-
-
Notifications
You must be signed in to change notification settings - Fork 2
CONCEPTS
Understand the fundamental concepts of nself that you'll use every day.
nself is a self-hosted backend infrastructure platform. It provides:
- Complete Backend Stack - Database, GraphQL, authentication, storage, all working together
- Zero Vendor Lock-in - Own your infrastructure completely
- Production-Ready - Security, monitoring, backups built-in from day one
- Developer-Friendly - Simple commands, sensible defaults, fast development
Your persistent data store. Every nself project includes PostgreSQL.
# Access the database
nself db console
# Create a backup
nself db backup
# Run migrations
nself db migrateAutomatically generates a GraphQL API from your database schema.
- Automatic schema - Create a table, get GraphQL resolvers
- Subscriptions - Real-time updates via WebSockets
- Permissions - Row-level security at the database level
- Actions - Custom resolvers for business logic
# Open Hasura console
nself adminBuilt-in user authentication with JWT tokens.
- User management - Create, update, delete users
- JWT tokens - Secure API authentication
- Multi-factor auth - Optional 2FA
- OAuth integration - Google, GitHub, etc.
See Authentication Guide for detailed setup.
Routes all traffic, handles SSL/TLS termination.
-
Service discovery - Routes
api.*to Hasura,auth.*to auth service - SSL certificates - Automatic HTTPS
- Compression - gzip compression for responses
- Security headers - X-Frame-Options, CSP, etc.
Enable only what you need. Add to .env:
REDIS_ENABLED=trueIn-memory cache for performance:
- Session storage
- Rate limiting
- Real-time features
MINIO_ENABLED=trueS3-compatible object storage:
- User uploads
- Document storage
- Static assets
MONITORING_ENABLED=trueComplete observability stack:
- Prometheus - Metrics collection
- Grafana - Dashboards and visualization
- Loki - Log aggregation
- Tempo - Distributed tracing
nself is multi-tenant by default. Create isolated environments for:
- Different organizations
- Development/staging/production
- Different projects
# Create a new tenant
nself tenant create acme-corp --plan enterprise
# Switch to tenant
nself tenant switch acme-corpEach tenant:
- Has its own database schema
- Isolated data
- Separate authentication realm
- Per-tenant customization
Control data access at the row level using PostgreSQL RLS and Hasura permissions.
Example: Users can only see their own posts
-- Database policy
CREATE POLICY user_posts ON posts
USING (user_id = current_user_id());-- Hasura permission
posts.select: user_id = {{ X-Hasura-User-Id }}Result: The GraphQL API only returns posts where user_id matches the authenticated user.
Version control your database schema with migrations.
# Create a migration
nself db migrate create "add_posts_table"
# Apply migrations
nself db migrate
# Rollback
nself db migrate rollbackMigrations are stored in migrations/ and version controlled.
Configuration follows a cascade pattern. Each file overrides the previous:
.env.dev # Committed to git (shared defaults)
↓
.env.local # On your machine (your overrides)
↓
.env.staging # On staging server
↓
.env.prod # On production server
↓
.env.secrets # Ultra-sensitive credentials
Example:
# .env.dev (committed)
DATABASE_NAME=myapp_dev
HASURA_ADMIN_SECRET=dev-secret
# .env.local (your machine only)
DATABASE_NAME=myapp_local
HASURA_ADMIN_SECRET=my-local-secret-123
# Result: .env.local overrides .env.devSee Cascading Configuration for details.
nself uses Docker Compose to orchestrate services:
# View running containers
docker ps
# View logs
docker logs postgres
docker logs hasura-engineServices follow the pattern:
<project-name>-<service-name>
Example with PROJECT_NAME=my-app:
my-app_postgresmy-app_hasura-enginemy-app_auth-servicemy-app_nginx-proxy
All containers on the same Docker network:
nself-network (or <project-name>-network)
Services communicate via hostname:
-
postgres:5432- Database -
hasura-engine:8080- Hasura -
auth-service:8080- Auth
Add your own services alongside the built-in services.
# In .env
CS_1=my-api:express-js:8001
CS_2=my-worker:bullmq-js:8002When you run nself build:
- Creates
services/my-api/with Express template - Generates Dockerfile
- Adds to docker-compose.yml
- Routes
api.localhostto port 8001
Edit your code, restart:
nself restart my-api
nself logs my-api -fConfiguration via environment variables:
# Required
PROJECT_NAME=my-app
ENV=dev
# Services
POSTGRES_DB=myapp_db
HASURA_GRAPHQL_ADMIN_SECRET=secret123
# Optional services (enable with true)
REDIS_ENABLED=true
MINIO_ENABLED=true
MONITORING_ENABLED=true
# Custom services
CS_1=api:express-js:8001
# Access
BASE_DOMAIN=localhost
NGINX_PORT=8080# Start services
nself start
# Open Hasura console
nself admin
# Create table in console
# Add permissions
# Write GraphQL queries
# Test in GraphQL playground# Add to .env
CS_1=api:nestjs:8001
# Build and start
nself build
nself restart api
# Edit code in services/api/
# Restart to apply changes
nself restart api# On production server
nself init --env prod
vim .env.prod
# Build and start
nself build
nself start
# Monitor
nself monitor
nself healthChoose what to learn next:
- Authentication - Set up users, JWT, OAuth
- Database Guide - Tables, migrations, backups
- Deployment - Production setup
- Examples - Sample projects
Key Takeaway: nself gives you a complete, modern backend stack with minimal complexity. Focus on your application logic, not infrastructure.
ɳSelf CLI v1.0.9. MIT licensed. Docs CC BY 4.0.
