Single VM deployment

Deploy CARTO Self-hosted using a Virtual Machine and k0s

Estimated time: Completing this deployment guide is expected to take approximately 2 hours. This estimate may vary based on individual familiarity with the technology stack involved and the complexity of your organization's environment.


To deploy CARTO Self-Hosted based on a Single VM deployment, you need:

  • A link to the CARTO Self-Hosted installation package containing your license. If you don't have it yet, you can ask for it at

  • A domain you own, to which you can add a DNS record.

  • Familiarity as a SysAdmin in the cloud environment where you are running your installation: GCP, AWS, or Azure.

Create a Linux VM instance

CARTO Self-Hosted can be deployed in any Virtual Machine that meets the minimum requirements specified for Single VM deployments.

Create a new Linux VM in the Google Cloud console that meets the minimum requirements specified at Single VM deployments.

Refer to the Google Cloud documentation to learn how to create a new virtual machine.

  • Configure the firewall to allow HTTPS traffic.

  • Specify SSD persistent with a size that meets or exceeds the minimum requirements.

Installation steps

Install Admin Console

Download the customer package from the URL that shared by CARTO team. Select the CARTO Embedded Cluster installation and download the binary.

Extract the package content using the following command:

tar -xvf carto.tgz

Check that your machine meets the deployment requirements and install the CARTO Self-Hosted platform Admin Console with the following command:

sudo ./carto install --license license.yaml

During the installation process of CARTO Self-Hosted, you will be prompted to set a password for accessing the Admin Console. This console serves as the control center for managing various deployment options related to your CARTO instance. It is crucial to securely store this password for future access and administration tasks.

Upon completion of the installation, you can access the Admin Console through your server's IP address and port 30000 by navigating to http://your-server-ip:30000.

sudo ./carto install --license license.yaml
? Enter a new Admin Console password: ********
? Confirm password: ********
  Node installation finished
  Storage is ready!
  Embedded Cluster Operator is ready!
  Admin Console is ready!
Admin Console accessible at: http://your_ip:30000

After accessing the URL, you'll need to configure an SSL certificate for the Admin Console.

Once the SSL certificate is configured, proceed by clicking the continue button to confirm the configuration of your cluster. You can then begin customizing the settings and features of your CARTO Self-Hosted platform through the Admin Console.

Metadata database

At this point, we are setting up the configuration of the external database. You need to provide a PostgreSQL user and a database that can be used by that user to configure the metadata database used by CARTO platform.

If you already have a PostgreSQL deployment that can be used by your CARTO Self-Hosted platform, you'll have to create a new database for CARTO platform and a user with enough permissions to use that database.

In order to enable TLS connections, you'll also have to provide the SSL certificate of your PostgreSQL database.

Mutual TLS connections between the external database and the APIs are not supported, so client certificates can't be configured on your external database

Access to CARTO

In order to access CARTO Self-Hosted platform, you'll need a domain pointing to the IP address of the machine where you're deploying the platform. This domain has to be defined in the following section of the configuration:

A full domain is required. You cannot install CARTO in a domain path like

The CARTO platform necessitates a valid SSL certificate tailored to your domain to ensure secure communication and data transfer. Depending on your architecture, you have the flexibility to either terminate TLS within the CARTO application, requiring your SSL certificate, or at a higher layer.

A valid certificate contains:

  • A .crt file with your custom domain x509 certificate.

  • A .key file with your custom domain private key.

If your TLS certificate key is protected with a passphrase the CARTO Self-hosted installation won't be able to work as expected. You can easily generate a new key file without passphrase protection using the following command:

openssl rsa -in keyfile_with_passphrase.key -out new_keyfile.key

Once the configuration has been updated, you'll need a DNS record that points to the External IP of your VM. For debugging purposes, you might want to modify your /etc/hosts:

echo "" >> /etc/hosts

Cloud Storage

CARTO Self-hosted platform requires access to some storage buckets to save some resources required by the platform. These buckets are in charge of storing assets such as imported datasets, map snapshots and custom markers.

You can create and use your own storage buckets in any of the following supported storage providers:

And in order to configure them, there is a detailed guide available that you should follow to complete the Self-Hosted configuration process.

Deploy CARTO Self-Hosted platform

After finalizing your configuration, proceed by clicking the “Continue” button, which will direct you to the Dashboard of your CARTO Admin Console. Here, you'll observe a series of checks being performed to verify the readiness of your environment for hosting the CARTO platform.

It's essential to review the results of these checks to identify any failures. If all checks pass successfully, you can proceed by clicking the “Deploy” button to initiate the installation process of your Self-Hosted platform. Please, note that deployment completion may take a few minutes.

Post-installation checks

In order to verify CARTO Self Hosted was correctly installed, and it's functional, we recommend performing the following checks:

  1. Sign in to your Self Hosted, create a user and a new organization.

  2. Go to the Connections page, in the left-hand menu, create a new connection to one of the available providers.

  3. Go to the Data Explorer page, click on the Upload button right next to the Connections panel. Import a dataset from a local file.

  4. Go back to the Maps page, and create a new map.

  5. In this new map, add a new layer from a table using the connection created in step 3.

  6. Create a new layer from a SQL Query to the same table. You can use a simple query like:

SELECT * FROM <dataset_name.table_name> LIMIT 100;
  1. Create a new layer from the dataset imported in step 4.

  2. Make the map public, copy the sharing URL, and open it in a new incognito window.

  3. Go back to the Maps page, and verify your map appears there, and the map thumbnail represents the latest changes you made to the map.

Congrats! Once you've configured your custom buckets, you should have a production-ready deployment of CARTO Self-Hosted at

You may notice that the onboarding experience (demo maps, demo workflows...) and the Data Observatory-automated features (subscriptions, enrichment...) are disabled by default in your new organization, because the CARTO Data Warehouse is not enabled.

If you'd like to enable the onboarding experience and the Data Observatory features, follow the guide to enable the CARTO Data Warehouse or contact

If you prefer not to enable the CARTO Data Warehouse, you can still use the Data Observatory without the UI features: after getting in touch, our team can deliver the data (both premium and public subscriptions) manually to your data warehouse.

Analytics Toolbox in CARTO Self-Hosted

To fully leverage CARTO's capabilities, you need to gain access to the Analytics Toolbox functions. This step is crucial to fully leverage CARTO's capabilities. Please refer to the documentation of your data warehouse provider for detailed instructions:


From the Admin Console you'll be able to analyze your CARTO installation by clicking on the Troubleshoot section. You can generate a support bundle from this view, that will collect all the required information to check the status of your deployment.

For further assistance, check our Support page.

Last updated