PocketBase on VPS: installation, configuration, and maintenance

Installing PocketBase on a VPS is an efficient way to deploy a powerful, lightweight, and feature-rich backend platform, offering an SQLite database, API, authentication, and an admin panel in a single compact binary file, allowing full control over your infrastructure and optimizing costs.

In the world of web application and mobile service development, time-to-market and infrastructure flexibility play a key role. Developers are constantly seeking solutions that allow them to quickly create prototypes, MVPs (Minimum Viable Products), and even full-fledged products without needing to delve deep into complex backend setup. This is where PocketBase enters the scene – a unique project that changes the perception of what a backend can be.

PocketBase is not just a database or a framework; it's a full-fledged open-source backend server written in Go, which includes an embedded SQLite database, a RESTful API, a user authentication system, and even a convenient administrative panel. All of this is packaged into a single binary file, making it incredibly simple to deploy and manage. For projects that require rapid development, low operational costs, and full control over data, installing PocketBase on your own VPS becomes an ideal solution.

In this article, we will delve into how to deploy PocketBase on a Virtual Private Server (VPS) using Docker and Docker Compose for maximum flexibility and simplicity. We will cover system requirements, step-by-step installation, reverse proxy setup with HTTPS, backup and update strategies, and provide recommendations for choosing the optimal VPS configuration for various load scenarios. If you're looking for a way to get a powerful and manageable backend without unnecessary complexity, this article is your guide.

What is PocketBase and Why Deploy it on a VPS?

PocketBase is a unique backend solution that combines several critically important components for modern application development. It's not just a database or an API server; it's a holistic platform designed for maximum simplicity and performance.

Key Features of PocketBase

PocketBase stands out among other BaaS (Backend as a Service) solutions due to its minimalist yet powerful approach:

• Embedded SQLite Database: PocketBase is built on SQLite, making it incredibly lightweight and not requiring a separate deployment of a complex DBMS. This is ideal for projects where PostgreSQL or MySQL-level scalability for tens of thousands of requests per second isn't needed, but simplicity and speed are crucial.
• RESTful API and GraphQL API: Automatically generated APIs for all your data collections. You can immediately start interacting with the backend from your frontend using standard HTTP methods. GraphQL support is also available via plugins or custom logic.
• Authentication System: Built-in support for user authentication via email/password, OAuth2 providers (Google, GitHub, etc.), and anonymous users. Data access rights are managed through flexible rules.
• Admin Panel: A convenient and intuitive web interface for managing data collections, users, files, and settings. This allows for quick creation and modification of data structures without writing code.
• File Storage: Built-in capability for uploading and storing files, with support for both local disk and integration with S3-compatible storage.
• Realtime Subscriptions: WebSocket support for receiving real-time data updates, ideal for chats, notifications, or dynamic user interfaces.
• Single Binary File: The entire PocketBase is compiled into a single executable file, simplifying deployment and dependency management.
• Go Extensibility: For more complex scenarios, you can write custom logic in Go, extending PocketBase's functionality.

PocketBase Use Cases

Thanks to its features, PocketBase is ideal for a wide range of tasks:

• Prototypes and MVPs: Rapid backend creation for testing ideas when there's no time for complex infrastructure.
• Small to Medium Web Applications: Ideal for blogs, small e-commerce sites, corporate portals, landing pages with contact forms.
• Admin Panels and Internal Tools: Quick creation of internal tools for managing content, data, or users.
• Backend for Static Sites: Adding dynamic content, forms, and user data to sites built with static site generators (Next.js, Astro, Jekyll, etc.).
• Mobile Applications: Providing a ready-made API and authentication system for iOS and Android applications.
• Personal Projects: An excellent choice for hobby projects that require a reliable yet simple backend.

Why is a VPS the Best Choice for PocketBase?

