OneraOnera Docs
Self-Hosting

Self-Hosting Onera

Deploy Onera on your own infrastructure

Self-Hosting Onera

Onera is fully open source and designed to be self-hosted. The server operates as a zero-knowledge encrypted blob store — it never sees plaintext data — so you maintain complete control over your infrastructure without compromising the security model.

Prerequisites

  • A server with at least 1 vCPU and 1 GB RAM (2 vCPU / 2 GB recommended)
  • Docker and Docker Compose v2+
  • A domain name with DNS pointing to your server (for production)
  • A Supabase project for auth and database
  • PostgreSQL 16+ (included in Docker Compose)

Deployment Options

Docker Compose

Recommended. Deploy with a single command using the provided docker-compose.yml.

Configuration

Environment variables, Supabase setup, and WebAuthn configuration.

Production Hardening

TLS/HTTPS, reverse proxy, security headers, and domain setup.

Monitoring

Health checks, logging, and observability.

Backup & Restore

Database backups, disaster recovery, and data migration.

Quick Start

If you want to get running immediately:

# Clone the repository
git clone https://github.com/onera-app/onera.git
cd onera

# Configure environment
cp .env.example .env
# Edit .env — you must set POSTGRES_PASSWORD, SUPABASE_URL, SUPABASE_SECRET_KEY,
# VITE_SUPABASE_URL, and VITE_SUPABASE_PUBLISHABLE_KEY at minimum

# Start all services
docker compose up -d

The web client will be available at http://localhost:5173 and the API at http://localhost:3000.

See Docker Compose Deployment for the full walkthrough and Configuration for all available options.

Architecture

When self-hosted, Onera runs as three containers:

┌─────────────────────────────────────────────────┐
│                  Your Server                    │
│                                                 │
│  ┌───────────┐  ┌───────────┐  ┌────────────┐  │
│  │  Web      │  │  Server   │  │ PostgreSQL │  │
│  │  (Nginx)  │──│  (Hono)   │──│  16        │  │
│  │  :5173    │  │  :3000    │  │  :5432     │  │
│  └───────────┘  └───────────┘  └────────────┘  │
│       │                                         │
└───────┼─────────────────────────────────────────┘

   Users connect here
  • Web — Nginx serves the React SPA and proxies API/WebSocket requests to the server
  • Server — Hono + tRPC backend that stores and retrieves encrypted blobs
  • PostgreSQL — Stores encrypted data, user metadata, and auth shares

All chat content is encrypted client-side before reaching the server. The server never has access to plaintext messages, API keys, or notes.

Onera Documentation

Privacy-focused AI chat with true end-to-end encryption

Docker Compose Deployment

Deploy Onera with Docker Compose

On this page

Self-Hosting OneraPrerequisitesDeployment OptionsQuick StartArchitecture