Meilisearch is a fast, open-source search engine focused on developer happiness and instant, typo-tolerant search. If you've ever wanted Algolia-style search-as-you-type without the Algolia bill, Meilisearch is the answer. It's a single binary with a clean REST API, which makes deployment refreshingly simple — but there are a few production essentials around security and persistence. Here's the full picture.
What makes Meilisearch nice
Meilisearch is a single self-contained server. You feed it JSON documents, it builds an index, and you query it over HTTP with millisecond responses. Out of the box you get typo tolerance, prefix search, faceting, filtering, and relevancy ranking with almost no configuration. The trade-off versus heavier engines like Elasticsearch is fewer knobs — which for most app search is exactly what you want.
Step 1: The master key is mandatory
The single most important production setting: always set a master key. Without it, Meilisearch runs with no authentication and anyone can read or wipe your indexes.
MEILI_MASTER_KEY=<a strong random key, 16+ bytes>
MEILI_ENV=productionSetting MEILI_ENV=production forces Meilisearch to require the master key and disables the web search preview. Generate the key with openssl rand -base64 32.
Step 2: Persistence
Meilisearch stores its indexes on disk in a data directory. In a container, that directory must be a persistent volume — otherwise your entire index is rebuilt-from-nothing (i.e., lost) on every redeploy.
volumes:
- mount: /meili_data
size: 10GiSize the volume based on your corpus; Meilisearch indexes are typically a multiple of your raw document size.
Step 3: Deploy on PandaStack
Meilisearch ships an official Docker image, so this is a clean container deploy:
- 1Create a container app using
getmeili/meilisearch:v1.x(pin a specific version). - 2Attach a persistent volume at
/meili_data. - 3Set
MEILI_MASTER_KEYandMEILI_ENV=production. - 4Expose port 7700 (bind to the injected port).
- 5Attach a custom domain like
search.yourdomain.comwith automatic SSL — your search endpoint should always be HTTPS.
Step 4: Use scoped API keys, not the master key
The master key is for administration only. For your application, generate scoped keys via the API:
# create a search-only key for your frontend
curl -X POST 'https://search.yourdomain.com/keys' \
-H "Authorization: Bearer $MEILI_MASTER_KEY" \
-H 'Content-Type: application/json' \
--data '{
"description": "Frontend search key",
"actions": ["search"],
"indexes": ["products"],
"expiresAt": null
}'| Key type | Use | Exposure |
|---|---|---|
| Master key | Admin, key management | Server-side only, secret |
| Search-only key | Frontend queries | Safe to ship to browser |
| Admin key | Indexing from backend | Server-side only |
This separation means your public frontend can search without being able to modify or delete indexes.
Step 5: Index your data
Indexing is a simple POST of JSON documents:
curl -X POST 'https://search.yourdomain.com/indexes/products/documents' \
-H "Authorization: Bearer $ADMIN_KEY" \
-H 'Content-Type: application/json' \
--data-binary @products.jsonThen configure searchable attributes, filterable attributes for faceting, and ranking rules per index to tune relevancy.
Resource notes
Meilisearch holds parts of its index in memory for speed and is moderately RAM-hungry during indexing (it can spike when building large indexes). For steady-state search it's efficient. Start on a small-to-medium tier; if large indexing batches OOM, increase memory temporarily or batch documents in smaller chunks. Disk I/O matters too — the persistent volume should be reasonably fast.
Honest caveats
Meilisearch is single-node by default; the official horizontal-scaling/HA story is less mature than Elasticsearch's clustering. For most application search workloads a single well-sized node is plenty, but if you need multi-node redundancy and sharding over enormous corpora, evaluate Elasticsearch/OpenSearch or Meilisearch's cloud offering. Also, Meilisearch favors simplicity over deep configurability — if you need complex analyzers, custom scoring functions, or aggregations beyond faceting, a heavier engine may fit better.
Wrapping up
Meilisearch makes great search almost trivial to add: deploy one container, set a master key, give it a persistent volume, and use scoped keys for safety. You get instant, typo-tolerant search you fully own, with none of the per-search billing of hosted alternatives.
PandaStack's persistent volumes and automatic SSL make a secure Meilisearch deploy quick, and the free tier is enough to wire search into a side project. Try it at https://dashboard.pandastack.io.
References
- Meilisearch documentation: https://www.meilisearch.com/docs
- Meilisearch security / API keys: https://www.meilisearch.com/docs/learn/security/master_api_keys
- Running Meilisearch in production: https://www.meilisearch.com/docs/learn/self_hosted/getting_started_with_self_hosted_meilisearch
- Meilisearch configuration reference: https://www.meilisearch.com/docs/learn/configuration/instance_options
- Meilisearch Docker image: https://hub.docker.com/r/getmeili/meilisearch