Applications Azure

Teable on Ubuntu 24.04 on Azure User Guide

| Product: Teable on Ubuntu 24.04 LTS on Azure

Overview

Teable is an open source no code database and a self hosted alternative to Airtable. It turns a real PostgreSQL database into a friendly spreadsheet like interface, organising your data into spaces, bases and tables that you edit in grid, kanban, gallery, form and calendar views, with formulas, links, rollups, filtering, grouping and a full REST API. The cloudimg image runs Teable the officially supported way, as the upstream container alongside a bundled PostgreSQL and Redis, orchestrated by Docker Compose under systemd and fronted by nginx. Every image is pinned by digest and captured into the VM, so your instance starts in seconds. A unique JWT secret, session signing secret, access token encryption key, database password and cache password are generated for each VM on first boot, before the port is reachable a unique owner administrator is pre seeded so nobody can claim the admin role before you sign in, and public sign up is disabled in the application and blocked at the reverse proxy. Backed by 24/7 cloudimg support.

Teable is a trademark of its respective owner. This image is produced by cloudimg and is not affiliated with, endorsed by, or sponsored by Teable. It ships the free and open source AGPL 3.0 self hosted core, unmodified.

The Teable grid view of a Tasks table with Name, Count and Status columns and coloured status tags in the authenticated app

What is included:

  • Teable (the AGPL 3.0 self hosted open source core), pinned by image digest
  • A bundled PostgreSQL database and a bundled Redis, both pinned by image digest and reachable only inside a private Docker network (never published to a host port)
  • Docker Engine (Docker CE) with Teable published to the loopback interface only, fronted by nginx on port 80
  • teable.service, teable-firstboot.service and nginx.service as systemd units, enabled and active on boot
  • A unique JWT secret, session signing secret, access token encryption key and initialisation vector, database password, cache password and a pre seeded owner administrator generated per VM on first boot, never baked into the image
  • Public sign up disabled in the application and blocked at the reverse proxy, so no one can self register on your instance
  • A clean, empty database on first boot: no default account, no shipped secret, no prior data
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; increase the size for larger workspaces and heavier usage. NSG inbound: allow 22/tcp from your management network and 80/tcp (and 443/tcp once you add TLS) for the web interface. Teable serves plain HTTP on port 80; for production, put it behind TLS with your own domain (see the final section).

Step 1 - Deploy from the Azure Marketplace

  1. In the Azure portal, choose Create a resource and search the Marketplace for the cloudimg Teable offer.
  2. Select the plan, then Create.
  3. On the Basics tab pick your subscription, resource group and region, name the VM, and select Standard_B2s (or larger).
  4. Choose SSH public key authentication with admin username azureuser and provide your public key.
  5. On the Networking tab, allow inbound 22/tcp from your management network and 80/tcp for the web interface.
  6. Review and create. When the VM is running, note its public IP address.

Step 2 - Deploy from the Azure CLI

The image is also available from the Azure CLI. This creates the VM and opens the web port in one place:

az vm create \
  --resource-group my-teable-rg \
  --name teable \
  --image cloudimg:teable:default:latest \
  --size Standard_B2s \
  --admin-username azureuser \
  --generate-ssh-keys \
  --public-ip-sku Standard
az vm open-port --resource-group my-teable-rg --name teable --port 80 --priority 900

Step 3 - Connect to your VM

Replace <vm-ip> with your VM's public IP address:

ssh azureuser@<vm-ip>

Step 4 - Confirm the services are running

Teable, its bundled PostgreSQL and Redis, and nginx all come up automatically on first boot. Confirm they are active:

sudo systemctl is-active docker teable nginx

Expected output:

active
active
active

The stack runs as three containers on a private Docker network. PostgreSQL and Redis are never published to a host port; only Teable is published, and only to the loopback interface, with nginx in front on port 80.

systemctl reporting docker, teable and nginx active, and the three containers running under Docker Compose

Step 5 - Secure by default: the admin is pre seeded and sign up is disabled

In self hosted Teable the very first account that signs up becomes the administrator. On a public server that is a risk: whoever registers first would own your instance. The cloudimg image closes this. On first boot, before the port is reachable, a unique owner administrator is created with a per VM password, so the administrator role is already claimed. Public sign up is then disabled in the application and, as a second layer, blocked at the reverse proxy, so no attacker can self register at all. The JWT and session secrets are unique per VM, so sessions cannot be forged.

