Self-hosting

Deploy TofuPilot on your own infrastructure with Docker. Full control over your data, networking, and security with self-hosted deployment.

Screenshot of TofuPilot application with custom url

TofuPilot accounts are hosted on our AWS-powered cloud, managed by our team. This ensures strong security, high performance, automatic updates, and no infrastructure to manage on your side.

If you have strict IT requirements or need full control, you can self-host TofuPilot on your own infrastructure.

Prerequisites

Enterprise trial

Contact our team to activate an Enterprise trial. We'll give you access to the private Docker image.

Your cloud data can be migrated to your self-hosted instance on request.

System requirements

OS: Ubuntu 20.04+ or Debian (64-bit, x86_64)
CPU: 2 cores or more
RAM: 4 GB minimum
Storage: 20 GB+ depending on file uploads
Privileges: Sudo access required
Network: Ports 80 and 443 must be open

Domains

Set up two DNS A records pointing to your server IP:

tofupilot.yourcompany.com — main application
storage.tofupilot.yourcompany.com — file storage

Authentication

TofuPilot doesn't store passwords. Enable at least one of the following:

Method	Required credentials
Email	SMTP host, port, user, password, from address
Google OAuth	Client ID, Client Secret
Microsoft Entra ID	Client ID, Client Secret, Tenant ID
GitHub OAuth	Client ID, Client Secret
GitLab OAuth	Client ID, Client Secret, Issuer URL

The deploy script will prompt you for the credentials of each provider you want to enable.

OAuth redirect URIs

When registering your OAuth app, set the redirect URI to:

Provider	Redirect URI
Google	`https://tofupilot.yourcompany.com/api/auth/callback/google`
Microsoft	`https://tofupilot.yourcompany.com/api/auth/callback/microsoft`
GitHub	`https://tofupilot.yourcompany.com/api/auth/callback/github`
GitLab	`https://tofupilot.yourcompany.com/api/auth/callback/gitlab`

Deploy

SSH into your server and run:

curl -sSL https://tofupilot.sh/deploy | bash

The script installs Docker if needed, prompts for configuration, and starts all services.

Deploy a specific version

curl -sSL https://tofupilot.sh/deploy | bash -s -- --version 2.8.0

List available versions

curl -sSL https://tofupilot.sh/deploy | bash -s -- --list-versions

Post-installation

Go to your domain (e.g. https://tofupilot.yourcompany.com) and create your admin account.

Upload runs to your instance

Configure your test scripts to point to your self-hosted instance:

import openhtf as htf
from tofupilot.openhtf import TofuPilot

def main():
  test = htf.Test(
      procedure_id="FVT1",
      part_number="PCB1",
  )
  # Specify your instance URL
  with TofuPilot(test, url="https://tofupilot.yourcompany.com"):
      test.execute(lambda: "PCB1A001")

if __name__ == '__main__':
  main()

from tofupilot import TofuPilotClient
from datetime import timedelta

def main():
  client = TofuPilotClient(url="https://tofupilot.yourcompany.com")

  client.create_run(
      procedure_id="FVT1",
      run_passed=True,
      unit_under_test={
          "serial_number": "PCB1A001",
          "part_number": "PCB1"
      },
      duration=timedelta(minutes=1, seconds=45),
  )

if __name__ == '__main__':
  main()

from tofupilot.v2 import TofuPilot

def main():
  client = TofuPilot(
      api_key="your_api_key",
      server_url="https://tofupilot.yourcompany.com/api"
  )

  result = client.runs.create(
      procedure_id="FVT1",
      run_passed=True,
      unit_under_test={
          "serial_number": "PCB1A001",
          "part_number": "PCB1"
      }
  )

  print(f"Run created: {result.url}")

if __name__ == '__main__':
  main()

Custom certificates

If your instance uses custom SSL certificates (self-signed or internal CA), configure the Python client to trust them.

Get the certificate

echo | openssl s_client -connect tofupilot.yourcompany.com:443 -showcerts 2>/dev/null | openssl x509 -outform PEM > ca-certificate.pem

Connect with custom certificate

from tofupilot import TofuPilotClient

client = TofuPilotClient(
  url="https://tofupilot.yourcompany.com",
  verify="/path/to/ca-certificate.pem"
)

# For OpenHTF
from tofupilot.openhtf import upload
test.add_output_callbacks(
  upload(
      url="https://tofupilot.yourcompany.com",
      verify="/path/to/ca-certificate.pem"
  )
)

from tofupilot.v2 import TofuPilot
import httpx

http_client = httpx.Client(
  verify="/path/to/ca-certificate.pem"
)

client = TofuPilot(
  api_key="your_api_key",
  server_url="https://tofupilot.yourcompany.com/api",
  client=http_client
)

Manage

Common commands to manage your instance:

docker compose ps          # Check service status
docker compose logs -f     # Follow live logs
docker compose restart     # Restart all services
docker compose down        # Stop all services
docker compose up -d       # Start all services

Update

Re-run the deploy script:

curl -sSL https://tofupilot.sh/deploy | bash

Or update to a specific version:

curl -sSL https://tofupilot.sh/deploy | bash -s -- --version 2.8.0

Uninstall

curl -sSL https://tofupilot.sh/deploy | bash -s -- --uninstall

This permanently removes all containers, volumes, configuration, and data.

Backups

Back up these Docker volumes regularly:

tofupilot-pg-data — PostgreSQL database
tofupilot-seaweed-data — uploaded files and attachments

How is this guide?

Self-hosting

On this page