How to Set Up OpenCode Web UI on a VPS Server
Problem
I wanted the convenience of a cloud-based AI coding assistant, but I prefer self-hosted solutions for privacy and cost control. The challenge was setting up OpenCode Web UI securely on a VPS with proper service management and network configuration so I could access it from anywhere - including my mobile phone.
Environment
- Ubuntu 22.04 LTS (or similar Linux distribution)
- Root or sudo access
- Domain name (optional but recommended for HTTPS)
- API keys for LLM providers (Anthropic, OpenAI, etc.)
Why Self-Host on VPS?
Before diving into the setup, let me explain why I chose this approach:
- Privacy: My code and conversations stay on my own infrastructure
- Cost Control: I use my own API keys, avoiding per-token cloud pricing
- Customization: Full control over configuration and extensions
- Always-On Access: Persistent sessions without keeping a local machine running 24/7
Solution
Step 1: Install OpenCode
First, I installed OpenCode on the VPS using the official installer:
# Install OpenCode using the official installercurl -fsSL https://opencode.dev/install.sh | sh
# Verify installationopencode --versionAlternatively, I could install via npm:
npm install -g opencode
# Verify installationopencode --versionStep 2: Configure API Keys
I created a secure configuration directory and stored my API keys:
# Create configuration directorymkdir -p ~/.config/opencode
# Create environment file for API keyscat > ~/.config/opencode/.env << 'EOF'ANTHROPIC_API_KEY=your_key_hereOPENAI_API_KEY=your_key_hereEOF
# Set proper permissions (important for security!)chmod 600 ~/.config/opencode/.envStep 3: Create Systemd Service
To ensure OpenCode starts automatically on boot and restarts on failure, I created a systemd service:
[Unit]Description=OpenCode Web UIAfter=network.target
[Service]Type=simpleUser=your_usernameWorkingDirectory=/home/your_usernameEnvironmentFile=/home/your_username/.config/opencode/.envExecStart=/usr/local/bin/opencode web --host 0.0.0.0 --port 3000Restart=alwaysRestartSec=10
[Install]WantedBy=multi-user.targetAfter creating the service file, I enabled and started the service:
# Reload systemd daemonsudo systemctl daemon-reload
# Enable service to start on bootsudo systemctl enable opencode
# Start the service nowsudo systemctl start opencode
# Check service statussudo systemctl status opencodeStep 4: Configure Nginx Reverse Proxy
I set up Nginx as a reverse proxy to handle incoming connections:
# Install nginxsudo apt update && sudo apt install nginx -yThen I created the Nginx configuration:
server { listen 80; server_name your-domain.com; # or your VPS IP
location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 86400; }}I enabled the site and tested the configuration:
# Enable the sitesudo ln -s /etc/nginx/sites-available/opencode /etc/nginx/sites-enabled/
# Test nginx configurationsudo nginx -t
# Reload nginxsudo systemctl reload nginxStep 5: Secure with HTTPS
For production use, I strongly recommend HTTPS. I used Certbot to obtain a free SSL certificate:
# Install Certbotsudo apt install certbot python3-certbot-nginx -y
# Obtain SSL certificate (follow the prompts)sudo certbot --nginx -d your-domain.com
# Certbot automatically configures HTTPS and sets up auto-renewalStep 6: Configure Firewall
I configured the firewall to only allow necessary traffic:
# Allow SSHsudo ufw allow 22/tcp
# Allow HTTP and HTTPSsudo ufw allow 80/tcpsudo ufw allow 443/tcp
# Enable firewallsudo ufw enable
# Check statussudo ufw statusStep 7: Optional - Tailscale for Secure Access
For additional security without exposing the service publicly, I can use Tailscale:
# Install Tailscalecurl -fsSL https://tailscale.com/install.sh | sh
# Authenticate with your Tailscale accountsudo tailscale up
# Access OpenCode via Tailscale IP: http://100.x.y.z:3000With Tailscale, I can access my OpenCode instance securely from any device without opening ports to the public internet.
Quick-Start Script
For convenience, I created a quick-start script that automates the entire setup:
#!/bin/bash# Quick setup script for OpenCode Web UI on Ubuntu
set -e
echo "Installing OpenCode..."curl -fsSL https://opencode.dev/install.sh | sh
echo "Creating configuration directory..."mkdir -p ~/.config/opencode
echo "Creating systemd service..."sudo tee /etc/systemd/system/opencode.service > /dev/null << EOF[Unit]Description=OpenCode Web UIAfter=network.target
[Service]Type=simpleUser=$USERWorkingDirectory=$HOMEEnvironmentFile=$HOME/.config/opencode/.envExecStart=$(which opencode) web --host 0.0.0.0 --port 3000Restart=alwaysRestartSec=10
[Install]WantedBy=multi-user.targetEOF
echo "Enabling and starting service..."sudo systemctl daemon-reloadsudo systemctl enable opencodesudo systemctl start opencode
echo "Done! Access at http://$(curl -s ifconfig.me):3000"echo "Don't forget to add your API keys to ~/.config/opencode/.env"Common Operations
Here are some useful commands for managing the OpenCode service:
# Check service statussudo systemctl status opencode
# View live logssudo journalctl -u opencode -f
# Restart servicesudo systemctl restart opencode
# Stop servicesudo systemctl stop opencode
# View recent logssudo journalctl -u opencode --since "1 hour ago"Common Mistakes to Avoid
- Exposing Without Authentication: Always configure authentication or use network-level security like Tailscale
- Hardcoding API Keys in Service File: Use environment files with proper permissions instead
- Ignoring Updates: Regularly update OpenCode and system packages for security patches
- Missing WebSocket Support: Ensure nginx is configured with
proxy_http_version 1.1and proper headers - Insufficient Timeout Values: Set high
proxy_read_timeout(86400 seconds) for long-running AI responses
Summary
In this post, I showed how to deploy OpenCode Web UI on a VPS for always-on, secure access from any device. The setup involves installing OpenCode, creating a systemd service for auto-start, configuring Nginx as a reverse proxy, and securing the deployment with HTTPS or Tailscale VPN. This gives me cloud-like accessibility with self-hosted control - perfect for developers who value privacy and cost efficiency.
Final Words + More Resources
My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me
Here are also the most important links from this article along with some further resources that will help you in this scope:
- π¨βπ» OpenCode Official Website
- π¨βπ» Systemd Service Documentation
- π¨βπ» Nginx Reverse Proxy Guide
- π¨βπ» Tailscale VPN
Oh, and if you found these resources useful, donβt forget to support me by starring the repo on GitHub!
Comments