GitHub · Issues · Discussions · nself.org · docs.nself.org
Getting Started
Commands
- Commands, Overview
- Lifecycle: cmd-init · cmd-build · cmd-start · cmd-stop · cmd-restart · cmd-dev
- Monitoring: cmd-status · cmd-logs · cmd-health · cmd-urls · cmd-doctor · cmd-monitor · cmd-alerts · cmd-sentry · cmd-watchdog · cmd-dogfood
- Data: cmd-db · cmd-backup · cmd-dr · cmd-queue · cmd-webhooks
- Config: cmd-config · cmd-service · cmd-env · cmd-promote
- Networking: cmd-ssl · cmd-trust · cmd-dns-setup
- Security: cmd-security · cmd-secrets · cmd-waf
- Tenancy: cmd-tenant · cmd-billing
- Plugins: cmd-plugin · cmd-license
- AI: cmd-ai · cmd-claw · cmd-model
- Templates: cmd-template
- Utilities: cmd-exec · cmd-clean · cmd-reset · cmd-update · cmd-upgrade · cmd-version · cmd-admin · cmd-migrate · cmd-migrate-firebase · cmd-migrate-supabase · cmd-completion
Features
- Features, Overview
- Feature-Auth
- Feature-Storage
- Feature-Search
- Feature-Functions
- Feature-Email
- Feature-Monitoring
- Feature-Plugins
- Feature-ɳClaw, AI Assistant
- Feature-ɳChat, Messaging
- Feature-ɳTV, Media Player
- Feature-ɳFamily, Family Social
- Feature-ɳCloud, Managed Hosting
- Feature-Memory-Rooms, Knowledge Organization
- Feature-Agent-Dashboard, Agent Metrics
- Feature-Image-Generation, AI Image Generation
Configuration
- Configuration, Overview
- Config-Env-Vars
- Config-Postgres
- Config-Hasura
- Config-Auth
- Config-Nginx
- Config-Optional-Services
- Config-Custom-Services
- Config-System
Plugins (87 + 10 monitoring)
Free (25)
- plugin-backup
- plugin-content-acquisition
- plugin-content-progress
- plugin-cron
- plugin-donorbox
- plugin-feature-flags
- plugin-github
- plugin-github-runner
- plugin-invitations
- plugin-jobs
- plugin-link-preview
- plugin-mdns
- plugin-mlflow
- plugin-monitoring
- plugin-notifications
- plugin-notify
- plugin-paypal
- plugin-search
- plugin-shopify
- plugin-stripe
- plugin-subtitle-manager
- plugin-tokens
- plugin-torrent-manager
- plugin-vpn
- plugin-webhooks
Pro (62)
- plugin-access-controls
- plugin-activity-feed
- plugin-admin-api
- nself-ai-gateway
- nself-ai-cc
- nself-ai-mcp
- plugin-analytics
- plugin-auth
- plugin-backup-pro
- plugin-bots
- plugin-browser
- plugin-calendar
- plugin-cdn
- plugin-chat
- plugin-claw
- plugin-claw-budget
- plugin-claw-news
- plugin-claw-web
- plugin-cloudflare
- plugin-cms
- plugin-compliance
- plugin-cron-pro
- plugin-ddns
- plugin-devices
- plugin-documents
- plugin-donorbox-pro
- plugin-entitlements
- plugin-epg
- plugin-file-processing
- plugin-game-metadata
- plugin-geocoding
- plugin-geolocation
- plugin-google
- plugin-home
- plugin-idme
- plugin-knowledge-base
- plugin-linkedin
- plugin-livekit
- plugin-media-processing
- plugin-meetings
- plugin-moderation
- plugin-mux
- plugin-notify-pro
- plugin-object-storage
- plugin-observability
- plugin-paypal-pro
- plugin-photos
- plugin-podcast
- plugin-post
- plugin-realtime
- plugin-recording
- plugin-retro-gaming
- plugin-rom-discovery
- plugin-shopify-pro
- plugin-social
- plugin-sports
- plugin-stream-gateway
- plugin-streaming
- plugin-stripe-pro
- plugin-support
- plugin-tmdb
- plugin-voice
- plugin-web3
- plugin-workflows
Planned (26)
plugin-auditplugin-blogplugin-checkoutplugin-commerceplugin-drmplugin-exportplugin-flowplugin-importplugin-ldapplugin-mailgunplugin-mediaplugin-oauth-providersplugin-pagesplugin-postmarkplugin-rate-limitplugin-reportsplugin-samlplugin-schedulerplugin-sendgridplugin-ssoplugin-subscriptionplugin-thumbplugin-transcoderplugin-twilioplugin-wafplugin-watermark
Guides
- Guide-Production-Deployment
- Guide-SSL-Setup
- Guide-Multi-Tenancy
- Guide-Security-Hardening
- Guide-Monitoring-Setup
- Guide-Backup-Restore
- Guide-Custom-Services
- Guide-Migration-from-v1
Architecture
Reference
- API-Reference
- reference-error-codes, Error Codes
Licensing
Security
Brand
Operations
- operations/release-cascade, Release Cascade
- operations/self-healing, Self-Healing Schema
- operations/redis-tuning, Redis Pool Tuning
- operations/meilisearch-warmup, MeiliSearch Warm-Up
- operations/jwt-rotation, JWT Key Rotation
- operations/windows-wsl2-setup, Windows / WSL2 Setup
- operations/gemini-oauth-reauth, Gemini OAuth Reauth
Contributing
Admin
- USER-ACTION-QUEUE, Pending Admin Actions