Skip to main content

Overview

Tambo can be self-hosted on your infrastructure using Docker. You get the same features as Tambo Cloud but with complete control over deployment, data, and scaling. The self-hosted stack includes:
  • Web Dashboard (Next.js) - User interface for managing projects and API keys
  • API Service (NestJS) - Backend handling agent execution and conversation state
  • PostgreSQL - Database for threads, messages, and configuration
  • MinIO (optional) - S3-compatible storage for file uploads

Architecture

Tambo consists of three main services:
ServiceTechnologyPortDescription
webNext.js8260Dashboard and UI
apiNestJS8261REST API and agent execution
postgresPostgreSQL 175433Data persistence

Prerequisites

  • Docker and Docker Compose installed
  • OpenAI API key (or compatible provider)
  • 2GB+ RAM available
  • Ports 8260, 8261, and 5433 available
1
Clone the Repository
2
git clone https://github.com/tambo-ai/tambo.git
cd tambo
3
Run Setup Script
4
The setup script creates your environment configuration:
5
./scripts/cloud/tambo-setup.sh
6
This generates docker.env from docker.env.example with placeholder values.
7
Configure Environment Variables
8
Edit docker.env and set required values:
9
# Database (required)
POSTGRES_PASSWORD=your-secure-password-here
POSTGRES_USER=postgres
POSTGRES_DB=tambo

# Security secrets (required - use 32+ character random strings)
API_KEY_SECRET=your-32-character-api-key-secret
PROVIDER_KEY_SECRET=your-32-character-provider-secret
NEXTAUTH_SECRET=your-nextauth-secret

# LLM Provider (required)
FALLBACK_OPENAI_API_KEY=your-openai-api-key

# URLs (required for production)
NEXTAUTH_URL=http://localhost:8260
NEXT_PUBLIC_TAMBO_API_URL=http://localhost:8261
10
Never commit docker.env to version control. It contains secrets.
11
Start Services
12
Build and start all containers:
13
./scripts/cloud/tambo-start.sh
14
This command:
15
  • Builds Docker images for web and API
  • Starts PostgreSQL, web, and API containers
  • Runs health checks
    • 16
    First startup takes 5-10 minutes for image building.
    17
    Initialize Database
    18
    Run migrations to set up the database schema:
    19
    ./scripts/cloud/init-database.sh
    20
    This applies all migrations from packages/db/migrations/.
    21
    Access Your Deployment
    22
    Open your browser:
    23
  • Web Dashboard: http://localhost:8260
  • API: http://localhost:8261
  • API Health Check: http://localhost:8261/health
    • 24
    Create an account and generate an API key to start building.

    Environment Variables

    Required Variables

    These must be set for Tambo to function: 
    # Database
POSTGRES_PASSWORD=your-secure-password
POSTGRES_USER=postgres
POSTGRES_DB=tambo

# Encryption secrets (32+ characters)
API_KEY_SECRET=your-api-key-encryption-secret
PROVIDER_KEY_SECRET=your-provider-key-encryption-secret

# NextAuth (generate with: openssl rand -base64 32)
NEXTAUTH_SECRET=your-nextauth-secret
NEXTAUTH_URL=http://localhost:8260

# LLM Provider
FALLBACK_OPENAI_API_KEY=sk-...

    Optional Variables

    # OAuth Providers
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret

# Email (Resend)
RESEND_API_KEY=re_...
EMAIL_FROM_DEFAULT=[email protected]

# Observability
LANGFUSE_PUBLIC_KEY=pk-...
LANGFUSE_SECRET_KEY=sk-...
LANGFUSE_HOST=https://cloud.langfuse.com

# Analytics
POSTHOG_API_KEY=phc_...
POSTHOG_HOST=https://app.posthog.com

# Sentry
SENTRY_DSN=https://[email protected]/...

    Docker Compose Services

    Web Service

    web:
  image: tambo-web:latest
  build:
    context: .
    dockerfile: apps/web/Dockerfile
  ports:
    - "8260:3000"
  depends_on:
    - postgres
    - api

    API Service

    api:
  image: tambo-api:latest
  build:
    context: .
    dockerfile: apps/api/Dockerfile
  ports:
    - "8261:3000"
  depends_on:
    - postgres

    PostgreSQL

    postgres:
  image: postgres:17
  ports:
    - "5433:5432"
  volumes:
    - tambo_postgres_data:/var/lib/postgresql/data
  environment:
    POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    POSTGRES_USER: ${POSTGRES_USER}
    POSTGRES_DB: ${POSTGRES_DB}

    Management Scripts

    Tambo includes helper scripts in scripts/cloud/:

    Start/Stop Services

    # Start all services
./scripts/cloud/tambo-start.sh

# Stop all services
docker compose down

# Stop and remove volumes (deletes data)
docker compose down -v

    Database Operations

    # Initialize database (first time)
./scripts/cloud/init-database.sh

# Run migrations
docker compose exec api npm run db:migrate

# Open database shell
docker compose exec postgres psql -U postgres -d tambo

    Logs

    # View all logs
docker compose logs -f

# View specific service
docker compose logs -f api
docker compose logs -f web
docker compose logs -f postgres

# View last 100 lines
docker compose logs --tail=100 api

    Rebuilding

    # Rebuild specific service
docker compose build api
docker compose up -d api

# Rebuild all services
docker compose build
docker compose up -d

# Force rebuild without cache
docker compose build --no-cache

    Production Deployment

    Security Checklist

    Generate secure random values for all secrets:
    # Generate 32-character secret
openssl rand -base64 32

# Generate API key secret
openssl rand -hex 32
    Use a reverse proxy (nginx, Caddy, Traefik) with SSL certificates:
    server {
  listen 443 ssl http2;
  server_name tambo.yourdomain.com;
  
  ssl_certificate /path/to/cert.pem;
  ssl_certificate_key /path/to/key.pem;
  
  location / {
    proxy_pass http://localhost:8260;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
  }
}
    Use Docker networks to isolate services:
    services:
  postgres:
    networks:
      - internal
    # Don't expose port publicly
  
  api:
    networks:
      - internal
      - public

networks:
  internal:
    internal: true
  public:
    Configure OAuth providers or email login:
    GOOGLE_CLIENT_ID=...
GOOGLE_CLIENT_SECRET=...
RESEND_API_KEY=...  # For email login

    Scaling

    For production load:
    1. Horizontal scaling: Run multiple API instances behind a load balancer
    2. Database: Use managed PostgreSQL (AWS RDS, Cloud SQL, etc.)
    3. Caching: Add Redis for session storage
    4. File storage: Use S3 or compatible object storage

    Monitoring

    # Check health endpoints
curl http://localhost:8261/health

# Monitor resource usage
docker stats

# Set up Sentry for error tracking
SENTRY_DSN=https://[email protected]/...

# Enable Langfuse for LLM observability
LANGFUSE_PUBLIC_KEY=...
LANGFUSE_SECRET_KEY=...

    Backup and Restore

    Backup Database

    # Backup to file
docker compose exec postgres pg_dump -U postgres tambo > backup.sql

# Backup with compression
docker compose exec postgres pg_dump -U postgres tambo | gzip > backup.sql.gz

    Restore Database

    # Restore from backup
docker compose exec -T postgres psql -U postgres tambo < backup.sql

# Restore compressed backup
gunzip < backup.sql.gz | docker compose exec -T postgres psql -U postgres tambo

    Automated Backups

    #!/bin/bash
# backup.sh - Run daily via cron

BACKUP_DIR="/backups/tambo"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p "$BACKUP_DIR"
docker compose exec postgres pg_dump -U postgres tambo | gzip > "$BACKUP_DIR/backup_$DATE.sql.gz"

# Keep last 7 days
find "$BACKUP_DIR" -name "backup_*.sql.gz" -mtime +7 -delete

    Troubleshooting

    Check logs for errors:
    docker compose logs api
docker compose logs web
    Common issues:
    • Port conflicts (8260, 8261, 5433 in use)
    • Missing environment variables
    • Database connection failed
    Verify PostgreSQL is running:
    docker compose ps postgres
docker compose logs postgres
    Check connection string:
    DATABASE_URL=postgresql://postgres:password@postgres:5432/tambo
    Check API logs:
    docker compose logs -f api
    Common causes:
    • Missing migrations (run init-database.sh)
    • Invalid API key secrets
    • LLM provider key not set
    Verify web service is running:
    docker compose ps web
curl http://localhost:8260
    Check environment:
    NEXT_PUBLIC_TAMBO_API_URL=http://localhost:8261
NEXTAUTH_URL=http://localhost:8260

    Updating

    Update to Latest Version

    # Pull latest code
git pull origin main

# Rebuild images
docker compose build

# Run migrations
./scripts/cloud/init-database.sh

# Restart services
docker compose up -d

    Version Pinning

    For production, pin to specific versions: 
    services:
  web:
    image: tambo-web:1.0.0
  api:
    image: tambo-api:1.0.0

    Next Steps

    Environment Variables

    Complete environment variable reference

    Kubernetes Deployment

    Deploy to Kubernetes

    Operations Guide

    Backup, monitoring, and maintenance

    Troubleshooting

    Common issues and solutions

    Build docs developers (and LLMs) love

    Get started for freeTalk to us