Choosing a VPS (Virtual Private Server) for PocketBase deployment offers several undeniable advantages, especially for those seeking a balance between control, performance, and cost:

1. Full Control over the Environment: Unlike BaaS providers, which limit you with their rules and tools, on a VPS you get full root access. This allows you to install any software, configure the firewall, choose the operating system, and optimize all parameters to your needs. This is critically important for PocketBase self-hosted, where you want full control over your data and its processing.
2. Performance Optimization: You can choose the exact hardware resources (CPU, RAM, NVMe disk) that match your application's requirements. For PocketBase, which is very efficient, this means the ability to achieve excellent performance even on modest VPS configurations.
3. Cost-Effectiveness: For many projects, hosting PocketBase on a VPS is significantly cheaper than using commercial BaaS solutions, especially as the project grows and data volume or request count increases. You only pay for the resources allocated to you.
4. Data Security and Privacy: Your data is stored on your server, under your control. This is important for projects with high security requirements or regulatory compliance. You configure security measures, backups, and access yourself.
5. Scalability Flexibility: As your project grows, you can easily scale VPS resources by upgrading to more powerful plans or even dedicated servers if the load becomes extreme.
6. Integration with Other Services: On a VPS, you can easily install and configure other services alongside PocketBase, such as Redis for caching, MinIO for S3-compatible storage, or other monitoring and logging tools.

Deploying PocketBase on a server, particularly a VPS, gives developers the freedom, control, and cost savings necessary for successful project launch and growth.

System Requirements for PocketBase on a Server

PocketBase is designed with minimal resource consumption in mind, making it an ideal candidate for deployment even on the most modest VPS. However, like any application, it has certain system requirements that depend on the expected load.

Minimum Requirements (for development, prototypes, and very small projects)

• Processor (CPU): 1 vCore. PocketBase is very efficient, and for most tasks, a single core will suffice.
• RAM: 512 MB - 1 GB. PocketBase itself requires little memory, but the OS, Docker, and other background processes also consume RAM.
• Disk Space (Storage): 10 GB (NVMe SSD). NVMe drives significantly accelerate read/write operations, which is critical for an SQLite database. 10 GB will be sufficient for the OS, Docker, and initial data volume.
• Operating System: Any modern Linux distribution (Ubuntu 20.04+, Debian 11+).
• Network Bandwidth: 100 Mbps.

This configuration will be sufficient for testing, personal projects, or applications with very low traffic (up to 5-10 concurrent users).

Recommended Requirements (for small to medium production projects)

• Processor (CPU): 2 vCores. An additional core will provide better performance when handling multiple requests simultaneously and performing background tasks.
• RAM: 2 GB - 4 GB. For a production environment, where there might be tens or hundreds of concurrent requests, more RAM will help cache SQLite data and ensure stable operation.
• Disk Space (Storage): 50 GB - 100 GB (NVMe SSD). Increased disk space will provide room for data growth and file storage, and NVMe will remain key for performance.
• Operating System: Ubuntu 22.04 LTS or Debian 12. These distributions offer up-to-date software versions and long-term support.
• Network Bandwidth: 200 Mbps - 1 Gbps. For an active API and real-time updates, as well as file transfers, good bandwidth is essential.

This configuration is suitable for most startups, internal tools, and web applications with moderate load (up to 100-200 concurrent users).

Dependencies

• Docker: The recommended way to deploy PocketBase, as it provides isolation, ease of management, and portability.
• Docker Compose: For container orchestration, simplifies running and managing PocketBase with additional services (e.g., a reverse proxy).
• Reverse Proxy: Nginx or Caddy for handling HTTPS certificates, domain names, and load balancing. This is critically important for a production environment.

When choosing a VPS, always consider the anticipated peak load. It's better to choose a plan with a small reserve than to face performance issues at the start.

Preparing Your VPS for PocketBase Installation

Before proceeding with PocketBase installation, you need to perform a series of preparatory steps on your VPS. These steps will ensure the security, stability, and proper functioning of your future platform.

