Typesense on an Ubuntu Server with Let’s Encrypt SSL Setup

Set up server

First, set up your server at your favorite cloud provider of choise. Evt. Set up SSH keys, instead of root password authentication

Install Typesense

At the moment of writing, these are the install steps:

# x64
curl -O https://dl.typesense.org/releases/0.25.2/typesense-server-0.25.2-amd64.deb
sudo apt install ./typesense-server-0.25.2-amd64.deb

# arm64
curl -O https://dl.typesense.org/releases/0.25.2/typesense-server-0.25.2-arm64.deb
sudo apt install ./typesense-server-0.25.2-arm64.deb

# Start Typesense
sudo systemctl start typesense-server.service

You can find the most up-to-date steps here: https://typesense.org/docs/guide/install-typesense.html#deb-package-on-ubuntu-debian .

Link a domain via DNS to to IP of your server

Link to your domain via a DNS A record:

A yoursearchdomain.com IPOFYOURSERVER

Going live without an SSL certificate

You can get your API key from the file: /etc/typesense/typesense-server.ini . If necessary, you can adjust this key.

If you were to install Typesense in Laravel Scout, PHP, or another provider, it could already work now. When you use these variables in .env of in scout.php:

TYPESENSE_HOST=yoursearchdomain.com // or IPOFYOURSERVER

For example when you try Laravel Scout to import data it should work.

But, to make it more secure, it is better to use SSL to protect the data.

Install SSL with Certbot

At the moment, run:

sudo snap install core; sudo snap refresh core

# if you ran certbot before, uninstall it first (be aware of the fact that previous SSL certificates might go offline)
# sudo apt remove certbot

# enable port 443 if firewall is active
sudo ufw allow 443

# it could be that port 80 is also required for certbot
sudo ufw allow 80

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Thanks to Digital Ocean for the guide for installing Certbot in classic mode.

You will receive the certificate files as an output. For example:

Successfully received certificate.

Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/yourdomain.com/privkey.pem


Edit this file: /etc/typesense/typesense-server.ini and add the certificate locations:


Change the following variable

api-port = 8108


api-port = 443

Go to: https://yourdomain.com/health

It should display:


Set up Firewall

Try sudo ufw status. Probably it’s open for all traffic. Make sure that only a few ports are available, probably 443 and your ssh port (probably port 22) and if ufw is not enabled:

sudo ufw allow 443
sudo ufw allow 22 # or any other ssh port

Make sure that these ports are correct, it can disable access to your complete VPS / server. After that, enable the Firewall:

sudo ufw enable

Set up Typesense configuration file:

Select the latest Typesense version by the way, when setting up the server configuration. You can add extra parameters at the file: /etc/typesense/typesense-server.ini .


Set up CORS

You can also set up cors-domains, so that javascript calls are only allowed from certain domains in /etc/typesense/typesense-server.ini :


Optional: create a regular backup

For example, you can create a snapshot every day and create a backup with tarsnap and acts.

Make a shell file named, make-snapshot.sh. Replace the variables and insert the URL (and port) of your Typesense instance and choose the right snapshot path.

curl "http://localhost:8108/operations/snapshot?snapshot_path=/tmp/typesense-data-snapshot" -X POST \
-H "Content-Type: application/json" \

Make sure that it’s chmodded correctly.

Then make sure that the contents of this directory is backed up frequency

More info at: https://typesense.org/docs/guide/backups.html .

Optional: Install a monitoring server or hosting package for monitoring the server

We just launched an own simple package, called PHPTypesenseAdmin, which monitors your newly created instance via a simple web interface on PHP.

PHPTypesenseAdmin Dashboard

More useful guides:

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top