Install ThingsBoard CE with Docker: Step-by-Step Guide
Timo Wevelsiep•Updated: 30.06.2026Editorial note: Versions, commands and prices may change. Please verify critical steps independently before production use. This guide does not replace individual consulting.
Build a sovereign, self-hosted IoT platform? WZ-IT designs, installs and runs ThingsBoard on your infrastructure - open source, EU, no cloud lock-in. Explore the ThingsBoard platform
The fastest way to install ThingsBoard CE is with Docker Compose: create a docker-compose.yml with the services thingsboard/tb-node:4.3.1.2 and postgres:18, initialise the database once (docker compose run --rm -e INSTALL_TB=true thingsboard), start it with docker compose up -d and open the UI at http://localhost:8080. This guide walks you step by step through the requirements, the Compose file, ports, the first login including changing the demo passwords, your first device with a dashboard, and what it takes to move into production.
Table of contents
- Requirements: hardware and software
- Which database: PostgreSQL or Cassandra
- Create the docker-compose.yml
- Initialise the database and start the containers
- Ports and firewall
- First login and changing the demo passwords
- Create your first device and dashboard
- From test to production
- How we work at WZ-IT
- Further guides
Requirements: hardware and software
ThingsBoard is written in Java (Spring Boot) and needs a relational database for its entities. On the software side you only need two things:
- Docker Engine (current version) and the Docker Compose v2 plugin (
docker compose, not the legacydocker-compose). - A Linux host is the usual choice (Ubuntu, Debian, RHEL). macOS and Windows work with Docker Desktop for local tests.
Hardware needs depend on the database and load:
| Setup | RAM (minimum) | Good for |
|---|---|---|
| PostgreSQL (single instance) | ~4 GB, 1+ CPU core | test, PoC, small to medium fleets |
| Cassandra (single instance) | from 4 GB | high write throughput |
| Hybrid: PostgreSQL + Cassandra | from 8 GB, multi-core CPU, NVMe | >5,000 messages/s, millions of devices |
For getting started we recommend a PostgreSQL setup on a VM with 4 to 8 GB of RAM, for example on Proxmox or a Hetzner server. For what ThingsBoard does in general, see What is ThingsBoard?.
Which database: PostgreSQL or Cassandra
ThingsBoard always stores entities (devices, assets, dashboards, relations) in PostgreSQL. For time-series data (telemetry) you have a choice: PostgreSQL/TimescaleDB or Cassandra.
- PostgreSQL is the pragmatic default: one service, one backup path, simple operation. Fine up to a few thousand devices.
- Cassandra or a hybrid setup only shows its strengths at very high telemetry throughput (on the order of more than 5,000 messages per second) or millions of devices - at the cost of more RAM and more complex operation.
Our recommendation: start with PostgreSQL and scale only when the numbers demand it. This guide uses PostgreSQL.
Create the docker-compose.yml
Create a working directory (for example ~/thingsboard) and the following docker-compose.yml inside it. We use the current LTS line v4.3 (as of June 2026, image tag 4.3.1.2, see thingsboard.io/docs/releases) with the in-memory queue - ideal for test and PoC.
services:
postgres:
restart: always
image: "postgres:18"
environment:
POSTGRES_DB: thingsboard
POSTGRES_PASSWORD: postgres
volumes:
- tb-postgres-data:/var/lib/postgresql
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres -d thingsboard"]
interval: 10s
timeout: 5s
retries: 5
thingsboard:
restart: always
image: "thingsboard/tb-node:4.3.1.2"
depends_on:
postgres:
condition: service_healthy
ports:
- "8080:8080" # Web UI + REST API
- "1883:1883" # MQTT
- "8883:8883" # MQTT over TLS
- "5683-5688:5683-5688/udp" # CoAP + LwM2M
- "7070:7070" # Edge (gRPC)
environment:
TB_QUEUE_TYPE: in-memory
SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/thingsboard
SPRING_DATASOURCE_USERNAME: postgres
SPRING_DATASOURCE_PASSWORD: postgres
volumes:
tb-postgres-data:
name: tb-postgres-data
In a real installation the passwords (POSTGRES_PASSWORD, SPRING_DATASOURCE_PASSWORD) belong in a .env file or a secret, not in plain text in the Compose file.
