DEV Community

Cover image for self-host a Streamlit app' on a Ubuntu server

Posted on • Updated on • Originally published at

self-host a Streamlit app' on a Ubuntu server

Building up on an excellent AI Makerspace video about Langgraph, I've decided to follow their build-ship-share mentality and to put the whole thing in a deployed UI over the web.

I've been hearing a lot about Streamlit and how you can easily spin up little POCs (and sometimes bigger things with it): I was not disappointed. However, if you need to deploy your app on a Ubuntu server, the docs are not very talkative about it and all you get from the official website is some links to various unstructured answers in their forum...

So I've taken a shot at it, so you won't waste much time as I did, the example repo is linked here. The application UI in itself is not very interesting, as I was just toying around with this part of Streamlit docs; I want to emphasize in this article on deployment and not on the logic of this app.

(Note: all the listed steps, whether locally or on the remote, were executed on a Ubuntu 24 system)

run a streamlit app on Ubuntu 24: initial setup

My app (see link above) was as agentic-rag-demo, so naturally I've created an agentic-rag-demo folder on my remote server home folder.

copy the repo from my machine to the remote server

From the beginning, my goal was to deploy the app automatically as I make changes to it; however, I found it way more practical to deploy it manually the first time, so that I can rest assured everything works fine before letting the CI/CD take care of the updates, e.g.:

scp -r <repo> <user>@<remote-server-ip>:/home/<remote-user>/agentic-rag-demo (replace <repo><user><remote-server-ip>, and <remote-user> with the appropriate values...

The above command copies the repo I had locally into the remote server using scp.

nginx configuration

install system deps

  • back to your remote server from there on: sudo apt update && sudo apt upgrade -y
  • sudo apt install nginx
  • sudo apt install apache2-utils (this package is useful for basic auth, as you will see later)

folders and permissions

  • sudo mkdir -p /var/www/<domain> (replace <domain> with your domain or subdomain)
  • sudo chown -R www-data:www-data /var/www/<domain>
  • sudo chmod -R 755 /var/www/<domain>

a note on basic auth in my use-case

As my app uses an OpenAI API key that is stored in the Python env (and I don't know yet how to implement a login functionality in Streamlit), I've opted for simplicity: put the application behind Basic auth, so that the whole Internet does not suck up my OpenAI credits 😁

  • sudo htpasswd -c /etc/nginx/.htpasswd demo (demo is the username, you will be prompted to enter a password)

The command above creates a user/password pair that I will be able to use later in my nginx conf to restrict access to my website.

now onto the website conf

  • sudo nano /etc/nginx/sites-available/<domain>.conf
  • write this content into the file =>
server {
    listen 80;
    listen [::]:80;

    root /var/www/<domain>;
    index index.html;

    server_name <domain>;

    location / {
        auth_basic "demo app request password @ <email>";
        auth_basic_user_file /etc/nginx/.htpasswd;

        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;

Enter fullscreen mode Exit fullscreen mode

This configuration allows to access your Streamlit app running locally on port 8501 via Nginx, the http_upgrade conf here is for allowing websockets, as Streamlit relies heavily on them.

  • sudo ln -s /etc/nginx/sites-available/<domain>.conf /etc/nginx/sites-enabled/ (enabling the site)
  • sudo nginx -t (testing the syntax)
  • sudo systemctl reload nginx

wait... what about the domain? 🌎

You'll need to configure an A record in your DNS settings to point to your server's IP address for your domain or subdomain. There are plenty of resources on the Internet to help you just do that.

Before moving on, just make sure DNS is propagated. You can use a free DNS checker tool for this.

the Python part

You'll need to:

  • install your Python dependencies
  • start the app

For the app to be served... makes sense right?

  • cd agentic-rag-demo
  • pip install -r requirements.txt
  • streamlit run (of course your script may have a different name)
  • at this point, you should be able to see the dummy content when you navigate to your domain or subdomain on plain HTTP


This one is easy, just go to the official certbot website and follow the instructions, they are crystal clear.

Running the Streamlit app as a Ubuntu service

Now we want to create a service for the app to run in the background, this helps us:

  • manage crashes
  • start the app on boot
  • release the terminal when we start the app from our CI/CD pipeline
  • provide us with an easy way of stopping the app in the same CI/CD pipeline before updating it

One particularity here is that we will create a user systemd service, which does not require sudo privileges, this is way easier to handle in CI/CD pipelines, as we will not have to connect as root to stop the app, update it, and relaunch it. Here is how to do it:

  • mkdir -p ~/.config/systemd/user
  • nano ~/.config/systemd/user/agentic-rag.service
  • write the following content:
Description=a service for the agentic rag demo  

ExecStart=/usr/bin/python3 -m streamlit run /home/<remote-user>/agentic-rag-demo/  

Enter fullscreen mode Exit fullscreen mode

... don't forget to replace the placeholders with the appropriate values.

  • now we need our service to be stoppable/start-able from our CI/CD pipeline with our regular user so, for the sake of testing, let's do =>
systemctl --user daemon-reload

systemctl --user enable --now agentic-rag.service

systemctl --user start agentic-rag.service

systemctl --user status agentic-rag.service
Enter fullscreen mode Exit fullscreen mode
  • to stop the service => systemctl --user stop agentic-rag.service , as you can see we never needed sudo !
  • we are now ready to let the CI/CD pipeline do its magic 🚀

the GitHub Actions workflow

To be able to use this workflow, you will need to fill in a few repository secrets.

Things are always cooler when deployed automatically, here is my commented pipeline:

name: cicd  

      branches: [master]  


    runs-on: ubuntu-latest  
    - name: actions/checkout@v4  
      uses: actions/checkout@v4  
    - name: start-app  
      uses: appleboy/ssh-action@v1.0.3  
        host: ${{ secrets.SSH_HOST }}  
        key: ${{ secrets.SSH_PRIV_KEY }}  
        port: ${{ secrets.SSH_PORT }}  
        username: ${{ secrets.SSH_USERNAME }}  
        script_stop: true  
        script: |  
              cd ~/agentic-rag-demo
              # we stop the app before copying the files to update it  
              systemctl --user stop agentic-rag.service  
    - name: copy-files  
      uses: appleboy/scp-action@v0.1.7  
        host: ${{ secrets.SSH_HOST }}  
        key: ${{ secrets.SSH_PRIV_KEY }}  
        port: ${{ secrets.SSH_PORT }}  
        username: ${{ secrets.SSH_USERNAME }}  
        source: "./*"  
        target: /home/${{ secrets.SSH_USERNAME }}/agentic-rag-demo  
    - name: deploy-app  
      uses: appleboy/ssh-action@v1.0.3  
        OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}  
        host: ${{ secrets.SSH_HOST }}  
        key: ${{ secrets.SSH_PRIV_KEY }}  
        port: ${{ secrets.SSH_PORT }}  
        username: ${{ secrets.SSH_USERNAME }}  
        script_stop: true  
        envs: OPENAI_API_KEY  
        script: |  
              cd ~/agentic-rag-demo
              # this one below I'm not proud of, I was just lazy to use a virtual env
              python3 -m pip install --break-system-packages -r requirements.txt  
              cp .env.example .env  
              > .env  
              echo "OPENAI_API_KEY=${OPENAI_API_KEY}" >> .env  
              mv .streamlit/config.remote.toml .streamlit/config.toml  
              systemctl --user start agentic-rag.service
Enter fullscreen mode Exit fullscreen mode

wrapping it up

Now you know how to self-host a Streamlit app, spin applications up and keep them coming!

Top comments (0)