1. Connecting to Your VPS via SSH

First, you need to access the server. Use an SSH client (PuTTY for Windows, terminal for Linux/macOS) to connect to your VPS. You will need the server's IP address, username (usually root or a user created by the provider), and password/SSH key.

ssh user@your_vps_ip_address

If you are using the root user, it is recommended to create a new user with limited privileges for daily operations and set up SSH keys for secure login. More information on working with servers can be found in the article What is a Server and Dedicated Server: A Complete Guide for Beginners.

2. System Update

Always start by updating the package manager and installed packages to ensure you have the latest versions and security fixes.

sudo apt update
sudo apt upgrade -y

3. Firewall Configuration (UFW)

UFW (Uncomplicated Firewall) is an easy-to-use firewall for Linux. Its configuration is critically important for protecting your server from unauthorized access.

• Allow SSH:

sudo ufw allow OpenSSH

• Allow HTTP and HTTPS:

sudo ufw allow http
sudo ufw allow https

These ports (80 and 443) are necessary for accessing your PocketBase via a web browser after setting up a reverse proxy.

• Allow PocketBase port (optional, for testing without proxy only):

sudo ufw allow 8090/tcp

Port 8090 is the default port on which PocketBase listens for incoming connections. In a production environment, access to this port should be closed from the outside and only accessible to the reverse proxy.

• Enable firewall:

sudo ufw enable

Confirm the action by pressing y. Make sure you haven't blocked SSH access.

• Check firewall status:

sudo ufw status

4. Installing Docker

Docker is the foundation for our deployment. We will install it following the official documentation.

• Remove old Docker versions (if any):

for pkg in docker.io docker-doc docker-compose docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin; do sudo apt remove $pkg; done

• Install dependencies:

sudo apt install ca-certificates curl gnupg lsb-release -y

• Add Docker's official GPG key:

sudo mkdir -m 0755 -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

• Set up the Docker repository:

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

• Update package list and install Docker Engine:

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

• Add user to the docker group (to avoid using sudo):

sudo usermod -aG docker $USER
newgrp docker

Log out of your SSH session and reconnect for the changes to take effect.

• Verify Docker installation:

docker run hello-world

You should see the message "Hello from Docker!".

5. Installing Docker Compose

Docker Compose is usually installed with Docker Engine via a plugin. If for some reason it's not present, or you're using an older Docker version, it can be installed separately.

sudo apt install docker-compose-plugin -y

Check Docker Compose version:

docker compose version

Now your VPS is fully ready for deploying the PocketBase Docker container.

Installing PocketBase on a VPS using Docker Compose

Using Docker Compose for PocketBase installation is the most convenient and recommended method, as it allows easy configuration management, dependency handling, and ensures portability. We will use the official PocketBase image.

1. Creating a Working Directory

Create a directory for your PocketBase project. It will store Docker Compose configuration files and PocketBase data.

mkdir -p ~/pocketbase_app
cd ~/pocketbase_app

2. Creating the docker-compose.yml file

Inside this directory, create a file named docker-compose.yml. This file will describe how Docker should run PocketBase.

nano docker-compose.yml

Insert the following content:

version: '3.8'

services:
  pocketbase:
    image: ghcr.io/pocketbase/pocketbase:latest
    container_name: pocketbase
    restart: unless-stopped
    ports:
      - "8090:8090" # PocketBase listens on port 8090 by default
    volumes:
      - ./pb_data:/pb_data # Persist PocketBase data
      - ./pb_public:/pb_public # For static files, if needed
      - ./pb_migrations:/pb_migrations # For migrations, if needed
    environment:
      # Optional: you can configure environment variables for PocketBase
      # For example, for SMTP configuration to send emails
      # POCKETBASE_SMTP_HOST: smtp.example.com
      # POCKETBASE_SMTP_PORT: 587
      # POCKETBASE_SMTP_USERNAME: [email protected]
      # POCKETBASE_SMTP_PASSWORD: your_password
      # POCKETBASE_ADMIN_EMAIL: [email protected]
      # POCKETBASE_ADMIN_PASSWORD: your_strong_password
      # POCKETBASE_URL: https://yourdomain.com
    command: ["./pocketbase", "serve", "--http=0.0.0.0:8090"]

