Skip to main content

Fresh Installation of Mytesla

This guide is for users who want to deploy a complete Mytesla system from scratch. If you already have TeslaMate running, please refer to the Existing TeslaMate guide.

Target Audience
  • Users who have never installed TeslaMate
  • Users who want to use the latest configuration
  • Users pursuing best practices
warning

Ensure you have completed Environment Setup

Deployment Overview

The complete Mytesla system includes the following components:

Deployment Architecture

Core Service Layer

  • PostgreSQL: Data persistence storage
  • MQTT: Real-time message passing
  • TeslaMate: Vehicle data collector
  • Grafana: Data visualization dashboard

API Service Layer

  • TeslaMateAPI: RESTful API service
  • Health Check: Service status monitoring

Network Exposure Layer

  • Tailscale (Recommended): Zero-configuration VPN
  • Cloudflare Tunnel: Enterprise-grade proxy
  • Traefik: Reverse proxy and load balancing

One-Click Deployment TODO

Manual Deployment

If you want complete control over the deployment process, you can follow the detailed steps for manual configuration.

Step 1: Prepare Working Environment

# Create project directory
mkdir -p ~/mytesla/
cd ~/mytesla

Step 2: Create Core Configuration

Create .env environment configuration file:

cat > .env << 'EOF'
# Database configuration
TM_DB_USER=teslamate
TM_DB_PASS=password
TM_DB_NAME=teslamate
# Recommend using complex password, generate with openssl
TM_ENCRYPTION_KEY=

# API Security configuration (Strongly recommended)
# Generate secure token: openssl rand -hex 32
API_TOKEN=

# Timezone configuration - Replace with your timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=Asia/Shanghai

# Grafana configuration, default password can be changed after login
GRAFANA_PW=admin
GRAFANA_USER=admin

# Tailscale configuration see below
TS_AUTHKEY=
TS_HOSTNAME=
TS_TAILNET_NAME=
EOF

Step 3: Create Docker Compose Configuration

cat > docker-compose.yml << 'EOF'
services:
  tailscale:
    image: tailscale/tailscale:latest
    container_name: tailscale
    hostname: ${TS_HOSTNAME}
    environment:
      - TS_AUTHKEY=${TS_AUTHKEY}
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SOCKET=/var/run/tailscale/tailscaled.sock
    volumes:
      - ./tailscale/state:/var/lib/tailscale:rw
      - ./tailscale/socket:/var/run/tailscale
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    restart: unless-stopped

  traefik:
    image: traefik:latest
    container_name: traefik
    network_mode: service:tailscale
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./tailscale/state:/var/lib/tailscale:rw
      - ./tailscale/socket:/var/run/tailscale
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --certificatesresolvers.myresolver.tailscale=true
    restart: unless-stopped
    depends_on:
      - tailscale

  teslamate:
    image: teslamate/teslamate:2.0.0
    container_name: teslamate
    restart: unless-stopped
    depends_on:
      - database
    environment:
      - DATABASE_USER=${TM_DB_USER}
      - DATABASE_PASS=${TM_DB_PASS}
      - DATABASE_NAME=${TM_DB_NAME}
      - DATABASE_HOST=database
      - MQTT_HOST=mosquitto
      - VIRTUAL_HOST=${TS_HOSTNAME}.${TS_TAILNET_NAME}
      - ENCRYPTION_KEY=${TM_ENCRYPTION_KEY}
      - TZ=${TZ}                            # 📍 Set your timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
    ports: # Remove if you access Teslamate only via Tailscale
      - 4000:4000
    labels:
      - "traefik.enable=true"
      - "traefik.port=4000"
      - "traefik.http.routers.teslamate.rule=Host(`${TS_HOSTNAME}.${TS_TAILNET_NAME}`)"
      - "traefik.http.routers.teslamate.entrypoints=websecure"
      - "traefik.http.routers.teslamate.tls=true"
      - "traefik.http.routers.teslamate.tls.certresolver=myresolver"
      - "traefik.http.routers.teslamate-ws.rule=Host(`${TS_HOSTNAME}.${TS_TAILNET_NAME}`) && Path(`/live/websocket`)"
      - "traefik.http.routers.teslamate-ws.entrypoints=websecure"
      - "traefik.http.routers.teslamate-ws.tls="

  grafana:
    image: teslamate/grafana:2.0.0
    container_name: grafana
    restart: unless-stopped
    environment:
      - DATABASE_USER=${TM_DB_USER}
      - DATABASE_PASS=${TM_DB_PASS}
      - DATABASE_NAME=${TM_DB_NAME}
      - DATABASE_HOST=database
      - GRAFANA_PASSWD=${GRAFANA_PW}
      - GF_SECURITY_ADMIN_USER=${GRAFANA_USER}
      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PW}
      - GF_AUTH_ANONYMOUS_ENABLED=false
      - GF_SERVER_DOMAIN=${TS_HOSTNAME}.${TS_TAILNET_NAME}
      - GF_SERVER_ROOT_URL=https://${TS_HOSTNAME}.${TS_TAILNET_NAME}/grafana
      - GF_SERVER_SERVE_FROM_SUB_PATH=true
    volumes:
      - grafana-data:/var/lib/grafana
    ports: # Remove if you access Grafana only via Tailscale
      - 3000:3000
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grafana.rule=Host(`${TS_HOSTNAME}.${TS_TAILNET_NAME}`) && PathPrefix(`/grafana`)"
      - "traefik.http.routers.grafana.entrypoints=websecure"
      - "traefik.http.routers.grafana.tls=true"
      - "traefik.http.routers.grafana.tls.certresolver=myresolver"
      - "traefik.port=3000"