Initialise the database and start the containers
Before the first start the database schema must be created once. From the working directory:
# Create schema, optionally with demo data (tenant, device, dashboard)
docker compose run --rm -e INSTALL_TB=true -e LOAD_DEMO=true thingsboard
Leave out LOAD_DEMO=true if you want a clean install without demo data. Then start the platform and follow the logs:
docker compose up -d
docker compose logs -f thingsboard
Once the logs show Started ThingsBoard ..., the platform is ready. Open http://localhost:8080 (or http://SERVER-IP:8080) in your browser.
Ports and firewall
ThingsBoard exposes several ports. Open only what your devices actually need:
| Port | Protocol | Purpose |
|---|---|---|
| 8080 | TCP/HTTP | web UI and REST API |
| 1883 | TCP/MQTT | MQTT (plaintext) |
| 8883 | TCP/MQTT | MQTT over TLS |
| 5683-5688 | UDP | CoAP and LwM2M |
| 7070 | TCP/gRPC | ThingsBoard Edge |
MQTT is the most important telemetry protocol in practice; see What is MQTT? for the basics. Important: in production you do not expose the web UI directly on 8080, but behind a reverse proxy (nginx, Traefik, Caddy) with TLS on 443. Device connections then use 8883 instead of 1883.
First login and changing the demo passwords
A demo install ships with three accounts:
| Role | Password | |
|---|---|---|
| System Administrator | [email protected] | sysadmin |
| Tenant Administrator | [email protected] | tenant |
| Customer user | [email protected] | customer |
Log in first as the System Administrator, then as the Tenant Administrator (the account you use day to day). First mandatory step: change all demo passwords. Click the profile icon at the top right, choose Profile, then Change password. Set a strong, unique password for each account - the official docs explicitly warn against putting ThingsBoard on a network with the default credentials. On a clean install without LOAD_DEMO only the System Administrator exists; you then create the first tenant yourself.
Create your first device and dashboard
As the Tenant Administrator you can create a device and see live data in a few steps:
- Entities → Devices → "+" → Add new device. Give it a name (for example
sensor-01) and save. - Open the device, go to the Details tab and Copy access token - this token authenticates the device.
- Send telemetry. Test the connection with the MQTT client
mosquitto_pub:
mosquitto_pub -d -h localhost -p 1883 \
-t v1/devices/me/telemetry \
-u "ACCESS_TOKEN" \
-m '{"temperature": 21.5, "humidity": 48}'
- The values appear in the device's Latest telemetry tab. Use Add to dashboard, or go to Dashboards → "+", to build your first dashboard and drop, for example, a time-series chart onto the
temperaturetelemetry key.
For richer visualisation or reporting, many teams pair ThingsBoard with Grafana.
From test to production
The setup above is deliberately lean. For continuous operation several points come on top:
- TLS and reverse proxy: never expose the web UI or MQTT unencrypted to the internet. Use Let's Encrypt certificates, terminating TLS in the reverse proxy or directly in ThingsBoard.
- Backups: back up PostgreSQL regularly (
pg_dump, volume snapshots, point-in-time recovery). No backup, no production. - Queue and scaling: the in-memory queue is for testing only. In production switch to Apache Kafka and, under high load, to a microservice cluster (transport, core and rule-engine services scaled separately).
- Monitoring: wire up logs, metrics and alerting, and keep an eye on resources (RAM, disk I/O) - telemetry workloads are I/O hungry.
- Updates: pin the image tag (not
latest), take a backup before upgrades, read the release notes.
These topics decide stability and data sovereignty - and they are the main cost driver, not the license. For an honest cost comparison of the Community Edition, Professional Edition and Cloud, see ThingsBoard pricing.
