LogoLogo
HomeAcademyLoginTry for free
  • Welcome
  • What's new
    • Q2 2025
    • Q1 2025
    • Q4 2024
    • Q3 2024
    • Q2 2024
    • Q1 2024
    • Q4 2023
    • Q3 2023
    • Q2 2023
    • Q1 2023
    • Q4 2022
    • Q3 2022
  • FAQs
    • Accounts
    • Migration to the new platform
    • User & organization setup
    • General
    • Builder
    • Workflows
    • Data Observatory
    • Analytics Toolbox
    • Development Tools
    • Deployment Options
    • CARTO Basemaps
    • CARTO for Education
    • Support Packages
    • Security and Compliance
  • Getting started
    • What is CARTO?
    • Quickstart guides
      • Connecting to your data
      • Creating your first map
      • Creating your first workflow
      • Developing your first application
    • CARTO Academy
  • CARTO User Manual
    • Overview
      • Creating your CARTO organization
      • CARTO Cloud Regions
      • CARTO Workspace overview
    • Maps
      • Data sources
        • Simple features
        • Spatial Indexes
        • Pre-generated tilesets
        • Rasters
        • Defining source spatial data
        • Managing data freshness
        • Changing data source location
      • Layers
        • Point
          • Grid point aggregation
          • H3 point aggregation
          • Heatmap point aggregation
          • Cluster point aggregation
        • Polygon
        • Line
        • Grid
        • H3
        • Raster
        • Zoom to layer
      • Widgets
        • Formula widget
        • Category widget
        • Pie widget
        • Histogram widget
        • Range widget
        • Time Series widget
        • Table widget
      • SQL Parameters
        • Date parameter
        • Text parameter
        • Numeric parameter
        • Publishing SQL parameters
      • Interactions
      • Legend
      • Basemaps
        • Basemap selector
      • AI Agents
      • SQL analyses
      • Map view modes
      • Map description
      • Feature selection tool
      • Search locations
      • Measure distances
      • Exporting data
      • Download PDF reports
      • Managing maps
      • Publishing and sharing maps
        • Map settings for viewers
        • Map preview for editors
        • Collaborative maps
        • Embedding maps
        • URL parameters
      • Performance considerations
    • Workflows
      • Workflow canvas
      • Results panel
      • Components
        • Aggregation
        • Custom
        • Data Enrichment
        • Data Preparation
        • Generative AI
        • Input / Output
        • Joins
        • Parsers
        • Raster Operations
        • Spatial Accessors
        • Spatial Analysis
        • Spatial Constructors
        • Spatial Indexes
        • Spatial Operations
        • Statistics
        • Tileset Creation
        • BigQuery ML
        • Snowflake ML
        • Google Earth Engine
        • Google Environment APIs
        • Telco Signal Propagation Models
      • Data Sources
      • Scheduling workflows
      • Sharing workflows
      • Using variables in workflows
      • Executing workflows via API
      • Temporary data in Workflows
      • Extension Packages
      • Managing workflows
      • Workflows best practices
    • Data Explorer
      • Creating a map from your data
      • Importing data
        • Importing rasters
      • Geocoding data
      • Optimizing your data
    • Data Observatory
      • Terminology
      • Browsing the Spatial Data Catalog
      • Subscribing to public and premium datasets
      • Accessing free data samples
      • Managing your subscriptions
      • Accessing your subscriptions from your data warehouse
        • Access data in BigQuery
        • Access data in Snowflake
        • Access data in Databricks
        • Access data in Redshift
        • Access data in PostgreSQL
    • Connections
      • Google BigQuery
      • Snowflake
      • Databricks
      • Amazon Redshift
      • PostgreSQL
      • CARTO Data Warehouse
      • Sharing connections
      • Deleting a connection
      • Required permissions
      • IP whitelisting
      • Customer data responsibilities
    • Applications
    • Settings
      • Understanding your organization quotas
      • Activity Data
        • Activity Data Reference
        • Activity Data Examples
        • Activity Data Changelog
      • Users and Groups
        • Inviting users to your organization
        • Managing user roles
        • Deleting users
        • SSO
        • Groups
        • Mapping groups to user roles
      • CARTO Support Access
      • Customizations
        • Customizing appearance and branding
        • Configuring custom color palettes
        • Configuring your organization basemaps
        • Enabling AI Agents
      • Advanced Settings
        • Managing applications
        • Configuring S3 Bucket for Redshift Imports
        • Configuring OAuth connections to Snowflake
        • Configuring OAuth U2M connections to Databricks
