Close this search box.

How To Install CockroachDB on Debian 12

Table of Contents

Are you ready to level up your database game? Whether you’re building a robust system for a startup or scaling an enterprise application, CockroachDB has you covered with its powerful, distributed SQL capabilities. If you’re running Debian 12 and want to get CockroachDB up and running, you’re in the right place. In this guide, we’ll walk you through the straightforward steps to install CockroachDB using the latest binary. So, grab your coffee, and let’s dive in!




To begin, ensure you’ve established a VPSie Account if you haven’t yet. Then, move forward by deploying the Debian 12 server tailored to meet your exact requirements. 


For this article, we’ll be working with two Debian 12 servers that are connected to each other.

Once the server is deployed, SSH into the command line interface. Before installing any packages, it’s essential to update your system’s package list to ensure you have access to the latest versions. Open a terminal and run the following command:

sudo apt update && sudo apt upgrade -y


Create a System User

Before diving into the installation process, let’s create a dedicated system user for CockroachDB. This user will help manage the application with appropriate permissions.

sudo adduser --home /opt/cockroachdb --system --group cockroach
sudo chown -R cockroach:cockroach /opt/cockroachdb


Download CockroachDB

Next, we need to fetch the latest version of CockroachDB from the official website. Ensure to grab the link for the most recent release.

curl --output cockroach-v23.2.5.linux-amd64.tgz


Extract and Install

Once the download is complete, it’s time to unpack the archive and place the CockroachDB binary in the appropriate directory.

tar -xzf cockroach-v23.2.5.linux-amd64.tgz
sudo cp -i cockroach-v23.2.5.linux-amd64/cockroach /usr/bin/


Now verify the installation, Check if CockroachDB is installed correctly by verifying its version:

cockroach version


And that’s it! You’ve now successfully installed CockroachDB on your Debian servers. You’re one step closer to setting up your distributed database cluster for your applications.


Generate SSL certificates

CockroachDB prioritizes secure communication between nodes and clients. To ensure data protection, we’ll use SSL certificates


Directory Setup

Begin by creating directories to store the certificates on your servers:

mkdir -p /opt/cockroachdb/certs /opt/cockroachdb/private


Generating the CA Certificate

The Certificate Authority (CA) certificate is essential for signing both client and node certificates. Follow these steps to generate the CA certificate:



On Server1:



Execute the following command to generate the CA certificate:

cockroach cert create-ca \
--certs-dir=/opt/cockroachdb/certs \


Copy to Server2:



Once the CA certificate is generated, copy both the CA key ca.key and CA certificate ca.crt to Server2:


scp /opt/cockroachdb/private/ca.key [email protected]:/opt/cockroachdb/private/
scp /opt/cockroachdb/certs/ca.crt [email protected]:/opt/cockroachdb/certs/



Following these steps ensures that your CockroachDB cluster has the necessary CA certificate for secure communication.


Generating Client

To create a client certificate for connecting securely to the CockroachDB cluster, follow these steps:



On the server1 server, run this command:

cockroach cert create-client root --certs-dir=/opt/cockroachdb/certs --ca-key=/opt/cockroachdb/private/ca.key



Once the process completes, you’ll find your client certificate at:




and your client key at:



Generating Node

Generate Node Certificate for Server1:


Execute this command on server1, replacing the IP address and fqdn with your server details:

cockroach cert create-node \
server1_fqdn \
server1_ip \
localhost \
--certs-dir=/opt/cockroachdb/certs \


Generate Node Certificate for Server2:


Move to server2 and run the following command, updating the IP address and fqdn details:

cockroach cert create-node \
server2_fqdn \
server2_ip \
localhost \
--certs-dir=/opt/cockroachdb/certs \


By following these steps, you’ll generate Node certificates for each server in your cluster.

Set up permission for certificates

Run this command on both server1 and server2:

sudo chown -R cockroach:cockroach /opt/cockroachdb/certs
sudo chown -R cockroach:cockroach /opt/cockroachdb/private


These commands allow the user cockroach to access certificate files.


Setting Up CockroachDB Systemd Service

On Server1

Creating Service File: 


Open a terminal on server1 and use the following command to create a new systemd service file for CockroachDB:

sudo nano /etc/systemd/system/cockroachdb.service


Configuring Service: 


Add the following configurations to the newly created service file. Make sure to replace the –advertise-addr parameter with the IP address of server1 which is


Description=Cockroach Database cluster node
ExecStart=/usr/bin/cockroach start --certs-dir=/opt/cockroachdb/certs --advertise-addr= --join=,


Once you’ve added the configurations, save and exit the file.


On Server2

On server2, open the terminal and type:

sudo nano /etc/systemd/system/cockroachdb.service



Edit Service Configuration: Inside the editor, paste the following configuration. Make sure to replace with your server2 IP address:

Description=Cockroach Database cluster node
ExecStart=/usr/bin/cockroach start --certs-dir=/opt/cockroachdb/certs --advertise-addr= --join=,



Save and Exit.


Use these commands on both server:


Reload systemd manager: 

sudo systemctl daemon-reload


Start and enable CockroachDB service:

sudo systemctl start cockroachdb
sudo systemctl enable cockroachdb


Finally, ensure CockroachDB is running:

sudo systemctl status cockroachdb


Initialize CockroachDB Cluster

We have started CockroachDB service on each server. Now, From server1, initialize the CockroachDB cluster:

cockroach init --certs-dir=/opt/cockroachdb/certs --host=server1_ip:26257


Look for Cluster successfully initialized output.


Verify initialization by checking CockroachDB log file:

grep 'node starting' /opt/cockroachdb/cockroach-data/logs/cockroach.log -A 11


Verify cluster:

cockroach node --certs-dir=/opt/cockroachdb/certs --host=server1_ip ls
cockroach node --certs-dir=/opt/cockroachdb/certs --host=server1_ip status

Log in to CockroachDB server:

cockroach sql --certs-dir=/opt/cockroachdb/certs --host=server1_ip:26257


Create admin user and password:

CREATE USER username WITH PASSWORD 'my-password';
GRANT admin TO username;

Exit CockroachDB server by pressing Ctrl+d.


Access CockroachDB Web Interface

Access your web browser on your local device and navigate to the server1 IP address using port 8080 https://server1:8080



You’ll encounter the CockroachDB login page. Enter the username and password you’ve set up via the DB command line interface to proceed.



Now you will see the CockroachDB administration dashboard like below on the picture, With its intuitive interface, the dashboard provides a comprehensive overview of your database clusters, allowing you to effortlessly monitor performance metrics, manage nodes, and execute administrative tasks with ease.




In conclusion, this guide has provided a comprehensive overview of how to effectively utilize CockroachDB on VPSie. By following the step-by-step instructions outlined here, users can confidently deploy and manage CockroachDB clusters, harnessing its capabilities for high availability and scalability. With the combination of CockroachDB’s distributed SQL capabilities and VPSie’s flexible VPS hosting solutions, businesses can optimize their data infrastructure to meet the demands of modern applications while ensuring reliability and performance.

Make a Comment
Share on
VPSie Cloud service

Fast and Secure Cloud VPS Service

For a month

The First 1 orders gets free discount today! Try Sign up on VPSie to get a chance to get the discount.