Christian WellsNhost on Ubuntu 24.04 (Docker Compose + PostgreSQL + Hasura + GraphQL + SSL)
Nhost is an open-source backend-as-a-service (BaaS) platform that provides developers with everything needed to build and scale modern applications — including PostgreSQL, GraphQL APIs, authentication, file storage, and serverless functions — all self-hosted and powered by Docker.
It’s often described as an open-source alternative to Firebase, combining Hasura, PostgreSQL, and a developer-friendly authentication system to deliver instant, scalable APIs for web and mobile applications.
Running Nhost on Ubuntu 24.04 LTS (Noble Numbat) with Docker Compose ensures a modern, secure, and long-term supported environment. Ubuntu 24.04 includes systemd 255, OpenSSL 3, and updated Docker tooling, providing an ideal foundation for deploying a production-grade Nhost stack with SSL, reverse proxy, and persistent data management.
Architecture Overview
| Layer | Component | Role |
|---|---|---|
| OS | Ubuntu 24.04 LTS | Stable, secure base system with long-term support |
| Container Runtime | Docker Engine + Compose | Orchestrates Nhost and dependent services |
| Database | PostgreSQL 15/16 | Stores user data, app schemas, and configuration |
| GraphQL Engine | Hasura | Auto-generates real-time GraphQL API from the database |
| Auth Service | Nhost Auth (GoTrue) | Handles user authentication, JWT tokens, and OAuth integrations |
| Storage | Nhost Storage | Manages file uploads, downloads, and access control |
| Functions | Nhost Functions (Node.js) | Runs serverless functions for custom backend logic |
| Reverse Proxy | Nginx / Traefik (optional) | Provides HTTPS, routing, and compression |
| TLS | Let’s Encrypt / PKI | Enables secure HTTPS connections for the dashboard and APIs |
Why Use Nhost?
- Open-source Firebase alternative built on PostgreSQL and GraphQL.
- Instant backend setup – get database, API, and auth running in minutes.
- Powerful GraphQL engine – Hasura provides real-time, auto-generated APIs.
- Authentication built-in – JWT-based user accounts with OAuth support.
- Serverless functions – run custom backend code easily.
- Self-hosted – deploy anywhere for full data privacy and compliance.
Nhost vs Other Backend Platforms
| Feature/Capability | Nhost (Self-hosted) | Supabase (Self-hosted) | Firebase (Google) | Appwrite (Self-hosted) |
|---|---|---|---|---|
| Database | PostgreSQL | PostgreSQL | Firestore (NoSQL) | MariaDB / PostgreSQL |
| API Type | GraphQL (Hasura) | REST + GraphQL | Proprietary SDK | REST + GraphQL |
| Auth System | GoTrue (JWT) | GoTrue (JWT) | Firebase Auth | Custom JWT |
| File Storage | S3-compatible | S3-compatible | Cloud Storage | Local/S3 drivers |
| Serverless Logic | Node.js Functions | Limited (Edge) | Cloud Functions | Functions (Node.js) |
| Open-source | Yes | Yes | No | Yes |
Nhost is the best choice when you want a production-ready, GraphQL-first backend that’s entirely open-source and can be self-hosted anywhere.
Security & Best Practices
- Run behind Nginx or Traefik with HTTPS enabled.
- Store sensitive credentials in
.envand use Docker secrets for keys and tokens. - Restrict PostgreSQL to the internal Docker network.
- Enable JWT rotation and enforce strong password policies in Nhost Auth.
- Automate PostgreSQL backups using
pg_dumpor containerized scripts. - Keep Docker images and Ubuntu packages up to date.
- Use UFW or nftables to limit external access to ports 80/443 only.
- Automate SSL certificate renewals using Certbot or Traefik’s ACME client.
Typical Use Cases
- Full-stack web apps with real-time GraphQL APIs.
- Mobile app backends with authentication and storage.
- SaaS products requiring scalable, low-maintenance infrastructure.
- Internal dashboards and analytics tools.
- Prototypes and MVPs needing fast backend setup without vendor lock-in.
Deploying Nhost on Ubuntu 24.04 with Docker Compose gives you a complete, open-source backend platform — combining PostgreSQL, Hasura, and GoTrue authentication into a single, secure, and scalable environment. It’s the perfect solution for developers who want Firebase-like simplicity with full control of their infrastructure.
Step 1: Create a Server Instance on Shape.Host
Start by creating a VPS optimized for Docker-based apps:
Log in to your Shape.Host dashboard.
Click Create → Instance.
Choose your preferred data center region.
Select a plan with at least 4 CPUs, 8 GB RAM, and 40 GB SSD (recommended for Nhost).
Choose Ubuntu 24.04 (64-bit) as your operating system.
Click Create Instance.
Once created, copy your server’s public IP address from the Resources section.
Step 2: Connect to Your Server
- Linux/macOS users:
ssh root@your_server_ip - Windows (PuTTY) users:
- Open PuTTY.
- Enter your instance’s IP address.
- Click Open and log in using your Shape.Host credentials.
