Skip to content

Budibase - Form Builder & Database

Budibase is shaping up to be out webapp development platform of choice! Learning as we go with it :)

Budibase Installation and Public Deployment Manual with Cloudflared Tunnel

Table of Contents:

  1. Overview
  2. Requirements
  3. Installing Docker and Docker Compose on Ubuntu
  4. Configuring Budibase with Docker Compose
  5. Setting Up Cloudflare Tunnel for Public Access
  6. Cloudflare SSL Configuration and HTTPS for Secure Traffic
  7. Setting Up Network Proxies for Budibase
  8. Outbound Allow-list Configuration
  9. Complete Deployment Instructions
  10. Monitoring and Future Management
  11. Helpful Commands and Troubleshooting

1. Overview

This guide provides step-by-step instructions to install Budibase on an Ubuntu server and securely deploy it using a Cloudflare Tunnel. By following these instructions, Budibase will be available over the internet with a Cloudflare-proxied domain, secured by HTTPS, and configured to route traffic through an organizational HTTP/HTTPS proxy.

2. Requirements

Before we start, here is what you'll need:

  • An Ubuntu (or other Linux) system with typical system requirements (Docker supported).
  • An internet connection.
  • A Cloudflare account (free-tier works fine).
  • Domain registered in Cloudflare (you will point your domain's DNS to Cloudflare).
  • A proxy (if you are using an organizational proxy for HTTP and HTTPS).

3. Installing Docker and Docker Compose on Ubuntu

3.1 Install Docker

Run the following commands to install Docker on your Ubuntu machine:

# Update the system packages.
sudo apt update

# Install prerequisite packages.
sudo apt install apt-transport-https ca-certificates curl software-properties-common

# Add Docker's official GPG key.
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

# Set up the Docker stable repository.
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker.
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io

Enable and start Docker:

sudo systemctl enable docker
sudo systemctl start docker

Verify Docker is successfully installed:

docker --version

3.2 Install Docker Compose

Install Docker Compose to manage multi-container Docker environments like Budibase:

sudo curl -L "https://github.com/docker/compose/releases/download/v$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep -Po '"tag_name": "\K[0-9.]+')" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version

4. Configuring Budibase with Docker Compose

4.1 Download Budibase Docker Compose Configuration Files

Start by creating a directory to store Budibase Docker Compose files:

mkdir ~/budibase && cd ~/budibase

Create the docker-compose.yml file:

nano docker-compose.yml

Paste the following content into this file:

version: "3"

services:
  app-service:
    restart: unless-stopped
    image: budibase.docker.scarf.sh/budibase/apps
    container_name: bbapps
    environment:
      SELF_HOSTED: 1
      COUCH_DB_URL: http://${COUCH_DB_USER}:${COUCH_DB_PASSWORD}@couchdb-service:5984
      WORKER_URL: http://worker-service:4003
      MINIO_URL: http://minio-service:9000
      MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
      MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
      INTERNAL_API_KEY: ${INTERNAL_API_KEY}
      BUDIBASE_ENVIRONMENT: ${BUDIBASE_ENVIRONMENT}
      PORT: 4002
      API_ENCRYPTION_KEY: ${API_ENCRYPTION_KEY}
      JWT_SECRET: ${JWT_SECRET}
      REDIS_URL: redis-service:6379
      REDIS_PASSWORD: ${REDIS_PASSWORD}
      BB_ADMIN_USER_EMAIL: ${BB_ADMIN_USER_EMAIL}
      BB_ADMIN_USER_PASSWORD: ${BB_ADMIN_USER_PASSWORD}

  worker-service:
    restart: unless-stopped
    image: budibase.docker.scarf.sh/budibase/worker
    container_name: bbworker
    environment:
      SELF_HOSTED: 1
      PORT: 4003
      MINIO_URL: http://minio-service:9000
      COUCH_DB_URL: http://${COUCH_DB_USER}:${COUCH_DB_PASSWORD}@couchdb-service:5984

  minio-service:
    restart: unless-stopped
    image: minio/minio
    volumes:
      - minio_data:/data
    command: server /data --console-address ":9001"

  redis-service:
    restart: unless-stopped
    image: redis
    command: redis-server --requirepass "${REDIS_PASSWORD}"
    volumes:
      - redis_data:/data

  couchdb-service:
    restart: unless-stopped
    image: budibase/couchdb
    environment:
      - COUCHDB_PASSWORD=${COUCH_DB_PASSWORD}
      - COUCHDB_USER=${COUCH_DB_USER}
    volumes:
      - couchdb3_data:/opt/couchdb/data

volumes:
  couchdb3_data: {}
  minio_data: {}
  redis_data: {}

Create the .env file to store environment variables:

nano .env

Paste the following values into the file:

