Below are the instructions for deploying with Docker Compose, see our docs for more specific details for AWS, GCP, or Azure, as well as for deploying with Helm, Kubernetes, or ECS. Check out our Community Forums if you have questions or issues, and see our deprecated-onpremise repo if you need to reference legacy deployment instructions.
Install → Configure → Run → Upgrade
Important
We test and support running on Ubuntu. If on a different platform, you may need to manually install requirements like Docker.
- Download this repo
git clone https://github.com/tryretool/retool-onpremise retool && cd retool
- Run our install script to attempt to set up Docker and initialize the
.envfiles
./install.sh
The script will create docker.env and retooldb.env if successful, else it should call out potential issues to address before rerunning.
Warning
We now assume Compose v2 is installed as a plugin accessed through docker compose, we no longer use the legacy v1 docker-compose syntax. You may need to use the latter based on your OS and installation, see Docker's docs for more context on the migration.
Tip
Optionally run sudo usermod -aG docker $USER and log out/back in to not require sudo for every Docker command moving forward. Not required, but we'll assume this in the guide
-
Check the generated
.envfiles to make sure the license key and randomized keys were set as expected during the installation. -
Save off the
ENCRYPTION_KEYvalue, since this is needed to encrypt/decrypt values saved into the Postgres database the Retool instance runs on. -
Replace
X.Y.Z-stableinDockerfilewith the desired Retool version listed in our Dockerhub repo, we recommend the latest patch of the most recent stable version. -
To set up HTTPS, you'll need your domain pointing to your server's IP address. If that's in place, make sure
DOMAINSis correct indocker.env, and then setSTAGE=productionincompose.yamlfor thehttps-portalcontainer to attempt to get and use a freeLet's Encryptcert for your domain on startup.
Warning
You must set COOKIE_INSECURE=true in docker.env to allow logging into Retool without HTTPS configured (not recommended)
- By default, the deployment will include a Temporal container for Workflows. If you have an Enterprise license and would like to instead use Retool's managed Temporal cluster, comment out the
includeblock incompose.yamland theWORKFLOW_TEMPORAL_...environment variables indocker.env. Check out our docs for more information on Temporal deployment options.
- Bring up containers
docker compose up -d
- Check your container statuses after a few minutes
docker compose ps
- Check your container logs if any container isn't up and running
docker compose logs
- Go to your domain or IP in a browser and click
Sign upto initialize and log into the new instance
Set the new version in Dockerfile, and either run ./upgrade.sh or follow the below steps:
- Download and build the new images
docker compose build
- Bring up the new containers to replace the old ones
docker compose up -d
- Remove the old images from the system
docker image prune -a -f