You can see the whole posture at a glance. Public sign up is refused, a blank or wrong password is rejected, and only the per VM administrator is accepted:

Public sign up returns HTTP 403, a blank password returns 401, a wrong password returns 400, and the per VM admin sign in returns HTTP 200

Read your unique credentials (they are written to a root only file):

sudo cat /root/teable-credentials.txt

The file holds the application URL, the administrator email and the per VM administrator password. Keep it safe.

The per VM access notes, with the application URL, admin email and the admin password masked

Step 6 - Sign in to Teable

Open http://<vm-ip>/ in your browser. You are met with the Teable sign in page. Enter the TEABLE_ADMIN_EMAIL and TEABLE_ADMIN_PASSWORD values from the credentials file.

The Teable sign in page with the email and password fields

Step 7 - Explore your spaces and bases

After signing in you land on the home view. Teable organises everything into spaces (a place for a team or a project) that hold bases (databases). From here you can create a base, invite collaborators and manage settings.

The Teable home view showing a space with a Product Roadmap base, its creator and collaborators

Step 8 - Work with tables in the grid

Open a base to work with its tables. The grid view is the heart of Teable: a fast, spreadsheet like editor where each column is a typed field (single line text, number, single select, date, link, formula and more) and each row is a record. Add records, filter, sort and group your data, and switch between views without changing the underlying data.

The Teable grid view of the Tasks table showing typed Name, Count and Status fields with coloured status tags across six records

Step 9 - Collect data with a form view

Every table can also be presented as a form. Add a form view and Teable turns your fields into a shareable form that writes straight back into the table, ideal for intake, requests and surveys.

The Teable form view designer for an intake form, listing the Name and Count fields with required toggles

Teable also exposes a full REST API for every table, so you can read and write records programmatically once you are signed in.

Step 10 - Check the stack health from the command line

Teable exposes an unauthenticated liveness endpoint that reports whether the application and its meta database are ready. It is handy for monitoring:

curl -s http://127.0.0.1/health

Expected output (a healthy stack):

{"status":"ok","info":{"metaDatabase":{"status":"up"}},"error":{},"details":{"metaDatabase":{"status":"up"}}}

The public health endpoint reporting status ok for the running stack

Step 11 - Adding more people (optional)

This appliance ships with public sign up disabled, so only you can reach the application. To add people the recommended way is to sign in as the administrator and invite them to a space or a base, which keeps sign up closed. If instead you want to open self service sign up, re enable it in the admin panel under Settings and remove the location = /api/auth/signup block from /etc/nginx/sites-available/teable, then reload nginx:

sudo nginx -t && sudo systemctl reload nginx

Re disable sign up by restoring the block and turning the setting off again once everyone has an account.

Step 12 - Production: your own domain with TLS

Teable serves plain HTTP on port 80. For production, point a DNS record at the VM and put Teable behind TLS so links and sessions use an https origin. A common approach is to add a certificate to nginx with Certbot and set PUBLIC_ORIGIN to your https URL:

sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d teable.example.com
sudo sed -i 's#^PUBLIC_ORIGIN=.*#PUBLIC_ORIGIN=https://teable.example.com#' /etc/teable/teable.env
sudo systemctl restart teable

Then restrict the network security group to the sources that need access. See the Teable documentation for the full production checklist.

Support

Every cloudimg image includes 24/7 support. If you have any questions about deploying or operating Teable on Azure, contact the cloudimg team through the Azure Marketplace listing or at www.cloudimg.co.uk.