How we work at WZ-IT
We design, install and run ThingsBoard as a sovereign, self-hosted IoT platform on your infrastructure (Proxmox, Hetzner or on-premises). That covers sizing and database choice, hardened Compose or cluster setups with TLS and backups, connecting devices and protocols, modelling device profiles and rule chains, plus monitoring and updates. Edition choice is aligned honestly with your requirements, not with license revenue - as part of our ThingsBoard expertise and IoT platform development.
Further guides
- ThingsBoard expertise - consulting, integration and operations
- What is ThingsBoard? - editions, architecture and protocols
- ThingsBoard pricing - editions, licenses and real costs
- What is MQTT? - the most important IoT protocol explained
- ThingsBoard vs ChirpStack - application platform vs LoRaWAN server
Planning your own IoT platform? Get to know us or take a look at our IoT platforms.
You'd rather not run IoT yourself? WZ-IT handles setup, operations and maintenance – GDPR-compliant from Germany.
Frequently Asked Questions
Answers to the most important questions
Create a docker-compose.yml with the services tb-node (image thingsboard/tb-node:4.3.1.2) and postgres:18, initialise the database once with 'docker compose run --rm -e INSTALL_TB=true thingsboard', start it with 'docker compose up -d' and open the UI at http://localhost:8080. Add -e LOAD_DEMO=true if you want demo data to explore.
For a test or PoC running on PostgreSQL, 1 CPU core and about 4 GB of RAM are enough. A Cassandra instance needs at least 4 GB; a hybrid setup (PostgreSQL plus Cassandra) for high throughput needs 8 GB or more, a dedicated multi-core CPU and fast SSD/NVMe storage. You also need the Docker Engine and the Docker Compose v2 plugin.
After a demo install three accounts exist: System Administrator [email protected] / sysadmin, Tenant Administrator [email protected] / tenant and a Customer user [email protected] / customer. Change all of these demo passwords before exposing ThingsBoard to any network.
By default 8080 for the web UI and REST API, 1883 for MQTT, 8883 for MQTT over TLS, 5683 to 5688/UDP for CoAP and LwM2M, and 7070 for the Edge connection (gRPC). In production you do not expose the UI directly; you put it behind a reverse proxy with TLS on 443.
For most projects PostgreSQL is enough: simple operation, one backup path, fine up to a few thousand devices. Cassandra or a hybrid setup only pays off at very high telemetry throughput (on the order of more than 5,000 messages per second) or millions of devices. Start with PostgreSQL and scale later if needed.
The Community Edition is free under the Apache 2.0 license, with no per-device fees. You only pay for your own infrastructure and operations. See the ThingsBoard pricing article for the full comparison with the Professional Edition and Cloud.
Change the demo passwords, publish the web UI only behind a reverse proxy with TLS, set up regular PostgreSQL backups (pg_dump or volume snapshots), wire up monitoring and logs, and switch to the Kafka queue plus a microservice cluster for high load. The in-memory queue is for testing only.
More on IoT
- What is LoRaWAN?
- What is MQTT?
- What is ThingsBoard?
- What is ChirpStack?
- IoT architecture in layers
- LoRaWAN vs NB-IoT vs WLAN/5G
- ThingsBoard pricing & editions
- How much does ChirpStack cost?
- ThingsBoard vs ChirpStack
- IoT platform: self-hosted vs cloud
- Open-source IoT platforms compared
- ThingsBoard vs AWS IoT Core & Azure IoT Hub
- Install ThingsBoard with Docker
- Set up ChirpStack & a LoRaWAN gateway
- Grafana IoT dashboard with InfluxDB
- ThingsBoard Rule Engine: alarms & notifications
- Milesight sensor in ChirpStack: payload decoder
- Node-RED MQTT dashboard for sensor data
- Predictive maintenance & retrofit
- Building IoT / smart building with LoRaWAN
