Enterprise Self-Hosted Deployment
Deploy SchoBase in your own infrastructure with full control over data, security, and compliance. Perfect for air-gapped networks, data sovereignty requirements, and industrial OT environments.
Keep all data within your infrastructure. No external dependencies, complete control over storage and backups.
Deploy in completely isolated networks with no internet connectivity. Perfect for critical infrastructure.
Meet data sovereignty requirements: GDPR, HIPAA, IEC 62443, NERC CIP, SOC 2, and more.
Integrate with Active Directory, LDAP, SAML SSO. Deploy behind your firewall with custom security policies.
Proper network segmentation for industrial environments. Isolate OT devices from IT networks.
Deploy close to your devices and sensors. Millisecond-level latency for real-time industrial control.
Complete stack deployed in your infrastructure with Docker Compose or Kubernetes
TanStack Start web application
PostgreSQL, TimescaleDB, Redis
Keycloak self-hosted auth
Eclipse Mosquitto for IoT
Grafana dashboards
Nginx with TLS termination
Docker Compose or K8s
Automated backup scripts
┌─────────────────────────────────────────────────────────────┐
│ Nginx (Reverse Proxy + TLS) │
│ Ports: 80 (HTTP) → 443 (HTTPS) │
└────────────┬───────────────────────────────┬────────────────┘
│ │
┌─────────▼──────────┐ ┌─────────▼─────────┐
│ SchoBase App │ │ Keycloak │
│ (TanStack Start) │ │ (Authentication) │
│ Port: 3000 │ │ Port: 8080 │
└─────────┬───────────┘ └───────────────────┘
│
┌─────────┼─────────────────────────────────────────┐
│ │ Data Layer │
│ ┌─────▼──────┐ ┌──────────────┐ ┌────────┐│
│ │ PostgreSQL │ │ TimescaleDB │ │ Redis ││
│ │ (App DB) │ │(Time Series) │ │(Cache) ││
│ │Port: 5432 │ │ Port: 5433 │ │Port: ││
│ └────────────┘ └──────────────┘ │6379 ││
│ └────────┘│
└──────────────────────────────────────────────────┘
┌──────────────────┐ ┌─────────────────────┐
│ Mosquitto │ │ Grafana │
│ (MQTT Broker) │ │ (Dashboards) │
│Port: 1883,9001 │ │ Port: 3001 │
└──────────────────┘ └─────────────────────┘
▲
│
┌──────────┴──────────┐
│ Industrial Devices │
│ (PLCs, Robots, │
│ IoT Sensors) │
└─────────────────────┘Get SchoBase running on-premise in minutes with our automated deployment scripts
# Clone the repository
git clone https://github.com/Schotime-PH/schobase-11-9.git
cd schobase-11-9
# Run automated deployment
./deploy-onpremise.sh
# Verify deployment
docker compose ps
curl -k https://localhost/health# Clone the repository
git clone https://github.com/Schotime-PH/schobase-11-9.git
cd schobase-11-9
# Run PowerShell deployment script
.\deploy-onpremise.ps1
# Verify deployment
docker compose ps# 1. Copy environment template
cp .env.onpremise.template .env.onpremise
# 2. Edit configuration with your settings
nano .env.onpremise
# 3. Generate TLS certificates (or use existing)
openssl req -x509 -nodes -days 365 -newkey rsa:4096 \
-keyout nginx/certs/key.pem -out nginx/certs/cert.pem
# 4. Deploy with Docker Compose
docker compose --env-file .env.onpremise up -d
# 5. Configure Keycloak realm and client
# Access https://localhost/auth with admin credentials
# 6. Verify deployment
curl -k https://localhost/healthApplication
https://localhostKeycloak Admin
https://localhost/authGrafana Dashboards
https://localhost/grafanaMQTT Broker
mqtt://localhost:1883Native integration with industrial automation protocols
Minimum and recommended specifications for on-premise deployment
Light Usage
Medium Usage
Heavy Usage
Yes! SchoBase is designed for air-gapped environments. You'll need to download the Docker images on a machine with internet access, then transfer them to your isolated network. Our deployment scripts support offline installation mode. See ON_PREMISE_DEPLOYMENT.md for details.
Keycloak (included in the stack) provides native Active Directory / LDAP integration. After deployment, access the Keycloak admin console at https://localhost/auth, create a new federation, and configure your AD server details. Users can then authenticate using their AD credentials.
Docker Compose is simpler and perfect for single-server deployments or development. Kubernetes provides advanced features like automatic scaling, rolling updates, and multi-node high availability. For most small-to-medium deployments, Docker Compose is sufficient. Enterprise customers needing 99.99% uptime should use Kubernetes.
The deployment includes automated backup scripts (`backup.sh`). Configure backup frequency in `.env.onpremise` and set a backup destination. For restore, use the included `restore.sh` script with your backup file. All databases (PostgreSQL, TimescaleDB, Redis) are backed up with point-in-time recovery support.
Absolutely! Place your certificate files in `nginx/certs/cert.pem` and `nginx/certs/key.pem`. Update the `TLS_CERT_PATH` and `TLS_KEY_PATH` variables in `.env.onpremise` to point to your files. For Let's Encrypt certificates, use certbot with the webroot plugin and configure nginx accordingly.
Grafana is included for visualizing metrics and time series data. For application monitoring, you can integrate Prometheus, Loki for logs, and Jaeger for distributed tracing. Enterprise deployments include pre-configured dashboards for system health, database performance, and application metrics.
Use the included migration tool to export data from your cloud deployment and import it into your on-premise instance. The process involves: 1) Exporting time series data in batches, 2) Deploying on-premise stack, 3) Importing data with parallel workers, 4) Verifying data integrity, 5) Switching DNS/endpoints. Contact enterprise support for migration assistance.
Community support is available via GitHub Discussions. Enterprise customers can purchase support contracts with guaranteed SLAs, including 24/7 phone support, dedicated Slack channel, on-site deployment assistance, custom training, and proactive monitoring. Contact enterprise@schobase.dev for pricing.
Quick solutions to common deployment problems
Solution: Ensure Docker and Docker Compose are updated.
# Check versions docker --version # Should be 24.0+ docker compose version # Should be 2.20+ # View logs docker compose logs -f
Solution: Change conflicting ports in .env.onpremise
# Find what's using port 443 sudo lsof -i :443 # Change ports in .env.onpremise NGINX_HTTP_PORT=8080 NGINX_HTTPS_PORT=8443
Solution: Wait for databases to initialize fully
# Check database status docker compose ps # View database logs docker compose logs postgres docker compose logs timescaledb # Restart if needed docker compose restart postgres
Solution: Regenerate certificates or use existing ones
# Regenerate self-signed cert openssl req -x509 -nodes -days 365 \ -newkey rsa:4096 \ -keyout nginx/certs/key.pem \ -out nginx/certs/cert.pem # Restart nginx docker compose restart nginx
Solution: Clean Docker volumes or expand storage
# Check disk usage df -h docker system df # Clean up unused images/volumes docker system prune -a --volumes # Configure data retention policies
Solution: Reset admin password using Docker exec
# Reset Keycloak admin password docker compose exec keycloak \ /opt/keycloak/bin/kc.sh \ user reset-password \ --username admin # Or check .env.onpremise for password
For detailed troubleshooting steps, check the ON_PREMISE_DEPLOYMENT.md file in the repository. Enterprise customers can open support tickets for priority assistance.
Get started with our automated deployment scripts or contact our enterprise team for custom deployment planning and support.