Skip to main content
Private Connect can be self-hosted on your own infrastructure, giving you complete control over your data and deployment environment.

Architecture

A self-hosted Private Connect deployment consists of three core components: 
┌─────────────────┐         ┌───────────┐         ┌─────────────────┐
│   Web UI (3000) │────────▶│  API Hub  │◀────────│     Agents      │
│     (Nuxt)      │         │  (3001)   │         │   (Machines)    │
└─────────────────┘         └─────┬─────┘         └─────────────────┘

                            ┌──────▼──────┐
                            │  PostgreSQL │
                            │    (5432)   │
                            └─────────────┘

Components

Web UI

Nuxt-based dashboard for managing workspaces, agents, and services

API Hub

NestJS backend handling authentication, tunneling, and orchestration

PostgreSQL

Primary database storing users, workspaces, agents, and tunnels

System Requirements

Minimum Requirements

  • OS: Linux (Ubuntu 20.04+, Debian 11+) or macOS
  • CPU: 2 cores
  • RAM: 4 GB
  • Storage: 20 GB SSD
  • Node.js: v18.0.0 or higher
  • Database: PostgreSQL 16+

Production Requirements

  • CPU: 4+ cores
  • RAM: 8+ GB
  • Storage: 50+ GB SSD
  • Network: Static IP or domain name
  • SSL: Valid TLS certificate (recommended)

Deployment Options

Docker Compose

Easiest way to get started with all components containerized

From Source

Build and run components manually for maximum control

Port Requirements

Ensure the following ports are available:
Port RangeComponentPurpose
3000Web UIDashboard access
3001API HubAgent connections & API
5432PostgreSQLDatabase (internal)
23000-23100API HubTunnel port range
The tunnel port range (23000-23100) is used for establishing connections between agents. You can configure this range based on your expected concurrent tunnels.

Environment Variables

API Hub Configuration

The API hub requires these environment variables: 
# Database connection
DATABASE_URL="postgresql://privateconnect:privateconnect@localhost:5432/privateconnect"

# API server port
PORT=3001

# Production settings
NODE_ENV=production

# Email authentication (optional)
RESEND_API_KEY=your_resend_api_key
EMAIL_FROM="Private Connect <[email protected]>"
APP_URL="https://yourdomain.com"

# AI/LLM features (optional)
ASK_LLM_PROVIDER=openai  # or anthropic, ollama
ASK_LLM_MODEL=gpt-4o-mini
ASK_LLM_API_KEY=your_api_key

Web UI Configuration

# API endpoint
NUXT_PUBLIC_API_URL="http://localhost:3001"

Agent Configuration

Agents connect to your self-hosted hub: 
# Hub URL
CONNECT_HUB_URL="http://localhost:3001"
Store sensitive environment variables (API keys, database credentials) securely using secrets management tools in production.

Database Schema

Private Connect uses Prisma ORM with PostgreSQL. The schema includes:
  • Users & Authentication: User accounts, magic links, sessions
  • Workspaces: Multi-tenant organization structure
  • Agents: Connected machines running the agent
  • Services: Exposed and reachable services
  • Tunnels: Active tunnel connections
  • Diagnostics: Service health checks and monitoring
  • Audit Logs: Security and usage tracking

Security Considerations

1

Enable HTTPS

Use a reverse proxy (nginx, Caddy) with valid TLS certificates
2

Secure the Database

Use strong passwords and restrict database access to localhost or VPC
3

Configure Firewall

Only expose ports 80/443 publicly; keep other ports internal
4

Set Up Authentication

Configure email authentication with Resend or your email provider
5

Enable Audit Logs

Monitor agent connections and tunnel usage via audit logs

Next Steps

Deploy with Docker

Quick start with Docker Compose

Build from Source

Manual setup for advanced configurations

Build docs developers (and LLMs) love

Get started for freeTalk to us