        • Configuring S3 Bucket integration for RDS for PostgreSQL Exports in Builder
        • Configuring Workload Identity Federation for BigQuery
      • Data Observatory
      • Deleting your organization
    • Developers
      • Managing Credentials
        • API Base URL
        • API Access Tokens
        • SPA OAuth Clients
        • M2M OAuth Clients
      • Named Sources
  • Data and Analysis
    • Analytics Toolbox Overview
    • Analytics Toolbox for BigQuery
      • Getting access
        • Projects maintained by CARTO in different BigQuery regions
        • Manual installation in your own project
        • Installation in a Google Cloud VPC
        • Core module
      • Key concepts
        • Tilesets
        • Spatial indexes
      • SQL Reference
        • accessors
        • clustering
        • constructors
        • cpg
        • data
        • http_request
        • import
        • geohash
        • h3
        • lds
        • measurements
        • placekey
        • processing
        • quadbin
        • random
        • raster
        • retail
        • routing
        • s2
        • statistics
        • telco
        • tiler
        • transformations
      • Guides
        • Running queries from Builder
        • Working with Raster data
      • Release notes
      • About Analytics Toolbox regions
    • Analytics Toolbox for Snowflake
      • Getting access
        • Native App from Snowflake's Marketplace
        • Manual installation
      • Key concepts
        • Spatial indexes
        • Tilesets
      • SQL Reference
        • accessors
        • clustering
        • constructors
        • data
        • http_request
        • import
        • h3
        • lds
        • measurements
        • placekey
        • processing
        • quadbin
        • random
        • raster
        • retail
        • s2
        • statistics
        • tiler
        • transformations
      • Guides
        • Running queries from Builder
        • Working with Raster data
      • Release Notes
    • Analytics Toolbox for Databricks
      • Getting access
        • Personal (former Single User) cluster
        • Standard (former Shared) cluster
      • Reference
        • lds
        • tiler
      • Guides
      • Release Notes
    • Analytics Toolbox for Redshift
      • Getting access
        • Manual installation in your database
        • Installation in an Amazon Web Services VPC
        • Core version
      • Key concepts
        • Tilesets
        • Spatial indexes
      • SQL Reference
        • clustering
        • constructors
        • data
        • http_request
        • import
        • lds
        • placekey
        • processing
        • quadbin
        • random
        • s2
        • statistics
        • tiler
        • transformations
      • Guides
        • Running queries from Builder
      • Release Notes
    • Analytics Toolbox for PostgreSQL
      • Getting access
        • Manual installation
        • Core version
      • Key concepts
        • Tilesets
        • Spatial Indexes
      • SQL Reference
        • h3
        • quadbin
        • tiler
      • Guides
        • Creating spatial index tilesets
        • Running queries from Builder
      • Release Notes
    • CARTO + Python
      • Installation
      • Authentication Methods
      • Visualizing Data
      • Working with Data
        • How to work with your data in the CARTO Data Warehouse
        • How to access your Data Observatory subscriptions
        • How to access CARTO's Analytics Toolbox for BigQuery and create visualizations via Python notebooks
        • How to access CARTO’s Analytics Toolbox for Snowflake and create visualizations via Python notebooks
        • How to visualize data from Databricks
      • Reference
    • CARTO QGIS Plugin
  • CARTO for Developers
    • Overview
    • Key concepts
      • Architecture
      • Libraries and APIs
      • Authentication methods
        • API Access Tokens
        • OAuth Access Tokens
        • OAuth Clients
      • Connections
      • Data sources
      • Visualization with deck.gl
        • Basemaps
          • CARTO Basemap
          • Google Maps
            • Examples
              • Gallery
              • Getting Started
              • Basic Examples
                • Hello World
                • BigQuery Tileset Layer
                • Data Observatory Tileset Layer
              • Advanced Examples
                • Arc Layer
                • Extrusion
                • Trips Layer
            • What's New
          • Amazon Location
            • Examples
              • Hello World
              • CartoLayer
            • What's New
        • Rapid Map Prototyping
      • Charts and widgets
      • Filtering and interactivity
      • Summary
    • Quickstart
      • Make your first API call
      • Visualize your first dataset
      • Create your first widget
    • Guides
      • Build a public application
