Skip to content

How to Set Up OpenCode Web UI on a VPS Server

Problem

I wanted the convenience of a cloud-based AI coding assistant, but I prefer self-hosted solutions for privacy and cost control. The challenge was setting up OpenCode Web UI securely on a VPS with proper service management and network configuration so I could access it from anywhere - including my mobile phone.

Environment

  • Ubuntu 22.04 LTS (or similar Linux distribution)
  • Root or sudo access
  • Domain name (optional but recommended for HTTPS)
  • API keys for LLM providers (Anthropic, OpenAI, etc.)

Why Self-Host on VPS?

Before diving into the setup, let me explain why I chose this approach:

  • Privacy: My code and conversations stay on my own infrastructure
  • Cost Control: I use my own API keys, avoiding per-token cloud pricing
  • Customization: Full control over configuration and extensions
  • Always-On Access: Persistent sessions without keeping a local machine running 24/7

Solution

Step 1: Install OpenCode

First, I installed OpenCode on the VPS using the official installer:

install-opencode.sh
# Install OpenCode using the official installer
curl -fsSL https://opencode.dev/install.sh | sh
# Verify installation
opencode --version

Alternatively, I could install via npm:

install-via-npm.sh
npm install -g opencode
# Verify installation
opencode --version

Step 2: Configure API Keys

I created a secure configuration directory and stored my API keys:

setup-config.sh
# Create configuration directory
mkdir -p ~/.config/opencode
# Create environment file for API keys
cat > ~/.config/opencode/.env << 'EOF'
ANTHROPIC_API_KEY=your_key_here
OPENAI_API_KEY=your_key_here
EOF
# Set proper permissions (important for security!)
chmod 600 ~/.config/opencode/.env

Step 3: Create Systemd Service

To ensure OpenCode starts automatically on boot and restarts on failure, I created a systemd service:

/etc/systemd/system/opencode.service
[Unit]
Description=OpenCode Web UI
After=network.target
[Service]
Type=simple
User=your_username
WorkingDirectory=/home/your_username
EnvironmentFile=/home/your_username/.config/opencode/.env
ExecStart=/usr/local/bin/opencode web --host 0.0.0.0 --port 3000
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target

After creating the service file, I enabled and started the service:

enable-service.sh
# Reload systemd daemon
sudo systemctl daemon-reload
# Enable service to start on boot
sudo systemctl enable opencode
# Start the service now
sudo systemctl start opencode
# Check service status
sudo systemctl status opencode

Step 4: Configure Nginx Reverse Proxy

I set up Nginx as a reverse proxy to handle incoming connections:

install-nginx.sh
# Install nginx
sudo apt update && sudo apt install nginx -y

Then I created the Nginx configuration:

/etc/nginx/sites-available/opencode
server {
listen 80;
server_name your-domain.com; # or your VPS IP
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 86400;
}
}

I enabled the site and tested the configuration:

enable-nginx-site.sh
# Enable the site
sudo ln -s /etc/nginx/sites-available/opencode /etc/nginx/sites-enabled/
# Test nginx configuration
sudo nginx -t
# Reload nginx
sudo systemctl reload nginx

Step 5: Secure with HTTPS

For production use, I strongly recommend HTTPS. I used Certbot to obtain a free SSL certificate:

setup-https.sh
# Install Certbot
sudo apt install certbot python3-certbot-nginx -y
# Obtain SSL certificate (follow the prompts)
sudo certbot --nginx -d your-domain.com
# Certbot automatically configures HTTPS and sets up auto-renewal

Step 6: Configure Firewall

I configured the firewall to only allow necessary traffic:

setup-firewall.sh
# Allow SSH
sudo ufw allow 22/tcp
# Allow HTTP and HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Enable firewall
sudo ufw enable
# Check status
sudo ufw status

Step 7: Optional - Tailscale for Secure Access

For additional security without exposing the service publicly, I can use Tailscale:

setup-tailscale.sh
# Install Tailscale
curl -fsSL https://tailscale.com/install.sh | sh
# Authenticate with your Tailscale account
sudo tailscale up
# Access OpenCode via Tailscale IP: http://100.x.y.z:3000

With Tailscale, I can access my OpenCode instance securely from any device without opening ports to the public internet.

Quick-Start Script

For convenience, I created a quick-start script that automates the entire setup:

quick-setup.sh
#!/bin/bash
# Quick setup script for OpenCode Web UI on Ubuntu
set -e
echo "Installing OpenCode..."
curl -fsSL https://opencode.dev/install.sh | sh
echo "Creating configuration directory..."
mkdir -p ~/.config/opencode
echo "Creating systemd service..."
sudo tee /etc/systemd/system/opencode.service > /dev/null << EOF
[Unit]
Description=OpenCode Web UI
After=network.target
[Service]
Type=simple
User=$USER
WorkingDirectory=$HOME
EnvironmentFile=$HOME/.config/opencode/.env
ExecStart=$(which opencode) web --host 0.0.0.0 --port 3000
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
echo "Enabling and starting service..."
sudo systemctl daemon-reload
sudo systemctl enable opencode
sudo systemctl start opencode
echo "Done! Access at http://$(curl -s ifconfig.me):3000"
echo "Don't forget to add your API keys to ~/.config/opencode/.env"

Common Operations

Here are some useful commands for managing the OpenCode service:

manage-service.sh
# Check service status
sudo systemctl status opencode
# View live logs
sudo journalctl -u opencode -f
# Restart service
sudo systemctl restart opencode
# Stop service
sudo systemctl stop opencode
# View recent logs
sudo journalctl -u opencode --since "1 hour ago"

Common Mistakes to Avoid

  1. Exposing Without Authentication: Always configure authentication or use network-level security like Tailscale
  2. Hardcoding API Keys in Service File: Use environment files with proper permissions instead
  3. Ignoring Updates: Regularly update OpenCode and system packages for security patches
  4. Missing WebSocket Support: Ensure nginx is configured with proxy_http_version 1.1 and proper headers
  5. Insufficient Timeout Values: Set high proxy_read_timeout (86400 seconds) for long-running AI responses

Summary

In this post, I showed how to deploy OpenCode Web UI on a VPS for always-on, secure access from any device. The setup involves installing OpenCode, creating a systemd service for auto-start, configuring Nginx as a reverse proxy, and securing the deployment with HTTPS or Tailscale VPN. This gives me cloud-like accessibility with self-hosted control - perfect for developers who value privacy and cost efficiency.

Final Words + More Resources

My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me

Here are also the most important links from this article along with some further resources that will help you in this scope:

Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!

Comments