Blocklight uses Docker Compose for production deployments. Choose the setup that fits your needs:
Option 1: Core Only (Recommended)
Deploy just the detection engine with alerts. Perfect for most users.
# Start core detection engine
docker-compose up -d
# Verify it's running
docker-compose ps
docker-compose logs -f blocklight-core
What you get:
- Detection engine monitoring blockchain
- Real-time threat alerts (Slack, Discord, Email, etc.)
- gRPC server for internal communication
Option 2: Core + REST API
Add HTTP endpoints for dashboards, notebooks, or custom integrations.
# Start with API enabled
docker-compose --profile api up -d
# Check API health
curl http://localhost:8000/health
# View API logs
docker-compose logs -f blocklight-api
Option 3: Full Stack with Observability
Deploy Core + API + Observability stack (Vector, Loki, Grafana, Prometheus) for production monitoring.
# Start everything
docker-compose --profile observability up -d
# Access Grafana (dashboards)
open http://localhost:3000
# Access Prometheus (metrics)
open http://localhost:9090
Important: Prometheus monitors Blocklight’s health (uptime, performance). Blockchain threat alerts are sent via Slack/Discord/Email regardless of which deployment option you choose.
Managing Services
Common Docker Compose commands:
# Stop services (keeps data)
docker-compose down
# Stop and remove all data
docker-compose down -v
# Restart after config.yaml changes (NOT needed for rule changes!)
docker-compose restart blocklight-core
# View all logs
docker-compose logs -f
# Follow rules reload in real-time
docker-compose logs -f blocklight-core | grep -i "reload\|rule"
When to Restart:
- After changing
config/config.yaml
- After changing alert webhooks or network URLs
- Not needed: After adding/editing rules (hot reload handles this)