# Port configuration
MAIN_PORT=10000

# Secrets (change these for security)
API_ENCRYPTION_KEY=testsecret
JWT_SECRET=testsecret
MINIO_ACCESS_KEY=budibase
MINIO_SECRET_KEY=budibase
COUCH_DB_PASSWORD=budibase
COUCH_DB_USER=budibase
REDIS_PASSWORD=budibase
INTERNAL_API_KEY=budibase

# Optional Admin account
BB_ADMIN_USER_EMAIL=[email protected]
BB_ADMIN_USER_PASSWORD=admin

5. Setting Up Cloudflare Tunnel for Public Access

5.1 Installing Cloudflared

To expose Budibase publicly while hiding your server’s real IP address, use Cloudflare Tunnel. First, install the cloudflared utility.

sudo apt-get install -y curl
curl -fsSL https://pkg.cloudflare.com/gpg.pkg.cloudflare.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/cloudflare-tunnel-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/cloudflare-tunnel-archive-keyring.gpg] https://pkg.cloudflare.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflared.list
sudo apt-get update
sudo apt-get install cloudflared

5.2 Authenticating Cloudflared with Cloudflare

Run the following command to log into Cloudflare and authenticate the tunnel:

cloudflared tunnel login

5.3 Creating the Cloudflare Tunnel

cloudflared tunnel create budibase-tunnel

Note the tunnel ID and name from the output—it is needed later.

5.4 Configuring the Cloudflared Tunnel

Create the configuration for the tunnel to proxy traffic to Budibase:

sudo mkdir -p /etc/cloudflared/
sudo nano /etc/cloudflared/config.yml

Add the following lines:

tunnel: budibase-tunnel
credentials-file: /etc/cloudflared/<TUNNEL_ID>.json
ingress:
  - hostname: your-subdomain.example.com
    service: http://localhost:10000
  - service: http_status:404

Replace <TUNNEL_ID> with the tunnel ID from the previous step. Replace your-subdomain.example.com with your actual domain/subdomain.

5.5 Start the Tunnel

cloudflared tunnel run budibase-tunnel

Optionally, install cloudflared as a service to ensure it runs automatically:

sudo cloudflared service install

6. Cloudflare SSL Configuration and HTTPS for Secure Traffic

6.1 Enable HTTPS in Cloudflare Dashboard

  1. Go to SSL/TLS in your Cloudflare account.
  2. Set the mode to Full or Full (Strict) (recommended for production).
  3. Enable Always Use HTTPS to make sure all traffic is routed over HTTPS.

6.2 [Optional] Setup Origin SSL Certificates

To ensure secure traffic between Cloudflare and your server:

  1. Go to SSL/TLS > Origin Server.
  2. Click Create Certificate.
  3. Copy the certificate and private key and install them on your server.

7. Setting Up Network Proxies for Budibase

If your server is inside a restricted network where a proxy service is necessary, modify the environment settings to allow proxying for HTTP/HTTPS services:

  • Modify Docker Compose as follows:
services:
  app-service:
    environment:
      GLOBAL_AGENT_HTTP_PROXY: http://your-proxy.net
      GLOBAL_AGENT_HTTPS_PROXY: https://your-proxy.net
      GLOBAL_AGENT_NO_PROXY: couchdb-service,minio-service,localhost

Update both app-service and worker-service to ensure traffic is routed through your proxy server.

8. Outbound Allow-list Configuration

Make sure your firewall or proxy settings allow outbound traffic to the following URLs for Budibase to function fully:

  • https://cdn.jsdelivr.net
  • https://fonts.gstatic.com
  • https://rsms.me
  • https://maxcdn.bootstrapcdn.com
  • https://prod-budi-templates.s3-eu-west-1.amazonaws.com
  • https://account.budibase.app (for license check if required).

9. Complete Deployment Instructions

Now that everything is set up, you can start the deployment:

  1. Start Docker Compose:
docker-compose up -d
  1. Check Cloudflare Tunnel:
cloudflared tunnel info
  1. Visit your application in the browser at https://your-subdomain.example.com.

10. Monitoring and Future Management

  • Monitor Docker Logs to check the status of your Budibase services:
docker-compose logs -f
  • Check the Status of the Tunnel:
cloudflared tunnel info
  • Stop or Restart the Budibase Deployment:
docker-compose down
docker-compose up -d

11. Helpful Commands and Troubleshooting

  • Restart Docker Containers:
docker-compose down && docker-compose up -d
  • Edit Configuration:
nano docker-compose.yml
nano .env
  • Debugging Issues:

Check Docker logs for issues: 

docker-compose logs

Check tunnel status and logs: 

cloudflared tunnel info
cloudflared tunnel logs

Congratulations! Following these steps, Budibase should now be securely running and available to the public through your Cloudflare-proxied hostname.