# Self-Hosted Tempest Server & Web Mode Tempest can run as a **self-hosted server** — a Node.js process that handles encrypted vault sync, SSH session multiplexing, and Tempest Push routing for the devices you connect to it. Combined with Tempest's **Web Mode** (the same UI running in a browser), this lets you SSH from any device that has a browser — without installing anything on it — while keeping all the encrypted sync inside your own infrastructure. This is the right setup for: * Privacy-sensitive teams that want zero data on third-party servers * Air-gapped or restricted networks * "I want to SSH from my Chromebook / iPad without installing apps" * Homelab enthusiasts who already self-host everything ## Configure on the welcome screen When you first launch Tempest desktop or open a fresh browser tab to your server URL: 1. Welcome screen → **Self-hosted server** section 2. Enter your server URL (e.g. `https://tempest.example.com`) 3. Sign in with your account credentials After this, all sync, scheduled runs, and notifications flow through your server. ## Web Mode — Tempest in any browser Self-hosted server + Web Mode is the killer combo: visit your server URL in any browser, sign in, and you get the full Tempest UI — host list, terminal tabs, SFTP, AI assistant — running entirely in the browser. This is great for: * SSH from a Chromebook or iPad * Quick access from a borrowed machine without installing the desktop client * Mobile-friendly access in a pinch The browser → server channel uses WebSockets; the server holds the SSH connections (per the C/S architecture), and the browser receives pre-rendered terminal frames. ## Auto-reconnect The browser ↔ server WebSocket reconnects automatically if your network blips, with visible "disconnected, reconnecting…" / "reconnected" toasts so you know what's happening. ## Privacy & E2E with self-hosting Even when you self-host: * Your **vault encryption keys never leave your devices**. * The server still only sees ciphertext (it's the same E2EE design as the cloud sync — see [End-to-End Encryption](/account-and-privacy/end-to-end-encryption.md)). The benefit of self-hosting isn't a different security model — it's that *you* are the operator of the relay, with full audit log access and no third-party data residency questions. ## Backend responsibilities The Tempest server runs: * **Encrypted vault sync endpoint** — receives encrypted vault docs from your devices * **SSH multiplexing** — holds the actual SSH connections so the browser doesn't (browsers can't speak SSH directly) * **Snippet scheduler** — fires scheduled snippet runs even when no client is connected * **Tempest Push relay** — forwards encrypted notification payloads to APNs / FCM * **Notification module** — local channels (webhook, Pushover, SMTP) sent directly from the server ## What the server does *not* hold * Your vault encryption keys (only your devices do) * OAuth2 tokens (those stay in the browser / desktop client per the C/S design) See the [Tempest Knowledge Base](/readme.md) for what each layer does. ## Deployment Tempest server is a Docker image. Detailed deployment configs please contact support for early access. ## See also * [How Tempest Protects Your Privacy](/account-and-privacy/how-tempest-protect-your-privacy.md) * [End-to-End Encryption](/account-and-privacy/end-to-end-encryption.md) — applies whether sync is cloud or self-hosted * [Tempest Push Notifications](/productivity/tempest-push-notifications.md) — works through self-hosted server --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.gotempest.app/deployment/self-hosted-tempest-server.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.