  # Optional: If you plan to use Nginx or Caddy
  # as a reverse proxy in a separate container,
  # you can add it here. But it's often run
  # on the host or in a separate docker-compose file.
  # Example for Nginx (commented out):
  # nginx:
  #   image: nginx:latest
  #   container_name: nginx_proxy
  #   restart: unless-stopped
  #   ports:
  #     - "80:80"
  #     - "443:443"
  #   volumes:
  #     - ./nginx/conf.d:/etc/nginx/conf.d
  #     - ./nginx/certbot/conf:/etc/letsencrypt
  #     - ./nginx/certbot/www:/var/www/certbot
  #   depends_on:
  #     - pocketbase

Let's break down the main parts of this file:

• version: '3.8': Specifies the Docker Compose syntax version.
• services:: Defines the services (containers) that will be run.
• pocketbase:: The name of our service.
  • image: ghcr.io/pocketbase/pocketbase:latest: Specifies to use the official PocketBase Docker image. :latest means the latest stable version.
  • container_name: pocketbase: Assigns a readable name to the container.
  • restart: unless-stopped: The container will automatically restart if it stopped (e.g., due to an error) or upon server reboot, unless you stopped it manually.
  • ports: - "8090:8090": Maps port 8090 of the container to port 8090 of the host machine. This will allow you to access PocketBase from outside. In a production environment, this port will only be accessible to the reverse proxy.
  • volumes:: Defines which directories from the host machine will be mounted inside the container.
    • ./pb_data:/pb_data: This is critically important. All PocketBase data (SQLite database, uploaded files) will be stored here. If you don't use a volume, data will be lost when the container is removed.
    • ./pb_public:/pb_public: For static files, if you want PocketBase to serve them.
    • ./pb_migrations:/pb_migrations: For storing database migrations.
  • environment:: Allows passing environment variables to the PocketBase container. This is useful for configuring SMTP, application URL, and other parameters.
  • command: ["./pocketbase", "serve", "--http=0.0.0.0:8090"]: Specifies the command PocketBase should execute on startup. 0.0.0.0 means PocketBase will listen on all available network interfaces.

3. Starting PocketBase

Save the file docker-compose.yml (Ctrl+X, Y, Enter). Now you can start PocketBase.

docker compose up -d

• up: Starts the services defined in docker-compose.yml.
• -d: Runs services in the background (detached mode).

Docker will download the PocketBase image (if not already local), create, and run the container. You can check the status of running containers:

docker ps

You should see a container named pocketbase with status Up.

4. Initial PocketBase Setup

After the container starts, PocketBase will be accessible at http://your_vps_ip_address:8090/_/ (note the /_/ at the end). Open this URL in your browser. You will be prompted to create the first administrator. Enter an email and a strong password. This will create an administrator account and initialize the database.

Now your PocketBase on VPS is up and running. The next step is to configure a reverse proxy and HTTPS for secure and convenient access.

Configuring Reverse Proxy and HTTPS for PocketBase

In a production environment, it is strongly discouraged to provide direct access to PocketBase on port 8090. Instead, a reverse proxy server should be used, which will accept all incoming requests on standard ports (80 for HTTP and 443 for HTTPS), forward them to PocketBase, and manage HTTPS certificates. This enhances security, allows the use of domain names, and simplifies scaling. In this section, we will cover Nginx and Caddy configuration.

Why is a Reverse Proxy Needed?

• HTTPS/SSL: A reverse proxy easily integrates with Let's Encrypt to automatically obtain and renew free SSL certificates, ensuring a secure encrypted connection.
• Domain Names: Allows you to link your PocketBase to a friendly domain name (e.g., api.yourdomain.com) instead of an IP address and port.
• Security: Hides the actual port on which PocketBase operates and can serve as the first line of defense, filtering out malicious requests.
• Load Balancing: In more complex scenarios, a reverse proxy can distribute requests among multiple PocketBase instances.
• Caching: Some proxies can cache static content, reducing the load on the backend.

Before starting, ensure that your domain or subdomain (e.g., pocketbase.yourdomain.com) points to your VPS's IP address.

Configuring Nginx as a Reverse Proxy

Nginx is one of the most popular and high-performance web servers and reverse proxies. We will use it to redirect traffic to PocketBase and manage HTTPS.

1. Installing Nginx

sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx

Check Nginx status:

sudo systemctl status nginx

2. Configuring Nginx for PocketBase

Create a new Nginx configuration file for your domain. Replace pocketbase.yourdomain.com with your actual domain.

sudo nano /etc/nginx/sites-available/pocketbase.conf

Insert the following content:

server {
    listen 80;
    server_name pocketbase.yourdomain.com; # Replace with your domain

    location / {
        proxy_pass http://localhost:8090; # PocketBase runs on port 8090
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # For WebSocket support (Realtime API)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Save the file.

3. Activating Nginx Configuration

Create a symbolic link to the configuration file from sites-available to sites-enabled and remove the default Nginx configuration.

sudo ln -s /etc/nginx/sites-available/pocketbase.conf /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default

Check Nginx configuration syntax:

sudo nginx -t

If there are no errors, restart Nginx:

sudo systemctl restart nginx

Now your PocketBase should be accessible via HTTP through your domain (http://pocketbase.yourdomain.com). The next step is to add HTTPS.

4. Configuring HTTPS with Certbot (Let's Encrypt)

Certbot automates the process of obtaining and installing free SSL certificates from Let's Encrypt.

• Install Certbot:

sudo apt install certbot python3-certbot-nginx -y

• Obtain and install certificate:

sudo certbot --nginx -d pocketbase.yourdomain.com

Follow the on-screen instructions. Certbot will automatically configure Nginx to use HTTPS and add a rule for automatic certificate renewal.

• Check automatic renewal:

sudo systemctl status certbot.timer

Now your PocketBase should be accessible via HTTPS: https://pocketbase.yourdomain.com.

Configuring Caddy as a Reverse Proxy

Caddy is a modern web server known for its simple configuration and automatic HTTPS support with Let's Encrypt. For many, it's a simpler solution than Nginx.

1. Installing Caddy

Follow the instructions from the official Caddy website for installation. For Debian/Ubuntu:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy -y

Start Caddy:

sudo systemctl enable caddy
sudo systemctl start caddy

2. Configuring Caddyfile for PocketBase

Caddy uses a Caddyfile for configuration. Open it for editing:

sudo nano /etc/caddy/Caddyfile

Remove existing content and insert the following, replacing pocketbase.yourdomain.com with your domain:

pocketbase.yourdomain.com {
    reverse_proxy localhost:8090 {
        # For WebSocket support (Realtime API)
        header_up Upgrade {http.request.header.Upgrade}
        header_up Connection {http.request.header.Connection}
    }

    # Optional: Increase file upload limits if needed
    # client_max_body_size 250M
}

Save the file.

3. Verify and Reload Caddy

sudo caddy validate --config /etc/caddy/Caddyfile
sudo systemctl reload caddy

Caddy will automatically obtain and install an SSL certificate for your domain. Now your PocketBase should be accessible via HTTPS: https://pocketbase.yourdomain.com.

You have successfully configured a reverse proxy and HTTPS for your PocketBase installation. This significantly enhances the security and usability of your application.

PocketBase Backups and Updates: Strategies and Automation

Backups and regular updates are the cornerstones of any production system. PocketBase, though simple, is no exception. Data loss can be catastrophic, and outdated software can contain vulnerabilities. Let's explore effective strategies to ensure the security and currency of your PocketBase self-hosted installation.

Backup Strategies

The main data components of PocketBase are the SQLite database file (usually pb_data/data.db) and the directory with uploaded files (pb_data/storage). The entire pb_data directory is critically important for backup.

1. Manual Backup (for small projects or before important changes)

Before a manual backup, it is recommended to stop PocketBase to ensure data integrity.

cd ~/pocketbase_app
docker compose stop pocketbase

Then simply copy the pb_data directory:

cp -R pb_data pb_data_backup_$(date +%Y%m%d%H%M%S)

After copying, you can start PocketBase again:

docker compose start pocketbase

This method is simple but not suitable for regular automated backups.

2. Automated Backup using Cron and Docker Volume

The best approach is to automate the process. We can use docker cp or simply copy data from the mounted volume.

Creating a Backup Script

Create a backup script (e.g., ~/pocketbase_app/backup.sh):

nano ~/pocketbase_app/backup.sh

Insert the following content:

#!/bin/bash

# Path to PocketBase directory on the host
PB_APP_DIR="/root/pocketbase_app" # Specify your path
PB_DATA_DIR="${PB_APP_DIR}/pb_data"
BACKUP_DIR="${PB_APP_DIR}/backups"
TIMESTAMP=$(date +%Y%m%d%H%M%S)
BACKUP_FILE="${BACKUP_DIR}/pocketbase_backup_${TIMESTAMP}.tar.gz"
LOG_FILE="${BACKUP_DIR}/backup.log"

# Create backup directory if it doesn't exist
mkdir -p "$BACKUP_DIR"

echo "[$TIMESTAMP] Starting PocketBase backup..." | tee -a "$LOG_FILE"

# Optional: Stop PocketBase to ensure consistency (recommended)
# If you don't want to stop, ensure PocketBase correctly handles SQLite reads
# during writes (WAL mode is enabled by default).
# docker compose -f "${PB_APP_DIR}/docker-compose.yml" stop pocketbase
# echo "[$TIMESTAMP] PocketBase container stopped." | tee -a "$LOG_FILE"

# Create an archive of the pb_data directory
if tar -czf "$BACKUP_FILE" -C "$PB_DATA_DIR" .; then
    echo "[$TIMESTAMP] Backup created: $BACKUP_FILE" | tee -a "$LOG_FILE"
else
    echo "[$TIMESTAMP] ERROR: Failed to create backup." | tee -a "$LOG_FILE"
    exit 1
fi

# Optional: Start PocketBase again
# docker compose -f "${PB_APP_DIR}/docker-compose.yml" start pocketbase
# echo "[$TIMESTAMP] PocketBase container started." | tee -a "$LOG_FILE"

# Delete old backups (e.g., older than 7 days)
find "$BACKUP_DIR" -name "pocketbase_backup_*.tar.gz" -mtime +7 -delete
echo "[$TIMESTAMP] Old backups deleted." | tee -a "$LOG_FILE"

echo "[$TIMESTAMP] PocketBase backup finished." | tee -a "$LOG_FILE"

Make the script executable:

chmod +x ~/pocketbase_app/backup.sh

Configuring Cron for Automated Execution

Add a task to Cron for daily script execution (e.g., at 3 AM).

crontab -e

Add the following line to the end of the file:

0 3 * * * /root/pocketbase_app/backup.sh >> /root/pocketbase_app/backups/cron.log 2>&1

This will run the script every day at 03:00. Execution logs will be written to cron.log.

3. Remote Backup Storage

Storing backups on the same server as the original data is risky. If the server is lost, you will lose both data and backups. It is recommended to send backups to remote storage:

• S3-compatible storage: Use aws s3 cp or rclone to send archives to cloud storage (e.g., AWS S3, DigitalOcean Spaces, Backblaze B2).
• SCP/SFTP: Copying backups to another server or NAS via a secure protocol.

Integrate these commands into your backup.sh script after creating the archive.

PocketBase Update Process

Updating PocketBase via Docker Compose is a simple process, but always start with a backup!

1. Perform a Backup

Before any update, always perform a full data backup. This is your insurance.

cd ~/pocketbase_app
./backup.sh # If you have a script, or manually

2. Updating the Docker Image

Stop the current PocketBase container, pull the new image, and start it again.

cd ~/pocketbase_app
docker compose stop pocketbase
docker compose pull pocketbase # Downloads the latest version of the image
docker compose up -d pocketbase

The command docker compose pull pocketbase will download the latest version of the PocketBase image. Then docker compose up -d pocketbase will start the container with the new image, preserving all your data (thanks to the mounted pb_data volume). PocketBase will automatically perform necessary database migrations on the first run of the new version.

3. Verify the Update

After startup, ensure that PocketBase is working correctly and check the version in the admin panel.

Regular backups and timely updates are the key to the stability and security of your PocketBase on the server.

Which VPS to Choose for PocketBase: Configurations for Real-World Load

Choosing the right VPS for PocketBase depends on many factors, including the number of concurrent users, data volume, read/write operation intensity, use of real-time features, and the presence of additional services. Since PocketBase is very efficient, you can often get by with more modest resources than for traditional backends.

Factors Influencing VPS Choice

• Number of Concurrent Users: The more users actively interact with your application, the more CPU and RAM will be required to process requests.
• Data Volume and Complexity: Large volumes of data in SQLite and complex queries may require more RAM for caching and a higher-performance disk.
• File Storage Usage: If your application actively uploads and serves files, this will increase the load on the disk and network channel.
• Realtime Subscription Intensity: A large number of active WebSocket connections can consume more RAM and CPU.
• Number of API Requests: High request frequency requires more CPU time.
• Server Location: Choose a VPS located geographically close to your primary audience to minimize latency.

Table of Recommended VPS Configurations

Below is a table with approximate VPS configurations for various load scenarios. Prices are indicative and can vary significantly depending on the provider and region. Valebyte.com offers various tariff plans that may suit these requirements.

Load	CPU (vCores)	RAM (GB)	Disk (NVMe GB)	Bandwidth	Approx. Price ($/month)
Development/Prototype (1-5 users)	1	1	25	100 Mbps	5-10
Small Project (10-50 active users)	2	2	50	200 Mbps	10-25
Medium Project (50-200 active users)	2-4	4-8	100-200	500 Mbps - 1 Gbps	25-60
High-Load (200+ active users)	4-8+	8-16+	200-500+	1 Gbps+	60+

Additional VPS Selection Recommendations

• Disk Type: Always choose a VPS with NVMe SSD. Read/write speed is critically important for SQLite, especially with active database and file operations. The performance difference compared to regular SSDs or HDDs is huge.
• KVM Virtualization: It is preferable to choose a VPS with KVM virtualization, as it provides better isolation and performance compared to OpenVZ. You can learn more about this in the article KVM VPS vs OpenVZ VPS in 2026: Still Relevant.
• Self-managed VPS: Since PocketBase is a self-hosted solution, you will likely manage the server yourself. Choosing a self-managed VPS will save costs but requires basic Linux administration skills. For those in doubt, it's worth reviewing the differences: Self-managed vs Managed VPS in 2026: What to Choose.
• Monitoring: After deployment, set up monitoring for your VPS (CPU, RAM, disk, network) and PocketBase itself. This will help identify bottlenecks and scale resources in a timely manner.
• Scaling: If your project grows to very high loads, it might be worth considering a transition to a dedicated server for maximum performance and control.

Starting with minimal configurations, you can gradually increase resources as your project grows, optimizing your hosting costs. The flexibility of a VPS allows this to be done seamlessly.

