Skip to main content
Documenso is designed to be self-hosted, giving you full control over your document signing infrastructure. This guide will help you understand the requirements and options for deploying Documenso on your own servers.

Why Self-Host?

Self-hosting Documenso provides several advantages:
  • Data sovereignty: Keep all your documents and signatures on your own infrastructure
  • Full control: Customize and configure Documenso to meet your specific needs
  • Privacy: No third-party access to your sensitive documents
  • Cost savings: Avoid per-user or per-document pricing for larger deployments
  • Compliance: Meet regulatory requirements for data residency

System Requirements

Before deploying Documenso, ensure your system meets these minimum requirements:

Minimum Requirements

  • CPU: 2 cores
  • RAM: 4GB minimum (8GB recommended for production)
  • Storage: 20GB minimum (depends on document volume)
  • Node.js: v22.0.0 or higher
  • Database: PostgreSQL 15 or higher

Required Services

PostgreSQL Database

A PostgreSQL database (v15+) is required for storing application data, user accounts, and document metadata.

SMTP Server

An SMTP server is required for sending email notifications to document signers and recipients.

Optional Services

S3-Compatible Storage

Use S3 or compatible storage (MinIO, DigitalOcean Spaces) for document storage instead of the database.

OAuth Providers

Configure Google, Microsoft, or OIDC providers for single sign-on authentication.

Deployment Options

Documenso can be deployed in several ways depending on your infrastructure and expertise:

Docker Compose

Fastest way to get started with a complete production-ready stack including database.

Manual Installation

Build and deploy from source for maximum control and customization options.

Railway

One-click deployment to Railway with automatic provisioning of database and services.

Render

Deploy to Render with automatic builds and managed PostgreSQL database.

Core Environment Variables

All deployment methods require configuring essential environment variables:

Required Variables

NEXTAUTH_SECRET
string
required
Secret key for NextAuth.js encryption. Generate with openssl rand -hex 32.
NEXT_PRIVATE_ENCRYPTION_KEY
string
required
Primary encryption key (minimum 32 characters). Generate with openssl rand -hex 32.
NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY
string
required
Secondary encryption key (minimum 32 characters). Generate with openssl rand -hex 32.
NEXT_PUBLIC_WEBAPP_URL
string
required
Public URL where your Documenso instance will be accessible (e.g., https://documenso.example.com).
NEXT_PRIVATE_DATABASE_URL
string
required
PostgreSQL connection string with connection pooling.Example: postgresql://user:password@localhost:5432/documenso
NEXT_PRIVATE_DIRECT_DATABASE_URL
string
required
PostgreSQL connection string for migrations (without connection pooling).Usually the same as NEXT_PRIVATE_DATABASE_URL for self-hosted deployments.

SMTP Configuration

NEXT_PRIVATE_SMTP_FROM_NAME
string
required
Sender name for outgoing emails (e.g., “Documenso”).
NEXT_PRIVATE_SMTP_FROM_ADDRESS
string
required
Sender email address (e.g., “[email protected]”).
NEXT_PRIVATE_SMTP_HOST
string
SMTP server hostname (required for smtp-auth transport).
NEXT_PRIVATE_SMTP_PORT
number
SMTP server port (required for smtp-auth transport).
NEXT_PRIVATE_SMTP_USERNAME
string
SMTP authentication username.
NEXT_PRIVATE_SMTP_PASSWORD
string
SMTP authentication password.

Signing Certificate

A signing certificate is required for creating legally valid digital signatures on documents.
NEXT_PRIVATE_SIGNING_PASSPHRASE
string
Password for the signing certificate file.
NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH
string
Path to the .p12 certificate file. Defaults to /opt/documenso/cert.p12.
NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS
string
Base64-encoded certificate contents (alternative to file path).
See the specific deployment guides for instructions on generating or configuring signing certificates.

Security Considerations

Never commit secrets to version control. Always use environment variables or secret management tools.

Best Practices

  1. Use strong random secrets: Generate all secrets using openssl rand -hex 32 or similar cryptographically secure methods
  2. Enable HTTPS: Always use HTTPS in production with valid SSL certificates
  3. Secure your database: Use strong passwords and restrict database access to your application only
  4. Regular backups: Implement automated backups for your database and signing certificates
  5. Keep updated: Regularly update Documenso to get the latest security patches
  6. Restrict signup: Consider setting NEXT_PUBLIC_DISABLE_SIGNUP=true and manually create user accounts

Storage Options

By default, Documenso stores documents in the PostgreSQL database. For production deployments with many documents, consider using S3-compatible storage: 
NEXT_PUBLIC_UPLOAD_TRANSPORT=s3
NEXT_PRIVATE_UPLOAD_ENDPOINT=https://s3.amazonaws.com
NEXT_PRIVATE_UPLOAD_REGION=us-east-1
NEXT_PRIVATE_UPLOAD_BUCKET=documenso-documents
NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID=your-access-key
NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY=your-secret-key
Supported providers:
  • Amazon S3
  • MinIO
  • DigitalOcean Spaces
  • Backblaze B2
  • Any S3-compatible storage

Next Steps

Choose your preferred deployment method and follow the detailed guide:

Docker Deployment

Get started with Docker Compose in minutes

Manual Installation

Build from source for custom deployments

Railway Deployment

One-click deploy to Railway

Render Deployment

Deploy to Render platform

Need Help?

If you encounter issues during deployment:

Build docs developers (and LLMs) love

Get started for freeTalk to us