Disable TelemetryVariable

Set true to opt out of Khoj's anonymous self-hosted telemetry.

Target: KHOJ_TELEMETRY_DISABLE
Default: false|true
Value: false

Links

Template Support Docker Hub Project

Details

Repository

jsonbored/khoj-aio:latest

Registry

https://hub.docker.com/r/jsonbored/khoj-aio

Last Updated2026-05-26

First Seen2026-04-17

Run khoj-aio on Unraid.

khoj-aio is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.

Explore Unraid OS