Security and Optimization for PocketBase Self-Hosted

Deploying PocketBase self-hosted on a VPS grants full control but also imposes responsibility for security and performance. Proper configurations and practices will help protect your application and ensure its stable operation.

Server Security Recommendations

1. SSH Keys Instead of Passwords: Always use SSH keys for server access and disable password authentication for the root user. This significantly enhances security.
2. Non-root User: Create a separate user with limited privileges for daily operations and use sudo only when necessary.
3. Firewall (UFW): Ensure the firewall is correctly configured and only necessary ports are open (22 for SSH, 80/443 for HTTP/HTTPS). PocketBase port 8090 should only be accessible from within the server (for the reverse proxy).
4. Regular OS Updates: Keep the operating system and all installed software up to date by regularly running sudo apt update && sudo apt upgrade.
5. Fail2Ban: Install and configure Fail2Ban to protect against brute-force attacks on SSH and other services.
6. Strong Passwords: Use strong, unique passwords for all accounts, especially for the PocketBase administrator.

PocketBase-Specific Security Settings

1. Admin UI Access: Ensure that the PocketBase Admin UI is accessible only via HTTPS and, if possible, restrict access to it by IP addresses if your team works from fixed locations.
2. API Rules: In the PocketBase admin panel, carefully configure access rules for each collection. Define who can read, write, update, and delete records (e.g., only authorized users, only administrators, or publicly). This is critically important to prevent unauthorized data access.
3. CORS (Cross-Origin Resource Sharing): Configure correct CORS headers to allow access to your API only from trusted domains (your frontend application). This can be done via PocketBase environment variables or at the reverse proxy level.
4. Rate Limiting: Use the capabilities of your reverse proxy (Nginx or Caddy) to limit the number of requests from a single IP address per unit of time. This will help protect against DDoS and brute-force attacks.

   Example for Nginx:

   http {
               limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s; # 10 requests per second
   
               server {
                   # ...
                   location /api/ {
                       limit_req zone=one burst=20 nodelay;
                       # ...
                   }
               }
           }
           

5. Secret Keys: If you use any secret keys or API tokens in PocketBase environment variables, ensure they are securely stored and not exposed publicly.

PocketBase Performance Optimization

• SQLite PRAGMAs: PocketBase defaults to WAL (Write-Ahead Logging) mode for SQLite, which significantly boosts performance during concurrent read/write operations. Additional optimizations can be made using PRAGMA commands, but this is usually not required.
• Database Indexes: Ensure that indexes are created for frequently used fields in your collections. This will significantly speed up database queries. PocketBase allows managing indexes through the Admin UI.
• Efficient API Requests: Optimize your frontend's requests to the PocketBase API. Use server-side filtering, sorting, and pagination to minimize the amount of data transferred.
• Caching: For high-load API endpoints that return rarely changing data, consider client-side caching or using a reverse proxy. PocketBase itself is very fast, so caching might be unnecessary for most cases.
• Image and File Optimization: If your application actively works with images, use services to optimize and compress them before uploading to reduce data volume and speed up loading.

By adhering to these recommendations, you will ensure not only the security but also the high performance of your PocketBase on the server, allowing it to efficiently serve your application.

Conclusion

PocketBase represents an outstanding solution for developers who need speed, simplicity, and full control over their backend. Deployed on a VPS, it becomes a powerful, economical, and flexible tool for creating a wide range of applications, from prototypes to full-fledged production services. By following the step-by-step instructions for installing PocketBase via Docker Compose, configuring secure access with a reverse proxy and HTTPS, and implementing backup and update strategies, you gain a reliable and easily manageable platform.

For optimal PocketBase performance, it is recommended to choose a VPS with NVMe drives and sufficient RAM, based on the expected load. Providers like Valebyte.com offer a wide selection of VPS configurations that are ideally suited for PocketBase deployment, ensuring the performance and reliability your project needs.