Step 3: Install Docker and Docker Compose
Update the package index:
apt update
Install required dependencies:
apt install ca-certificates curl gnupg lsb-release
Create the Docker keyring directory:
mkdir -p /etc/apt/keyrings
Add Docker’s official GPG key:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
Add Docker’s stable repository to your system:
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
Update again and install Docker with Compose:
apt update
apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin
Enable and start Docker:
systemctl enable --now docker
Check that Docker Compose is available:
docker compose version
Step 4: Set Up Nhost Directory and Environment
Create the Nhost directory:
mkdir /opt/nhost
cd /opt/nhost
Create an environment file for secrets and configuration:
nano .env
Paste the following example configuration:
# Basic App Configuration
PROJECT_NAME=nhost
HASURA_GRAPHQL_ADMIN_SECRET=50a2834a77be2e9d5d208cc0fcf2ec9aa3f4791134073d668eb5bcf178de96b9
JWT_SECRET={50a2834a77be2e9d5d208cc0fcf2ec9aa3f4791134073d668eb5bcf178de96b9}
DATABASE_PASSWORD=ChangeThisDbPass
# Auth
AUTH_CLIENT_URL=http://localhost
AUTH_JWT_SECRET={50a2834a77be2e9d5d208cc0fcf2ec9aa3f4791134073d668eb5bcf178de96b9}
AUTH_ADMIN_PASSWORD=ChangeThisAuthAdminPass
AUTH_ADMIN_EMAIL=admin@example.com
# Mailer (Optional)
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_USER=mailer@example.com
SMTP_PASS=ChangeThisMailPass
SMTP_FROM=Appsmith <mailer@example.com>
Tip: Replace all placeholder values like passwords and emails with your own secure credentials.
Save and close the file with CTRL + O, then CTRL + X.
Step 5: Create the Docker Compose Configuration
Open a new file for your Nhost stack:
nano docker-compose.yml
Paste this configuration:
services:
postgres:
image: postgres:15
restart: always
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: "W9b2U8vTKp"
POSTGRES_DB: nhost
volumes:
- postgres_data:/var/lib/postgresql/data
ports:
- "5432:5432"
hasura:
container_name: hasura
image: hasura/graphql-engine:v2.41.0
restart: always
depends_on:
- postgres
ports:
- "8080:8080"
environment:
HASURA_GRAPHQL_DATABASE_URL: "postgres://postgres:W9b2U8vTKp@postgres:5432/nhost"
HASURA_GRAPHQL_ADMIN_SECRET: "0f8c85264d9d04998fe00881c3c61d9147b51004f5cd1cb7c17d5740d7ab30ef"
HASURA_GRAPHQL_ENABLE_CONSOLE: "true"
HASURA_GRAPHQL_JWT_SECRET: '{"type":"HS256","key":"0f8c85264d9d04998fe00881c3c61d9147b51004f5cd1cb7c17d5740d7ab30ef"}'
HASURA_GRAPHQL_UNAUTHORIZED_ROLE: anonymous
HASURA_GRAPHQL_CORS_DOMAIN: "*"
auth:
container_name: auth
image: nhost/hasura-auth:latest
restart: always
depends_on:
- postgres
- hasura
ports:
- "4000:4000"
environment:
HASURA_GRAPHQL_DATABASE_URL: "postgres://postgres:W9b2U8vTKp@postgres:5432/nhost"
HASURA_GRAPHQL_ADMIN_SECRET: "0f8c85264d9d04998fe00881c3c61d9147b51004f5cd1cb7c17d5740d7ab30ef"
HASURA_GRAPHQL_ENDPOINT: "http://hasura:8080/v1/graphql"
HASURA_GRAPHQL_JWT_SECRET: '{"type":"HS256","key":"0f8c85264d9d04998fe00881c3c61d9147b51004f5cd1cb7c17d5740d7ab30ef"}'
AUTH_CLIENT_URL: "http://51.89.69.203"
AUTH_JWT_SECRET: '{"type":"HS256","key":"0f8c85264d9d04998fe00881c3c61d9147b51004f5cd1cb7c17d5740d7ab30ef"}'
AUTH_ADMIN_PASSWORD: "StrongAdminPass123!"
AUTH_ADMIN_EMAIL: "contact@shape.host"
minio:
image: minio/minio
restart: always
command: server /data --console-address ":9001"
ports:
- "9000:9000"
- "9001:9001"
environment:
MINIO_ROOT_USER: "minioadmin"
MINIO_ROOT_PASSWORD: "minioadminpass"
volumes:
- minio_data:/data
functions:
image: nhost/functions:latest
restart: always
depends_on:
- hasura
ports:
- "1337:1337"
volumes:
- ./functions:/opt/nhost/functions
volumes:
postgres_data:
minio_data:
Explanation of services:
- Postgres → Main SQL database.
- Hasura → GraphQL API layer over Postgres.
- Auth → Authentication service with JWT support.
- MinIO → Object storage service (similar to AWS S3).
- Functions → Serverless runtime for backend logic.
Save and exit with CTRL + O, then CTRL + X.
Step 6: Deploy Nhost
Pull the necessary Docker images:
docker compose pull
Start all services in the background:
docker compose up -d
Verify that everything is running:
docker compose ps
Step 7: Access Nhost
Once all containers are running, open your browser and go to:
http://YOUR_SERVER_IP:8080
You should see the Hasura Console, which is your API management interface.
Step 8 (Optional): Secure Nhost with HTTPS
If you own a domain name, secure your setup using Let’s Encrypt:
apt install python3-certbot-nginx
certbot --nginx -d yourdomain.com
This ensures encrypted connections for all Nhost services.
You installed Nhost on Ubuntu 24.04 using Docker Compose.
Your new backend stack includes PostgreSQL, Hasura GraphQL, Auth, MinIO storage, and serverless functions — all self-hosted and fully manageable.
For best performance and scalability, deploy your project on a Shape.Host Cloud VPS, optimized for Docker environments and high-availability workloads.