      • Build a private application
      • Build a private application using SSO
      • Visualize massive datasets
      • Integrate CARTO in your existing application
      • Use Boundaries in your application
      • Avoid exposing SQL queries with Named Sources
      • Managing cache in your CARTO applications
    • Reference
      • Deck (@deck.gl reference)
      • Data Sources
        • vectorTableSource
        • vectorQuerySource
        • vectorTilesetSource
        • h3TableSource
        • h3QuerySource
        • h3TilesetSource
        • quadbinTableSource
        • quadbinQuerySource
        • quadbinTilesetSource
        • rasterSource
        • boundaryTableSource
        • boundaryQuerySource
      • Layers (@deck.gl/carto)
      • Widgets
        • Data Sources
        • Server-side vs. client-side
        • Models
          • getFormula
          • getCategories
          • getHistogram
          • getRange
          • getScatter
          • getTimeSeries
          • getTable
      • Filters
        • Column filters
        • Spatial filters
      • CARTO APIs Reference
    • Release Notes
    • Examples
    • CARTO for React
      • Guides
        • Getting Started
        • Views
        • Data Sources
        • Layers
        • Widgets
        • Authentication and Authorization
        • Basemaps
        • Look and Feel
        • Query Parameters
        • Code Generator
        • Sample Applications
        • Deployment
        • Upgrade Guide
      • Examples
      • Library Reference
        • Introduction
        • API
        • Auth
        • Basemaps
        • Core
        • Redux
        • UI
        • Widgets
      • Release Notes
  • CARTO Self-Hosted
    • Overview
    • Key concepts
      • Architecture
      • Deployment requirements
    • Quickstarts
      • Single VM deployment (Kots)
      • Orchestrated container deployment (Kots)
      • Advanced Orchestrated container deployment (Helm)
    • Guides
      • Guides (Kots)
        • Configure your own buckets
        • Configure an external in-memory cache
        • Enable Google Basemaps
        • Enable the CARTO Data Warehouse
        • Configure an external proxy
        • Enable BigQuery OAuth connections
        • Configure Single Sign-On (SSO)
        • Use Workload Identity in GCP
        • High availability configuration for CARTO Self-hosted
        • Configure your custom service account
      • Guides (Helm)
        • Configure your own buckets (Helm)
        • Configure an external in-memory cache (Helm)
        • Enable Google Basemaps (Helm)
        • Enable the CARTO Data Warehouse (Helm)
        • Configure an external proxy (Helm)
        • Enable BigQuery OAuth connections (Helm)
        • Configure Single Sign-On (SSO) (Helm)
        • Use Workload Identity in GCP (Helm)
        • Use EKS Pod Identity in AWS (Helm)
        • Enable Redshift imports (Helm)
        • Migrating CARTO Self-hosted installation to an external database (Helm)
        • Advanced customizations (Helm)
        • Configure your custom service account (Helm)
    • Maintenance
      • Maintenance (Kots)
        • Updates
        • Backups
        • Uninstall
        • Rotating keys
        • Monitoring
        • Change the Admin Console password
      • Maintenance (Helm)
        • Monitoring (Helm)
        • Rotating keys (Helm)
        • Uninstall (Helm)
        • Backups (Helm)
        • Updates (Helm)
    • Support
      • Get debug information for Support (Kots)
      • Get debug information for Support (Helm)
    • CARTO Self-hosted Legacy
      • Key concepts
        • Architecture
        • Deployment requirements
      • Quickstarts
        • Single VM deployment (docker-compose)
      • Guides
        • Configure your own buckets
        • Configure an external in-memory cache
        • Enable Google Basemaps
        • Enable the CARTO Data Warehouse
        • Configure an external proxy
        • Enable BigQuery OAuth connections
        • Configure Single Sign-On (SSO)
        • Enable Redshift imports
        • Configure your custom service account
        • Advanced customizations
        • Migrating CARTO Self-Hosted installation to an external database
      • Maintenance
        • Updates
        • Backups
        • Uninstall
        • Rotating keys
        • Monitoring
      • Support
    • Release Notes
  • CARTO Native App for Snowflake Containers
    • Deploying CARTO using Snowflake Container Services
  • Get Help
    • Legal & Compliance
    • Previous libraries and components
    • Migrating your content to the new CARTO platform
Powered by GitBook
On this page
  • Requirements
  • Create a Linux VM instance​
  • Installation steps
  • Domain configuration
  • Configure the external database
  • Bring up the environment
  • Configure your storage buckets
  • Add your SSL certificate
  • Post-installation checks
  • Analytics Toolbox in CARTO Self-Hosted
  • Root Privileges
  • Troubleshooting

