Memos on AWS User Guide
Memos on AWS
This image delivers Memos 0.29, the popular open source self-hosted lightweight note and memo hub, fully installed and reverse-proxied with nginx. Memos is a fast personal knowledge base for capturing quick notes, tasks and thoughts in Markdown, organised with tags and surfaced through a memo timeline and an explore view.
The Memos server is a single self-contained Go binary with an embedded SQLite datastore and a bundled web frontend. It runs under systemd, listening on the loopback interface, with nginx in front on port 80 (and 443 once you add TLS). The database and uploads live on a dedicated, independently-resizable EBS data volume mounted at /var/lib/memos, separate from the operating system disk.
Secure by default - you create the host account
Memos has no default administrator, and this image does not bake one in. The AMI ships at Memos' built-in first-run sign-up form. The very first time you browse to your instance you create your own host (administrator) account with your own username and password - the form even tells you "You are registering as the Site Host." No shared credentials, and no database rows, ship in the image - every instance starts as a clean slate that only you secure.
Connecting to your instance
Connect over SSH on port 22 using the default login user for your operating system variant and the EC2 key pair you launched with.
| OS variant | SSH login user | Example |
|---|---|---|
| Ubuntu 24.04 | ubuntu |
ssh -i your-key.pem ubuntu@<instance-public-ip> |
Replace <instance-public-ip> with your instance's public IPv4 address (or its private address if you reach it over a VPN or Direct Connect).
First visit - create your host account
Open Memos in your browser:
http://<instance-public-ip>/
You are taken to the Create your account sign-up form. Enter a username, choose a strong password and click Sign up. Because the database is empty, this first account is automatically the Site Host (administrator).
That single step secures your instance. You are signed straight in, and the sign-up form will never appear again for this instance - subsequent visits show the sign-in page.
Enable HTTPS before exposing the instance to the public internet (see the TLS section below). Until then, treat the password you set here as you would any credential sent over plain HTTP.
Capturing memos
From the home timeline, type into the editor at the top - Memos uses Markdown, so headings, bold, lists and task checklists all render. Add #tags inline to organise your notes; tags appear in the left sidebar for quick filtering. Set each memo's visibility (Private, Protected or Public) and click Save.
Your memos appear in a reverse-chronological timeline with a calendar heat-map and a tag list in the sidebar. Use the search box to find memos by content, and the Explore view to browse memos you have marked Public.
Workspace settings
Open Settings from the user menu to manage your account, preferences, members, storage, notifications, SSO, webhooks and access tokens. The My Account page is where you change your password and create personal access tokens for the Memos API; the Admin sections let the Site Host tune the workspace.
Managing the services
Memos runs as two systemd units - the Go server and nginx:
systemctl status memos nginx
The Memos server listens only on the loopback interface; nginx is the only service bound to a public port:
ss -tlnp | grep -E ':80 |:5230 '
LISTEN 0 4096 127.0.0.1:5230 0.0.0.0:* users:(("memos",...))
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",...))
A health endpoint is served (and proxied by nginx) for monitoring:
curl -s -o /dev/null -w '%{http_code}\n' http://localhost/healthz
200
The data volume
Memos' SQLite database (memos_prod.db), uploads and resources live on a dedicated EBS volume mounted at /var/lib/memos, which is independently resizable and kept separate from the OS disk:
df -h /var/lib/memos
Filesystem Size Used Avail Use% Mounted on
/dev/nvme1n1 30G ... ...% /var/lib/memos
The volume is mounted by its filesystem UUID in /etc/fstab, so the mount is stable across reboots and instance re-launches. To grow it, resize the EBS volume in the AWS console, then run sudo resize2fs /dev/nvme1n1 (substitute the device shown by lsblk). Back up /var/lib/memos (or snapshot the EBS volume) to protect your notes.
Enabling HTTPS with Let's Encrypt
For production use, terminate TLS at nginx. Point a DNS A record at the instance's public IP, then install certbot:
sudo apt-get update
sudo apt-get install -y certbot python3-certbot-nginx
Run certbot interactively and follow its prompts (it edits the nginx site for you). Replace the placeholders with your own domain and email:
sudo certbot --nginx -d your-domain.example.com -m you@example.com --agree-tos
certbot configures the HTTPS server block and sets up automatic renewal. After it completes, Memos is available at https://your-domain.example.com/. Make sure your security group allows inbound TCP 443. For the cleanest links, also set the Instance URL in Memos workspace settings to your HTTPS address.
Upgrading Memos
Memos is installed as a single Go binary at /usr/local/bin/memos. To upgrade within the 0.x line, download the new release's memos_<version>_linux_amd64.tar.gz from the official GitHub releases, replace the binary and restart the service. Always snapshot the data volume first, as the schema migrates on start. cloudimg support can assist with planning and performing upgrades.
Support
This Amazon Machine Image is provided by cloudimg with 24/7 technical support covering deployment, upgrades, integrations, TLS termination and database administration. Contact us through your AWS Marketplace seller support channel.
Memos is a trademark of its respective owner. All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.