  teslamateapi:
    image: mytesla/teslamateapi:latest
    container_name: teslamateapi
    restart: unless-stopped
    depends_on:
      - database
      - mosquitto
      - teslamate
    environment:
      - DATABASE_USER=${TM_DB_USER}
      - DATABASE_PASS=${TM_DB_PASS}
      - DATABASE_NAME=${TM_DB_NAME}
      - DATABASE_HOST=database
      - ENCRYPTION_KEY=${TM_ENCRYPTION_KEY}
      - MQTT_HOST=mosquitto
      - API_TOKEN=${API_TOKEN}             # 🔐 Strongly recommended for security
    volumes:
      - teslamateapi-data:/opt/app/data
    ports: # Remove if you access TeslamateAPI only via Tailscale
      - 8080:8080
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.teslamateapi.rule=Host(`${TS_HOSTNAME}.${TS_TAILNET_NAME}`) && (Path(`/api`) || PathPrefix(`/api/`))"
      - "traefik.http.routers.teslamateapi.entrypoints=websecure"
      - "traefik.http.routers.teslamateapi.tls=true"
      - "traefik.http.routers.teslamateapi.tls.certresolver=myresolver"
      - "traefik.port=8080"

  database:
    image: postgres:17
    container_name: database
    restart: unless-stopped
    environment:
      - POSTGRES_USER=${TM_DB_USER}
      - POSTGRES_PASSWORD=${TM_DB_PASS}
      - POSTGRES_DB=${TM_DB_NAME}
    volumes:
      - postgres-data:/var/lib/postgresql/data

  mosquitto:
    image: eclipse-mosquitto:2
    restart: always
    command: mosquitto -c /mosquitto-no-auth.conf
    volumes:
      - mosquitto-conf:/mosquitto/config
      - mosquitto-data:/mosquitto/data

volumes:
  grafana-data:
  postgres-data:
  mosquitto-conf:
  mosquitto-data:
  teslamateapi-data:
EOF

Step 4: Using Tailscale to Expose Services

Tailscale is a zero-configuration VPN service based on WireGuard, perfect for securely exposing internal network services.

Why choose Tailscale?
  • Zero configuration: No need for complex network setup
  • End-to-end encryption: Based on WireGuard protocol
  • No public IP required: Supports NAT traversal
  • Generous free tier: Completely free for personal use
  • Cross-platform support: Supports all mainstream operating systems

Step 1: Register Tailscale Account

  1. Visit Tailscale official website
  2. Click "Get Started" to register an account
  3. You can use Google, Microsoft or GitHub account to log in

Step 2: Get Authentication Key

  1. Log in to Tailscale management console
  2. Click "Generate auth key"
  3. Configure key options:
    • Reusable: Not recommended to check
  4. Click "Generate key" and copy the key
Security Notice

Auth Key is only displayed once, please save it carefully!

Step 3: Environment Variable Configuration

Add to .env file:

# Tailscale configuration
TS_HOSTNAME=mytesla                    # Your device name
TS_AUTHKEY=tskey-auth-XXXXX-YYYYY     # Key obtained from step 2
TS_TAILNET_NAME=your-name.ts.net      # Your Tailnet domain
Get Tailnet Domain

You can find your Tailnet domain on the DNS page of Tailscale console.

Step 5: Deploy and Start

docker-compose up -d

docker-compose ps

Step 6: Update Tailscale Node Key Expire Setting

Find your node in tailscale machines, select "Disable key expiry" in settings, otherwise the node will expire and services will become inaccessible.

Verify Deployment

Service Status Check

# Check all container status
docker-compose ps

# View service logs
docker-compose logs teslamate
docker-compose logs teslamateapi

Web Interface Access

ServiceAddressPurposeDefault Account
TeslaMatehttp://localhost:4000Main configuration interfaceNo login required
Grafanahttp://localhost:3000Data visualizationadmin / [generated password]
TeslaMateAPIhttp://localhost:8080API status pageNo login required

⚙️ Initial Configuration

1. Configure TeslaMate

Visit http://localhost:4000:

Authorize Vehicle

2. Verify Grafana

Visit http://localhost:3000/grafana:

  1. Log in with generated admin password
  2. Verify dashboards load normally
  3. Confirm data source connection is normal

3. Verify Tailscale

  • Install tailscale client on your other device
  • Connect to your Tailnet
  • Visit https://[TS_HOSTNAME].[TS_TAILNET_NAME] to verify access
  • Test the API endpoint: https://[TS_HOSTNAME].[TS_TAILNET_NAME]/api/ping - should return {"message": "pong"}
Browser Access

Open your browser and visit https://[TS_HOSTNAME].[TS_TAILNET_NAME] from any device connected to your Tailnet to access the TeslaMate interface and verify the setup is working correctly.

4. Configure in Mytesla

  1. Visit https://mytesla.cc
  2. Go to Settings → TeslaMate
  3. Enter API address: https://[TS_HOSTNAME].[TS_TAILNET_NAME]
  4. If you set API_TOKEN, enter it in the API Token field
  5. Click test connection

5. Congratulations

Congratulations, you have completed the Mytesla deployment.

🆘 Troubleshooting

If you encounter issues, please check: