
如果你使用 DeepSeek、元宝 AI、Copilot、ChatGPT 等 AI 工具,协助配置轩辕镜像、编写 docker pull 命令、修改 Docker Compose 镜像地址、配置镜像加速、排查镜像拉取失败、分析报错日志等问题,请先让 AI 阅读并遵守轩辕镜像的规则文档。
只需在 AI 对话中先发送下面这句话即可:
请先完整阅读并严格遵守以下文档中的全部规则与要求:
https://xuanyuan.cloud/agents.md
在未充分阅读并理解该文档前,不要生成任何命令、配置、修改建议、故障排查方案或技术回答。后续所有输出都必须严格以该文档中的规范为最高优先级执行。查看 agents.md 用法指南与完整示范。国内用户首推 元宝 AI、DeepSeek 的深度思考模式,不推荐豆包 AI;Cursor 等编辑器可在对话 @ 该链接,或加入 User Rules。 若 AI 无法访问外链,可 打开说明文档 复制全文粘贴。文档会随站点更新,复制内容可能过期,建议定期检查。
https://hub.docker.com/r/mekayelanik/valkey-mcp-server https://hub.docker.com/r/mekayelanik/valkey-mcp-server https://github.com/MekayelAnik/valkey-mcp-docker/pkgs/container/valkey-mcp-server https://github.com/MekayelAnik/valkey-mcp-docker/blob/main/LICENSE https://hub.docker.com/r/mekayelanik/valkey-mcp-server https://github.com/MekayelAnik/valkey-mcp-docker/stargazers https://github.com/MekayelAnik/valkey-mcp-docker/forks https://github.com/MekayelAnik/valkey-mcp-docker/issues https://github.com/MekayelAnik/valkey-mcp-docker/commits/main
Your support encourages me to keep creating/supporting my open-source projects. If you found value in this project, you can buy me a coffee to keep me inspired.
Valkey MCP Server is a Model Context Protocol server that provides tools for managing and interacting with Valkey databases. Built on Alpine Linux for minimal footprint and maximum security, wrapped with https://github.com/sparfenyuk/mcp-proxy (replacing supergateway) for StreamableHTTP/SSE transport. Valkey is an open-source, high-performance key/value datastore that is fully compatible with the Redis protocol.
| Architecture | Tag Prefix | Status |
|---|---|---|
| x86-64 | amd64-<version> | Stable |
| ARM64 | arm64v8-<version> | Stable |
Multi-arch images automatically select the correct architecture for your system.
| Tag | Stability | Description | Use Case |
|---|---|---|---|
stable | High | Most stable release | Recommended for production |
latest | High | Latest stable release | Stay current with stable features |
1.0.19 | High | Specific version | Version pinning for consistency |
0.1.0-08042026 | High | Version + build date | Exact build reproducibility |
beta | Low | Beta releases | Testing only |
CRITICAL: Do NOT expose this container directly to the internet without proper security measures (reverse proxy, SSL/TLS, authentication, firewall rules).
yamlservices: valkey-mcp-server: image: mekayelanik/valkey-mcp-server:stable container_name: valkey-mcp-server restart: unless-stopped ports: - "8040:8040" environment: - PORT=8040 - INTERNAL_PORT=38011 - PUID=1000 - PGID=1000 - TZ=Asia/Dhaka - PROTOCOL=SHTTP # ENABLE_HTTPS=false is plaintext over the wire. Safe ONLY for loopback # / trusted internal networks. Set to "true" for any public, multi-host, # or untrusted deployment — HAProxy auto-generates a self-signed cert # if none is mounted under /etc/haproxy/certs/. - ENABLE_HTTPS=false - HTTP_VERSION_MODE=auto # mcp-proxy session model. Stateful by default — one stdio child shared # across all sessions (multiplexed via JSON-RPC ids). Set to true only # if full per-request isolation is required (memory-hostile). - MCP_PROXY_STATELESS=false # Cap virtual memory of the valkey-mcp stdio child (MiB; 0 disables) - VALKEY_MAX_MEM_MB=1024 # HAProxy concurrency caps (0 disables) - HAPROXY_FRONTEND_MAXCONN=64 - HAPROXY_SERVER_MAXCONN=16 # Valkey connection settings # - VALKEY_URL=valkey://localhost:6379 # - VALKEY_HOST=localhost # - VALKEY_PORT=6379 # - VALKEY_USERNAME= # - VALKEY_PWD= # - VALKEY_USE_SSL=false # - VALKEY_SSL_CA_PATH= # - VALKEY_SSL_KEYFILE= # - VALKEY_SSL_CERTFILE= # - VALKEY_SSL_CERT_REQS=required # - VALKEY_SSL_CA_CERTS= # - VALKEY_CLUSTER_MODE=false # Optional: require Bearer token auth at HAProxy layer # - API_KEY=replace-with-strong-secret hostname: valkey-mcp-server domainname: local
Deploy:
bashdocker compose up -d docker compose logs -f valkey-mcp-server
bashdocker run -d \ --name=valkey-mcp-server \ --restart=unless-stopped \ -p 8040:8040 \ -e PORT=8040 \ -e INTERNAL_PORT=38011 \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Asia/Dhaka \ -e PROTOCOL=SHTTP \ -e ENABLE_HTTPS=false \ -e HTTP_VERSION_MODE=auto \ mekayelanik/valkey-mcp-server:stable
| Protocol | Endpoint | Description |
|---|---|---|
| SHTTP | http://host-ip:8040/mcp | Streamable HTTP (default; exposed simultaneously) |
| SSE | http://host-ip:8040/sse | Server-Sent Events (exposed simultaneously) |
| Health | http://host-ip:8040/healthz | Health check (answered by HAProxy, sub-millisecond) |
When HTTPS is enabled (ENABLE_HTTPS=true), use TLS endpoints:
| Protocol | Endpoint |
|---|---|
| SHTTP | https://host-ip:8040/mcp |
| SSE | https://host-ip:8040/sse |
WebSocket transport was dropped in the migration to
mcp-proxy. SettingPROTOCOL=WSwill now fail at startup with a clear message. UseSHTTPorSSEinstead.Security Warning: The container now defaults to HTTP (
ENABLE_HTTPS=false) for easier local setup. UseENABLE_HTTPS=truefor production, public networks, or any untrusted environment.ARM Devices: Allow 30-60 seconds for initialization before accessing endpoints.
| Variable | Default | Description |
|---|---|---|
PORT | 8040 | External HAProxy port |
INTERNAL_PORT | 38011 | Internal mcp-proxy port (loopback) |
MCP_PROXY_STATELESS | false | Share one stdio child across sessions; flip to true for per-request isolation |
VALKEY_MAX_MEM_MB | 0 | Virtual memory cap on valkey-mcp child (0 disables) |
HAPROXY_FRONTEND_MAXCONN | (unset) | Cap concurrent connections at HAProxy frontend |
HAPROXY_SERVER_MAXCONN | (unset) | Cap concurrent connections to mcp-proxy backend |
PUID | 1000 | User ID for file permissions |
PGID | 1000 | Group ID for file permissions |
TZ | UTC | Container timezone (TZ database) |
PROTOCOL | SHTTP | Default transport protocol |
VALKEY_URL | (e**y)* | Full Valkey connection URL (e.g. valkey://user:pass@host:6379) |
VALKEY_HOST | 127.0.0.1 | Valkey server hostname |
VALKEY_PORT | 6379 | Valkey server port |
VALKEY_USERNAME | (e**y)* | Valkey authentication username |
VALKEY_PWD | (e**y)* | Valkey authentication password |
VALKEY_USE_SSL | false | Enable SSL for Valkey connection (true/false) |
VALKEY_SSL_CA_PATH | (e**y)* | Path to SSL CA file |
VALKEY_SSL_KEYFILE | (e**y)* | Path to SSL key file |
VALKEY_SSL_CERTFILE | (e**y)* | Path to SSL certificate file |
VALKEY_SSL_CERT_REQS | required | SSL certificate requirements |
VALKEY_SSL_CA_CERTS | (e**y)* | Path to SSL CA certificates |
VALKEY_CLUSTER_MODE | false | Enable Valkey Cluster mode (true/false) |
VALKEY_READONLY | (unset) | true → --readonly, false → --no-readonly, unset → upstream default (read-write) |
API_KEY | (e**y)* | Enables Bearer token auth (Authorization: Bearer <API_KEY>) |
CORS | (e**y)* | Comma-separated CORS origins, supports * |
ENABLE_HTTPS | false | Enables TLS termination in HAProxy |
TLS_CERT_PATH | /etc/haproxy/certs/server.crt | TLS cert path |
TLS_KEY_PATH | /etc/haproxy/certs/server.key | TLS private key path |
TLS_PEM_PATH | /etc/haproxy/certs/server.pem | Com***ed PEM file used by HAProxy |
TLS_CN | localhost | CN for auto-generated certificate |
TLS_SAN | DNS:<TLS_CN> | SAN for auto-generated certificate |
TLS_DAYS | 365 | Auto-generated cert validity period |
TLS_MIN_VERSION | TLSv1.3 | Minimum TLS protocol (TLSv1.2 or TLSv1.3) |
HTTP_VERSION_MODE | auto | auto, all, h1, h2, h3, h1+h2 |
RATE_LIMIT | 0 | Max requests per RATE_LIMIT_PERIOD per IP (0 = disabled) |
RATE_LIMIT_PERIOD | 10s | Sliding window for rate limiting (e.g., 10s, 1m, 1h) |
MAX_CONNECTIONS_PER_IP | 0 | Max concurrent connections per IP (0 = disabled) |
IP_ALLOWLIST | (e**y)* | Comma-separated IPs/CIDRs to allow (all others blocked) |
IP_BLOCKLIST | (e**y)* | Comma-separated IPs/CIDRs to block |
ENABLE_HTTPS=true and cert files are missing, the container auto-generates a self-signed certificate.TLS_CERT_PATH and TLS_KEY_PATH exist, they are merged into TLS_PEM_PATH and used directly.HTTP_VERSION_MODE=h3 (or auto) enables HTTP/3 only when HAProxy build includes QUIC; otherwise it safely falls back.API_KEY to enforce authentication at reverse proxy level.Authorization: Bearer <API_KEY>.RATE_LIMIT=100 to allow 100 requests per RATE_LIMIT_PERIOD (default 10s) per IP. Exceeding the limit returns HTTP 429 with a Retry-After header.MAX_CONNECTIONS_PER_IP=50 to cap concurrent connections per IP. Exceeding returns HTTP 429.IP_BLOCKLIST=192.0.2.0/24,198.51.100.5 to block specific IPs/CIDRs. Blocked IPs receive HTTP 403.IP_ALLOWLIST=10.0.0.0/8,192.168.1.0/24 to allow only listed IPs/CIDRs. All others receive HTTP 403. Localhost is always allowed.mcp-proxy runs the Valkey MCP backend as a single long-lived stdio child and multiplexes all client sessions through it via JSON-RPC ids. This caps the expected memory footprint; the knobs below cap the worst case:
MCP_PROXY_STATELESS=false (default) — share one backend child across all sessions. Recommended for almost every deployment. Flip to true only when you genuinely need per-request isolation.VALKEY_MAX_MEM_MB=1024 — caps the virtual-memory size of the valkey-mcp child via prlimit --as. A runaway backend gets OOM-killed by the kernel before it exhausts the host.HAPROXY_FRONTEND_MAXCONN=64 + HAPROXY_SERVER_MAXCONN=16 — bound concurrent connections at the HAProxy layer so a burst cannot saturate the upstream stdio bridge./healthz is answered directly by HAProxy with a local 200 — Docker's container healthcheck no longer depends on upstream MCP readiness.Find your IDs and set them to avoid permission issues:
bashid username # uid=1000(user) gid=1000(group)
yaml- TZ=Asia/Dhaka # Bangladesh - TZ=America/New_York # US Eastern - TZ=Europe/London # UK - TZ=UTC # Universal Time
| Client | SHTTP | SSE | Recommended |
|---|---|---|---|
| VS Code (Cline/Roo-Cline) | Yes | Yes | SHTTP |
| Claude Desktop | Yes | Yes | SHTTP |
| Claude CLI | Yes | Yes | SHTTP |
| Codex CLI | Yes | Yes | SHTTP |
| Codeium (Windsurf) | Yes | Yes | SHTTP |
| Cursor | Yes | Yes | SHTTP |
WebSocket transport was dropped in the migration to
mcp-proxy.
Configure in .vscode/settings.json:
json{ "mcp.servers": { "valkey-mcp": { "url": "http://host-ip:8040/mcp", "transport": "http" } } }
With API_KEY:
claude mcp add-json valkey-mcp '{"type":"http","url":"http://localhost:8040/mcp","headers":{"Authorization":"Bearer <YOUR_API_KEY>"}}'
Without API_KEY:
claude mcp add-json valkey-mcp '{"type":"http","url":"http://localhost:8040/mcp"}'
Configure in ~/.codex/config.json:
json{ "mcpServers": { "valkey-mcp": { "transport": "http", "url": "http://host-ip:8040/mcp" } } }
Configure in .codeium/mcp_settings.json:
json{ "mcpServers": { "valkey-mcp": { "transport": "http", "url": "http://host-ip:8040/mcp" } } }
Configure in ~/.cursor/mcp.json:
json{ "mcpServers": { "valkey-mcp": { "transport": "http", "url": "http://host-ip:8040/mcp" } } }
Verify with https://github.com/modelcontextprotocol/inspector:
bashnpm install -g @modelcontextprotocol/inspector mcp-inspector http://host-ip:8040/mcp
| Network Mode | Complexity | Performance | Use Case |
|---|---|---|---|
| Bridge | Easy | Good | Default, isolated |
| Host | Moderate | Excellent | Direct host access |
| MACVLAN | Advanced | Excellent | Dedicated IP |
yamlservices: valkey-mcp-server: image: mekayelanik/valkey-mcp-server:stable ports: - "8040:8040"
Benefits: Container isolation, easy setup, works everywhere
Access: http://localhost:8040/mcp
yamlservices: valkey-mcp-server: image: mekayelanik/valkey-mcp-server:stable network_mode: host
Benefits: Maximum performance, no NAT overhead, no port mapping needed
***ations: Linux only, shares host network namespace
Access: http://localhost:8040/mcp
yamlservices: valkey-mcp-server: image: mekayelanik/valkey-mcp-server:stable mac_address: "AB:BC:CD:DE:EF:01" networks: macvlan-net: ipv4_address: 192.168.1.100 networks: macvlan-net: driver: macvlan driver_opts: parent: eth0 ipam: config: - subnet: 192.168.1.0/24 gateway: 192.168.1.1
Benefits: Dedicated IP, direct LAN access
***ations: Linux only, requires additional setup
Access: http://192.168.1.100:8040/mcp
bashdocker compose pull docker compose up -d docker image prune -f
bashdocker pull mekayelanik/valkey-mcp-server:stable docker stop valkey-mcp-server && docker rm valkey-mcp-server # Run your original docker run command docker image prune -f
bashdocker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower \ --run-once \ valkey-mcp-server
Container Won't Start
bash# Check Docker version docker --version # Verify port availability sudo netstat -tulpn | grep 8040 # Check logs docker logs valkey-mcp-server
Permission Errors
bash# Get your IDs id $USER # Update configuration with correct PUID/PGID # Fix volume permissions if needed sudo chown -R 1000:1000 /path/to/volume
Client Cannot Connect
bash# Test connectivity curl http://localhost:8040/mcp curl http://host-ip:8040/mcp curl -k https://localhost:8040/mcp curl -k https://host-ip:8040/mcp # Check firewall sudo ufw status # Verify container docker inspect valkey-mcp-server | grep IPAddress
Slow ARM Performance
docker logs -f valkey-mcp-serverdocker stats valkey-mcp-serverWhen reporting issues, include:
bash# System info docker --version && uname -a # Container logs docker logs valkey-mcp-server --tail 200 > logs.txt # Container config docker inspect valkey-mcp-server > inspect.json
Your support encourages me to keep creating/supporting my open-source projects. If you found value in this project, you can buy me a coffee to keep me inspired.
Docker Image Issues:
Valkey MCP Issues:
We welcome contributions:
GPL License. See https://raw.githubusercontent.com/MekayelAnik/valkey-mcp-docker/refs/heads/main/LICENSE for details.
Valkey MCP server has its own license - see https://github.com/awslabs/mcp.
Back to Top
您可以使用以下命令拉取该镜像。请将 <标签> 替换为具体的标签版本。如需查看所有可用标签版本,请访问 标签列表页面。
来自真实用户的反馈,见证轩辕镜像的优质服务