Deployment Guide

Hi there, thank you for trying out Pyroscope! In this guide you'll learn about deploying Pyroscope in production environment. If something doesn't work or these instructions are not clear enough — we would love to help you — reach out in our slack group or email us at

Reference architecture

We recommend hosting pyroscope server in the same datacenter with your apps that you want to profile.

Deployment Overview


Pyroscope can be configured with command line arguments, environment variables and config files. See Configuration for more info on this topic.

System requirements

As a rule of thumb, if you want to profile your whole cloud infrastructure, expect to spend about 1% of your cloud budget on Pyroscope server.

ResourceMore of resource equals
CPUhigher write bandwidth
RAMhigher write bandwidth, support for more individual apps
Disk throughputhigher write bandwidth
Disk Spacehigher data retention (ability to store profiling data for longer periods of time)

Networking requirements

These are the ports used by pyroscope server. Make sure you allow access to these ports from the outside:

TCP :4040HTTP API, used for both data ingestion and web UI

Currently there's no authentication mechanism in pyroscope. Possible workarounds are:

  • use other access control solutions, for example OAuth2 Proxy (recommended)
  • use a reverse proxy with Basic Authentication (e.g nginx)
  • only allow access from select IPs
  • set up an ssh tunnel, e.g ssh <user>@<remote-address> -L 4040: -N