Was this helpful?

Export as PDF
  1. CARTO Self-Hosted
  2. CARTO Self-hosted Legacy
  3. Quickstarts

Single VM deployment (docker-compose)

PreviousQuickstartsNextGuides

Last updated 1 month ago

Was this helpful?

This documentation is for the CARTO Self-Hosted Legacy Version. Use only if you've installed this specific version. Explore our latest documentation for updated features.

Estimated time: Completing this deployment guide is expected to take approximately 3 hours. This estimate may vary based on individual familiarity with the technology stack involved and the complexity of your organization's environment.

Requirements

To deploy CARTO Self-Hosted based on a Single VM deployment, you need:

  • A CARTO Self-Hosted installation package containing your environment configuration and a license key. The package has two files: customer.env and key.json. If you don't have it yet, you can ask for it at support@carto.com.

  • A domain you own, to which you can add a DNS record.

  • Familiarity with and installations of Docker Engine and Docker Compose.

  • Familiarity as a SysAdmin in the cloud environment where you are running your installation: GCP, AWS, or Azure.

Create a Linux VM instance​

CARTO Self-Hosted can be deployed in any Virtual Machine that meets the minimum requirements specified at ).

Create a new Linux VM in the Google Cloud console that meets the minimum requirements specified at ).

Refer to the Google Cloud documentation to learn how to create a new virtual machine.

  • ​Configure the firewall to allow HTTPS traffic.

  • Specify SSD persistent with a size that meets or exceeds the minimum requirements.

Create a new Linux EC2 instance in the Amazon EC2 console using the Ubuntu Server 22.04 LTS (x86) Amazon Machine Image (AMI).

Refer to the Amazon EC2 documentation to learn how to create a new virtual machine.

  • ​Configure the firewall to allow HTTPS traffic.

  • Specify SSD persistent with a size that meets or exceeds the minimum requirements.

Create a new Linux VM in the Azure Portal that meets the minimum requirements.

Refer to the Azure documentation to learn how to create a new virtual machine.

  • ​Configure the firewall to allow HTTPS traffic.

  • When creating the VM, use SSH public key authentication and provide a username. Generate a new key-pair and specify a name. Azure generates and stores the key in the Azure KeyVault to download later.​

  • Specify SSD persistent with a size that meets or exceeds the minimum requirements.

