Why I Moved My Design Workflow to a Self-Hosted Instance
For years, Figma was the industry standard. However, recent shifts toward restrictive cloud-only models and paywalled features like “Dev Mode” have made many developers uneasy. If you value data sovereignty, Penpot is the solution you have been looking for. It is a powerful design and prototyping platform that treats SVG as its native format. This means your designs aren’t trapped in a proprietary format; they are ready for the web by default.
Hosting your own design infrastructure ensures your mockups and assets never leave your local hardware. In my experience, this setup is a perfect weekend project for anyone looking to sharpen their Docker skills. It provides a professional-grade tool without the monthly subscription fees or the risk of cloud outages.
Getting Penpot Up and Running
You can get a Penpot instance live in under five minutes if you have Docker and Docker Compose ready. Start by creating a dedicated directory to keep your configuration files organized.
mkdir ~/penpot && cd ~/penpot
curl -o docker-compose.yaml https://raw.githubusercontent.com/penpot/penpot/main/docker/images/docker-compose.yaml
curl -o config.env https://raw.githubusercontent.com/penpot/penpot/main/docker/images/config.envYou must generate two unique secret keys before launching the containers. Run openssl rand -hex 32 twice to create these strings. Open the config.env file, find PENPOT_SECRET_KEY and PENPOT_PUBLIC_SECRET_KEY, and paste your new values there.
With your environment variables set, fire up the stack:
docker-compose up -dThe system needs about 60 seconds to initialize the PostgreSQL database and run migrations. Once finished, you can access the dashboard at http://your-server-ip:9001. It is a remarkably smooth onboarding process for such a complex tool.
The Architecture: What’s Under the Hood?
Penpot is not a single, bloated container. It is a collection of microservices that work together. Understanding these components is vital if you are running this on modest hardware like a 4GB RAM Raspberry Pi or a small VPS.
The Five Essential Services
- Frontend: An Nginx server that serves the UI to your browser.
- Backend: Built with Clojure, this handles the core logic and API requests.
- Exporter: A NodeJS service that converts designs to PDF or SVG. It uses an internal Chromium instance, which is often the most resource-heavy part of the stack.
- PostgreSQL: The reliable home for your design metadata and user profiles.
- Redis: Manages sessions and keeps the interface feeling snappy.
If you notice the system lagging during heavy exports, the Exporter service is likely the culprit. On a machine with only 2GB of RAM, I recommend setting memory limits in your docker-compose.yaml to prevent the system from crashing during large file renders.
Hardening Your Setup for Production
A basic installation works for local testing, but you need a few extra steps if you plan to use this for real client work or team collaboration.
Enable SMTP for User Management
Without a mail server, you cannot verify new users or reset passwords easily. You can use a service like Postmark or your own mail server. Edit the SMTP section in config.env:
[email protected]
PENPOT_SMTP_HOST=smtp.yourserver.com
PENPOT_SMTP_PORT=587
PENPOT_SMTP_USERNAME=your-username
PENPOT_SMTP_PASSWORD=your-password
PENPOT_SMTP_TLS=trueSecurity and Reverse Proxies
Never expose your Penpot instance directly to the internet over port 9001. Use a reverse proxy like Nginx Proxy Manager or Traefik to handle SSL certificates. When setting up your proxy, ensure “Websockets Support” is enabled. Without it, the real-time collaboration features will fail, and you will see constant reconnection errors.
Closing Public Registration
Once you have created your primary account, you should lock the doors. You don’t want random bots creating accounts on your server. Update your config.env with this flag:
PENPOT_FLAGS="disable-registration"Maintenance and Long-Term Care
Self-hosting requires a bit of discipline. I have found that two specific habits keep Penpot running perfectly for months at a time.
Daily Backups
Your design files are stored in the database and the assets volume. If the database gets corrupted, you lose everything. Set up a simple cron job to dump the database every night. Use this command as your starting point:
docker exec -t penpot-postgres-container pg_dumpall -c -U penpot > penpot_backup_$(date +%F).sqlSmooth Updates
The Penpot team releases updates frequently. To update, pull the latest images and restart the containers. Always read the release notes on GitHub first. Occasionally, they introduce new environment variables that you must add to your config.env for the system to boot correctly.
Switching to Penpot has completely changed how I handle design. It removes the anxiety of price hikes and gives me total control over my creative assets. If you already have a HomeLab, adding Penpot is the best way to bring your design and development workflows under one roof.
