Instructions & configuration
Instructions & configuration options for self-hosting Nango.
These instructions only apply for free self-hosting features, not Enterprise features (feature list).
Server URL, Callback URL & Custom Domains
Add server environment variables for the instance URL and port (in the .env
file or directly on Heroku/Render):
The resulting callback URL for OAuth will be <INSTANCE-URL>/oauth/callback
.
If you are using a custom domain, you should change the NANGO_SERVER_URL
server environment variable accordingly (in the .env
file or directly on
Heroku/Render).
Persistent storage
If deploying with Docker Compose (e.g. AWS, GCP, DO), the database is bundled in a docker container with local storage using Docker registries. This is a no-go for production.
Connect Nango to an external Postgres DB that lives outside the docker setup to mitigate this.
To do so, modify the default values of the following server env variables (in
the .env
file):
Records saved by syncs can be persisted in a dedicated database. If you opt in for this setup, set the RECORDS_DATABASE_URL
env var. Ex:
Special characters in the RECORDS_DATABASE_URL should be URL encoded. If not specified, the records will be stored in the main database.
Deploying with Render or Heroku automatically generates a persistent database connected to your Nango instance.
For Render, the environment variables above are automatically set for you. For Heroku, check out our Heroku docs page for specific instructions.
Securing your instance
Securing the dashboard
By default, the dashboard of your Nango instance is open to anybody who has access to your instance URL.
You can secure it with Basic Auth by setting the following environment variables and restarting the server:
Encrypt sensitive data
You can enforce encryption of sensitive data (tokens, secret key, app secret) using the AES-GCM encryption algorithm. To do so, generate a 256-bit base64-encoded key:
And set the NANGO_ENCRYPTION_KEY
environment variable to the generated key:
Once you restart the Nango server, the encryption of the database will happen automatically. Please note that, at the current time, you cannot modify this encryption key once you have set it.
Custom websockets path
The Nango server serves websockets from the /
path by default for use by @nangohq/frontend
during the login flow.
If you want more isolation between websockets and the dashboard (also served from /
), then you can set the NANGO_SERVER_WEBSOCKETS_PATH
environment variable to serve websockets from a different path:
If you do set this variable to a different path, you will need to configure the websocketsPath
parameter when initializing the Nango
object in the @nangohq/frontend
SDK:
Telemetry
We use telemetry to understand Nango’s usage at a high-level and improve it over time.
Telemetry on self-hosted instances is very light by default. We only track core actions and do not track sensitive information.
You can disable telemetry by setting the env var TELEMETRY=false
(in the
.env
file or directly on Heroku/Render).
Logs
We use Elasticsearch to store Nango’s execution logs and power the logs UI. To limit the requirements to self-host, this stack is optional and up to the developer to setup.
If you want to enable logs, you will need to:
- Host an Elasticsearch cluster
- Update your environment variables, with
NANGO_LOGS_ENABLED=true
and add the appropriate values inNANGO_LOGS_ES_*
Hosting
To host an Elasticsearch cluster you have multiple solutions:
- Locally: uncomment the service inside
docker-compose.yml
(GitHub) and rundocker-compose up
- ElasticCloud: minimal installation on Standard tier is about 20€/mo (elastic.co)
- Render: deploy a free instance (render.com)
Alternatives
We don’t provide alternatives storage for the moment.
If NANGO_LOGS_ENABLED
is false
, all the logs are sent to stdout so you can always find everything in your hosts logs UI.
Was this page helpful?