  • Once the VM is initialized, download the private key when prompted. Update the permissions of the key-pair to ensure it has the required permissions for your SSH client.

chmod 400 <path_to_pem_file>
ssh -i <path_to_pem_file> <username>@<public_ip>

Ensure Delete public IP and NIC when VM is deleted is enabled.

Once, your VM is ready, you should log in via SSH and install the latest version of Docker Engine and Docker Compose.

Installation steps

Clone this repository:

git clone https://github.com/CartoDB/carto-selfhosted.git
cd carto-selfhosted

Checkout to the latest stable release:

git checkout tags/2025.3.19

Copy into carto-selfhosted folder the two files of the installation package

  • customer.env

  • key.json

Domain configuration

Configure your CARTO Self-hosted domain by updating the env var SELFHOSTED_DOMAIN to my.domain.com.

A full domain is required. You cannot install CARTO in a domain path like https://my.domain.com/carto

Create a DNS record that points my.domain.com to the External IP of your VM. For debugging purposes, you might want to modify your /etc/hosts:

echo "34.172.214.74 my.domain.com" >> /etc/hosts

Configure the external database

  • POSTGRES_ADMIN_USER: Your PostgreSQL admin user.

  • POSTGRES_ADMIN_PASSWORD: The password of your admin user.

  • WORKSPACE_POSTGRES_USER: The admin user to be created. It will be created with the previous admin user.

  • WORKSPACE_POSTGRES_PASSWORD: The new password to be created.

  • WORKSPACE_POSTGRES_DB: The database to be created.

# Set to 0 to not create the PostgreSQL container locally
LOCAL_POSTGRES_SCALE=0
WORKSPACE_POSTGRES_HOST=<YourServerIP>
WORKSPACE_POSTGRES_PORT=5432
WORKSPACE_POSTGRES_USER=carto_worskpace_admin
WORKSPACE_POSTGRES_PASSWORD=carto_worskpace_admin
WORKSPACE_POSTGRES_DB=carto_worskpace
# SSL will be enabled later.
WORKSPACE_POSTGRES_SSL_ENABLED=false
WORKSPACE_POSTGRES_SSL_MODE=disable
POSTGRES_ADMIN_USER=postgres
POSTGRES_ADMIN_PASSWORD=postgres

In some scenarios, it's required an SSL connection between the external database and the APIs. In that case, you should provide the SSL certificate and add to customer.env the SSL configuration of your server.

WORKSPACE_POSTGRES_SSL_ENABLED=true
WORKSPACE_POSTGRES_SSL_MODE=require
# Only applies if Postgres SSL certificate is self-signed
WORKSPACE_POSTGRES_SSL_CA=/usr/src/certs/<CERTIFICATE_NAME>.pem

Mutual TLS connections between the external database and the APIs are not supported, so client certificates can't be configured on your external database

You should copy your certificate in .pem format into the certs folder located inside your installation route. We'll automatically mount the whole certs folder inside the required containers so that they can use the SSL certificate.

Bring up the environment

Run the install.sh script to generate the .env file out of the customer.env file:

bash install.sh

Bring up the environment:

docker-compose up -d

Check all the containers are up and running:

docker-compose ps

All containers should be in the state Up, except for workspace-migrations which state should be Exit 0, meaning the database migrations finished correctly.

A non-production-ready deployment of CARTO should be available at https://my.domain.com.

Configure your storage buckets

CARTO Self-hosted platform needs access to some storage buckets to save some resources needed by the platform. These buckets are in charge of storing assets such as imported datasets, map snapshots and custom markers.

You can create and use your own storage buckets in any of the following supported storage providers:

  • Google Cloud Storage

  • AWS S3

  • Azure Blob Storage

And in order to configure them, there is a detailed guide available that you should follow to complete the Self-Hosted configuration process.

Add your SSL certificate

By default, CARTO Self-hosted will generate and use a self-signed certificate. In production environments, you need to provide your own SSL certificate.

