Vikunja on AWS User Guide
Overview
This image runs Vikunja, the open source, self-hosted to-do list and project/task management application - lists, kanban boards, Gantt, table and calendar views, reminders, labels, assignees and sharing - a privacy-respecting alternative to hosted task managers, deployable in your own VPC.
The Vikunja server is a single Go binary that serves both the REST API and the bundled web app. It runs behind nginx as a reverse proxy. PostgreSQL is the datastore; the server listens on 127.0.0.1:3456 and is reached through nginx on port 80 (and 443 once you add TLS). The server and the database bind to the loopback interface only.
On the first boot of every deployed instance, a one-shot service generates a fresh session-signing secret unique to that instance, rotates the PostgreSQL password, runs the database migrations, and creates a single administrator account with a per-instance password. Open registration is disabled. The login is written to /root/vikunja-credentials.txt with mode 0600.
Prerequisites
Before you deploy this image you need:
- An Amazon Web Services account where you can launch EC2 instances
- IAM permissions to launch instances, create security groups, and subscribe to AWS Marketplace products
- An EC2 key pair in the target Region for SSH access to the instance
- A VPC and subnet in the target Region, with a security group allowing inbound port 22 from your management network and inbound ports 80 and 443 from the networks your users will reach Vikunja on
- The AWS CLI (version 2) installed locally if you plan to deploy from the command line
Step 1: Launch the Instance from the AWS Marketplace
Sign in to the AWS Management Console, open the EC2 service, and select Launch instance. Under Application and OS Images choose AWS Marketplace AMIs and search for Vikunja. Select the cloudimg listing and choose Select, then Continue on the subscription summary.
Pick an instance type of t3.medium or larger. Choose your EC2 key pair under Key pair (login). Under Network settings select your VPC and subnet, and either create or select a security group that allows inbound port 22 from your management network and inbound ports 80 and 443 from the networks your users use. Leave the root volume at the default size or larger.
Select Launch instance. First boot initialisation takes under a minute after the instance state becomes Running and the status checks pass.
Step 2: Launch the Instance from the AWS CLI
The following block launches an instance from the cloudimg Vikunja Marketplace AMI into an existing subnet and security group. Replace <ami-id> with the AMI ID shown on the Marketplace listing, <key-name> with your EC2 key pair name, <subnet-id> with your subnet ID, and <security-group-id> with a security group that opens ports 22, 80, and 443 as described above.
aws ec2 run-instances \
--image-id <ami-id> \
--instance-type t3.medium \
--key-name <key-name> \
--subnet-id <subnet-id> \
--security-group-ids <security-group-id> \
--block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs":{"VolumeSize":30,"VolumeType":"gp3"}}]' \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=vikunja-01}]'
The command prints a JSON document on success. Note the instance ID, then retrieve its public address once it is running with aws ec2 describe-instances --instance-ids <instance-id> --query "Reservations[].Instances[].PublicIpAddress" --output text.
Step 3: Connect and Retrieve the Administrator Login
Connect over SSH with the key pair you selected and the public IP address from step 2. The SSH login user depends on the operating system of the AMI variant you launched:
| AMI variant | SSH login user |
|---|---|
| Vikunja 2.3 on Ubuntu 24.04 | ubuntu |
The first boot service runs before the SSH daemon becomes ready, so the credentials file is always in place when you log in for the first time.
ssh <login-user>@<public-ip>
sudo cat /root/vikunja-credentials.txt
You will see a plain text file containing the Vikunja URL, the administrator username (admin) and the password. From the same SSH session you can confirm the deployment is healthy - the info endpoint is open:
curl -fsS http://127.0.0.1/api/v1/info
{"version":"v2.3.0","frontend_url":"http://<public-ip>/","motd":"","link_sharing_enabled":true,...}
A JSON response with a version confirms the full stack - nginx, the Vikunja server and PostgreSQL - is serving.
Step 4: First Sign-in
Open a web browser and navigate to http://<public-ip>/. Vikunja presents its sign-in page. Enter the username admin and the password from /root/vikunja-credentials.txt, then select Login.
The Vikunja sign-in, served on first boot with a per-instance administrator login.
Step 5: Create Projects and Tasks
Select Projects, then New project, give it a name, and open it. Add tasks with the Add a task... box - you can set priorities, due dates, labels, assignees and reminders. Tasks with a priority are flagged in the list with an Urgent, High or Medium badge.
A Vikunja project list view - tasks with Urgent, High and Medium priority labels.
Step 6: Switch Views - List, Kanban, Gantt, Table and Calendar
Every project can be viewed as a List, a Gantt chart, a Table, or a Kanban board using the tabs at the top of the project. The kanban board organises tasks into columns such as To-Do, Doing and Done; drag a card between columns to update its state.
A Vikunja project as a kanban board - To-Do, Doing and Done columns with priority badges.
Step 7: Invite Your Team and Use the API
Open Teams to create a team and share projects with other users. Because open registration is disabled by default, add users from the administrator account or re-enable registration in the configuration. Every action in the web app is also available through the REST API at http://<public-ip>/api/v1/ - authenticate with POST /api/v1/login to obtain a token, then call the API with an Authorization: Bearer <token> header. The interactive API docs are served at http://<public-ip>/api/v1/docs.
Step 8: Enable HTTPS with Let's Encrypt
For any production deployment serve Vikunja over HTTPS so logins cannot be intercepted. The image ships with nginx, which certbot can configure automatically.
The following assumes you have a DNS record pointing your fully qualified domain name at the instance's public IP address.
sudo apt-get update && sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d tasks.your-domain.example \
--non-interactive --agree-tos -m you@your-domain.example \
--redirect
After certbot finishes, set the public URL so generated links are correct, then restart Vikunja:
sudo sed -i 's|^ publicurl: .*| publicurl: "https://tasks.your-domain.example/"|' /etc/vikunja/config.yml
sudo systemctl restart vikunja
Step 9: Backups and Maintenance
Vikunja keeps all of its state - projects, tasks, users and settings - in PostgreSQL, and any uploaded file attachments under /opt/vikunja/files. Back both up regularly:
sudo -u postgres pg_dump vikunja > <backup-dir>/vikunja-db-$(date +%F).sql
sudo tar czf <backup-dir>/vikunja-files-$(date +%F).tgz -C /opt/vikunja files
Ship the dumps to an Amazon S3 bucket or another object store. Because the database and the application directory are each on their own EBS volume, you can also take coordinated EBS snapshots. To upgrade Vikunja, replace /opt/vikunja/vikunja with a newer release and restart - migrations run automatically on start. See https://vikunja.io/docs/.
Step 10: Scaling and Operations
- Move PostgreSQL to Amazon RDS for PostgreSQL and update the
databasesection of/etc/vikunja/config.yml - Put the web tier behind an Application Load Balancer if you need high availability
- Use the REST API to integrate Vikunja with other tools, or connect the official Vikunja mobile and desktop apps to your instance
Each of these is documented in the official Vikunja documentation at https://vikunja.io/docs/.
Support
cloudimg provides 24/7/365 expert technical support for this image. Guaranteed response within 24 hours, one hour average for critical issues. Contact support@cloudimg.co.uk.
For general Vikunja questions consult the documentation at https://vikunja.io/docs/. Vikunja is a trademark of its respective owner; use here is nominative and does not imply affiliation or endorsement.