Custom infrastructure
Run NocoDB with managed databases, external Redis, custom SSL, private CAs, or your own reverse proxy.
For deployments that don't fit the single-server installation wizard: managed databases, custom SSL certificates, private CAs, your own reverse proxy, multi-replica setups, or Kubernetes.
When to use this page
- You're using a managed Postgres (RDS, Azure, Cloud SQL) with public CA SSL.
- You're using a self-managed Postgres with a private/internal CA.
- You already have a TLS certificate and want to pin it via Traefik.
- You have nginx, Caddy, or a load balancer in front and want NocoDB on port 8080.
- You're deploying to Kubernetes and want a reference compose to translate.
Option A: Clone the repo and run the wizard interactively
git clone https://github.com/nocodb/nocodb.git
cd nocodb/docker-compose
./setup.shsetup.sh runs the same installation wizard as the Single-server install one-liner, writing its output into the current working directory. Use this when you want to edit the generated files before bringing the stack up.
Option B: Copy a pre-built example
The docker-compose/examples/ directory ships a set of curated configurations.
| Example | Postgres | Redis | Proxy | Best for |
|---|---|---|---|---|
quickstart-demo | Bundled | Bundled | None (port 8080) | Local eval / "show me NocoDB" |
managed-postgres | External managed (RDS/Azure/Cloud SQL) | External | None (port 8080) | Production behind your own LB |
external-postgres-and-redis | External self-managed | External | None (port 8080) | Minimal Docker footprint |
traefik-custom-ssl | External managed | External | Traefik + custom TLS cert | Production with your own SSL cert |
postgres-private-ca | External (private CA) | External | Traefik + Let's Encrypt | On-prem / private cloud DB |
Quick start with an example:
git clone --depth 1 https://github.com/nocodb/nocodb.git
cp -r nocodb/docker-compose/examples/managed-postgres ./my-deployment
cd my-deployment
# Edit docker-compose.yml, docker.env, and nocodb/db.json: replace placeholders
docker compose up -dConfiguring SSL for an external Postgres with a private CA
This is the most involved external-database setup. NocoDB reads its database connection from nocodb/db.json (knex format), which lets you embed a CA certificate inline:
{
"client": "pg",
"connection": {
"host": "your-private-db-host.internal",
"port": "5432",
"user": "nocodb",
"password": "your-password",
"database": "nocodb",
"ssl": {
"rejectUnauthorized": true,
"ca": "-----BEGIN CERTIFICATE-----\nMIID...\n-----END CERTIFICATE-----"
}
}
}The CA must be a single string with newlines escaped as \n. The postgres-private-ca example shows the full layout including a Traefik proxy.
To convert a multi-line PEM into the single-line JSON form:
awk 'NF {sub(/\r/, ""); printf "%s\\n", $0}' your-ca.pemMulti-replica / scaling
NocoDB scales horizontally when Redis is configured (it's required for distributed coordination):
# In docker-compose.yml
nocodb:
deploy:
mode: replicated
replicas: 3For more than a few replicas, run NocoDB in Kubernetes. Translate one of the examples into a Deployment + Service + Ingress, and point the same env vars at managed Postgres and Redis.
Bringing your own reverse proxy
The managed-postgres and external-postgres-and-redis examples expose NocoDB on host port 8080 with no Traefik. Put your own nginx, Caddy, or load balancer in front and forward HTTP traffic to that port. Forward the X-Forwarded-Proto and Host headers so NocoDB generates correct callback URLs.