If you don't have yet a valid certificate for the domain of your Self-hosted, you might be interested in using https://letsencrypt.org/ to get a valid one.

A valid certificate contains:

  • A .crt file with your custom domain x509 certificate.

  • A .key file with your custom domain private key.

If your TLS certificate key is protected with a passphrase the CARTO Self-hosted installation won't be able to work as expected. You can easily generate a new key file without passphrase protection using the following command:

openssl rsa -in keyfile_with_passphrase.key -out new_keyfile.key
  1. Create a certs folder in the current directory (carto-selfhosted)

  2. Copy your <cert>.crt and <cert>.key files in the certs folders

  3. Modify the following vars in the customer.env file:

    ROUTER_SSL_AUTOGENERATE=0
    ROUTER_SSL_CERTIFICATE_PATH=/etc/nginx/ssl/my.domain.com.crt
    ROUTER_SSL_CERTIFICATE_KEY_PATH=/etc/nginx/ssl/my.domain.com.key

Refresh:

bash install.sh
docker-compose up -d 

Post-installation checks

In order to verify CARTO Self Hosted was correctly installed, and it's functional, we recommend performing the following checks:

  1. Sign in to your Self Hosted, create a user and a new organization.

  2. Go to the Connections page, in the left-hand menu, create a new connection to one of the available providers.

  3. Go to the Data Explorer page, click on the Upload button right next to the Connections panel. Import a dataset from a local file.

  4. Go back to the Maps page, and create a new map.

  5. In this new map, add a new layer from a table using the connection created in step 3.

  6. Create a new layer from a SQL Query to the same table. You can use a simple query like:

SELECT * FROM <dataset_name.table_name> LIMIT 100;
  1. Create a new layer from the dataset imported in step 4.

  2. Make the map public, copy the sharing URL, and open it in a new incognito window.

  3. Go back to the Maps page, and verify your map appears there, and the map thumbnail represents the latest changes you made to the map.

Congrats! Once you've configured your custom buckets, you should have a production-ready deployment of CARTO Self-Hosted at https://my.domain.com

You may notice that the onboarding experience (demo maps, demo workflows...) and the Data Observatory-automated features (subscriptions, enrichment...) are disabled by default in your new organization, because the CARTO Data Warehouse is not enabled.

If you'd like to enable the onboarding experience and the Data Observatory features, follow the guide to enable the CARTO Data Warehouse or contact support@carto.com.

If you prefer not to enable the CARTO Data Warehouse, you can still use the Data Observatory without the UI features: after getting in touch, our team can deliver the data (both premium and public subscriptions) manually to your data warehouse.

Analytics Toolbox in CARTO Self-Hosted

To fully leverage CARTO's capabilities you need to gain access to the Analytics Toolbox functions. This step is crucial to fully leverage CARTO's capabilities. Please refer to the documentation of your data warehouse provider for detailed instructions:

  • Google BigQuery

  • Amazon Redshift

  • Snowflake

  • PostgreSQL

Root Privileges

The installation of CARTO Self-Hosted doesn't require root privileges. It can be performed using a regular system user with permission to execute the docker and docker-compose binaries.

This means that once the dependencies and prerequisites are satisfied, the operator that runs the installation only requires permission to run the docker and docker-compose binaries.

This is usually achieved by adding the system user to the docker group, but there is more detailed information here.

Troubleshooting

The following standard commands of docker-compose could be used to debug possible issues that might arise:

docker-compose logs and docker-compose ps

Database

The container workspace-migrations will be responsible for creating a new user carto_worskpace_admin and a database carto_workspace.

To debug possible errors with the connection of the external database, you might need to check the logs of this container:

docker-compose logs workspace-migrations

For further assistance, check our Support page.

Add to customer.env the configuration of the . At this point, you need to provide a PostgreSQL admin user (typically postgres) with permission to create users and databases.

Single VM deployments (docker-compose
Single VM deployments (docker-compose
external database