Self-Hosting

Server setup

Run your own Encra key server. Everything you need to host the relay and key server on your own infrastructure.

⚠ License

@encra/server is licensed under Business Source License 1.1 (BUSL-1.1). Self-hosting is permitted for non-commercial and development use. Commercial hosted-service use requires a license from Encra. The license converts to Apache 2.0 on 2030-01-01.

Prerequisites

→ Node.js 18 or later

→ PostgreSQL 14 or later (or Neon — recommended)

→ A server with a public IP (EC2 t3.micro, Railway, Fly.io, etc.)

1. Clone & install

bash

git clone https://github.com/adityayaduvanshi/encra.git
cd encra
npm install

2. Database setup

We recommend Neon (free tier, serverless Postgres) for easy setup. Any PostgreSQL 14+ database works.

Run the migration to create the required tables:

bash

# Using psql
psql $DATABASE_URL -f packages/server/migrations/001_init.sql

# Or paste the SQL directly into Neon's SQL Editor

sql

CREATE TABLE IF NOT EXISTS public_keys (
  user_id    TEXT        PRIMARY KEY,
  public_key TEXT        NOT NULL,
  created_at TIMESTAMPTZ DEFAULT NOW()
);

CREATE TABLE IF NOT EXISTS message_queue (
  id           BIGSERIAL   PRIMARY KEY,
  recipient_id TEXT        NOT NULL,
  sender_id    TEXT        NOT NULL,
  ciphertext   TEXT        NOT NULL,
  nonce        TEXT        NOT NULL,
  created_at   TIMESTAMPTZ DEFAULT NOW()
);

CREATE INDEX IF NOT EXISTS idx_message_queue_recipient
  ON message_queue (recipient_id, created_at);

3. Environment variables

packages/server/.envenv

# PostgreSQL connection string
DATABASE_URL=postgresql://user:password@host:5432/dbname

# JWT secret — used to sign and verify API keys
# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
JWT_SECRET=your_64_char_hex_secret_here

# Comma-separated list of allowed origins for CORS
ALLOWED_ORIGINS=https://your-dashboard.com,http://localhost:3000

# Port (default: 3000)
PORT=3000

🚨 Keep JWT_SECRET safe

The JWT_SECRET signs your API keys. If it leaks, anyone can create valid API keys for your server. Rotate it by changing the value — all existing keys will immediately stop working.

4. Run the server

Development:

bash

cd packages/server
npm run dev

Production (with PM2 for auto-restart):

bash

cd packages/server
npm run build
npm install -g pm2
pm2 start dist/index.js --name encra-server
pm2 save
pm2 startup  # auto-start on reboot

Verify it's running:

bash

curl http://localhost:3000/health
# {"ok":true}

5. Generate API keys

API keys are JWTs signed with your JWT_SECRET. Generate one for your app:

bash

node -e "
const jwt = require('jsonwebtoken');
const token = jwt.sign(
  { developerId: 'my-app' },
  process.env.JWT_SECRET,
  { expiresIn: '1y' }
);
console.log(token);
"

Set this as the apiKey in your SDK configuration.

Production checklist

Set up HTTPS (nginx + certbot or a load balancer)

Set ALLOWED_ORIGINS to your actual dashboard URL

Use an Elastic IP or static IP — public IP changes on reboot

Configure PM2 startup script

Set up database backups

Monitor with PM2 logs or a service like Datadog

💡 Use Encra managed server instead

Hosting the server yourself takes effort. The Encra managed server handles uptime, scaling, and security for you — free during beta.

encra CLI

Database