CloudBeaver Web Database Manager on AWS User Guide
CloudBeaver Web Database Manager on AWS
CloudBeaver CE is a web-based database manager - a browser edition of the popular DBeaver desktop tool - that lets you connect to, browse and query PostgreSQL, MySQL, MariaDB, SQLite and many other databases entirely from a web browser. This cloudimg image ships CloudBeaver CE fully installed and running behind an nginx reverse proxy, with a unique admin account generated on the first boot of your instance.
- Application: CloudBeaver CE 26.1.2 (
dbeaver/cloudbeaver, Apache-2.0) - Served on: port 80 (nginx reverse proxy) -> CloudBeaver on loopback
127.0.0.1:8978 - Admin user:
cbadmin, with a per-instance password generated on first boot - Data disk: the CloudBeaver workspace lives on a dedicated EBS volume at
/var/lib/cloudbeaver
Architecture
client --:80 nginx--> 127.0.0.1:8978 CloudBeaver CE (container) --> your databases
CloudBeaver runs as a Docker container bound to the loopback interface; nginx fronts it on
port 80 and forwards the WebSocket upgrade that the SQL editor and result streaming need. An
unauthenticated health endpoint is served at /healthz for load-balancer and uptime checks.
The CloudBeaver workspace - server configuration, user accounts, saved connections and query
history - is stored under /var/lib/cloudbeaver, a dedicated, independently resizable EBS
volume, separate from the operating system disk.
Connecting to your instance
Connect over SSH on port 22 as the default login user for your operating system variant, using the EC2 key pair you selected at launch:
| OS variant | SSH login user | Example |
|---|---|---|
| Ubuntu 24.04 | ubuntu |
ssh -i your-key.pem ubuntu@<instance-public-ip> |
The instance security group opens ports 22 (SSH), 80 (HTTP) and 443 (reserved for HTTPS).
Step 1 - Retrieve the generated admin password
On first boot a one-shot service completes CloudBeaver's initial server configuration,
creates the cbadmin administrator with a password unique to your instance, and records it
in a root-only file. Read it over SSH:
sudo cat /root/cloudbeaver-credentials.txt
# CloudBeaver CE - generated on first boot by cloudbeaver-firstboot.service
# These credentials are unique to this VM. Store them somewhere safe.
CLOUDBEAVER_URL=http://<instance-public-ip>/
CLOUDBEAVER_USERNAME=cbadmin
CLOUDBEAVER_PASSWORD=<generated-password>
You can confirm the application stack is healthy at any time:
sudo docker ps
NAMES IMAGE STATUS
cloudbeaver dbeaver/cloudbeaver:26.1.2 Up 23 minutes
systemctl is-active docker nginx
curl -s http://127.0.0.1/healthz
active
active
ok
Step 2 - Sign in to CloudBeaver
Open http://<instance-public-ip>/ in your browser. Anonymous access is disabled on this
image, so CloudBeaver presents the sign-in dialog. Enter the user name cbadmin and the
password from the credentials file.

Step 3 - Add a database connection
Click New Connection and choose your database driver (PostgreSQL, MySQL, MariaDB, SQLite and many more are bundled). CloudBeaver connects out to your database over the standard driver - there is no inbound database port to open on this instance.

Enter the host, port, database name and credentials for your database, then use Test to verify connectivity and Create to save the connection. It appears in the navigator on the left.
Step 4 - Run SQL in the editor
With a connection selected, open the SQL editor, write a query and run it with Ctrl+Enter. Results appear in a filterable, sortable data grid below the editor, with export options.

Step 5 - Browse the database navigator
Expand your connection in the navigator to explore databases, schemas, tables, views, columns, indexes and other objects. Double-click a table to inspect and edit its data.

Where things live
| Item | Location |
|---|---|
| CloudBeaver container | sudo docker ps (name cloudbeaver) |
| Reverse proxy | systemctl status nginx (port 80) |
| CloudBeaver app port | 127.0.0.1:8978 (loopback only) |
| Workspace / data disk | /var/lib/cloudbeaver (dedicated EBS volume) |
| Admin credentials | /root/cloudbeaver-credentials.txt (root-only, 0600) |
| Health endpoint | http://<instance-public-ip>/healthz |
Enabling HTTPS (recommended for production)
The image serves plain HTTP on port 80. For production, put CloudBeaver behind TLS - either terminate HTTPS at an AWS Application Load Balancer with an ACM certificate, or install a certificate directly in nginx (for example with certbot for your domain). Port 443 is already open in the security group.
Support
24/7 technical support is available from cloudimg by email and chat. We can help with deployment, HTTPS and reverse-proxy configuration, connecting to your databases, driver and access-control configuration, storage and upgrade planning.
All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.