Skip to content

aparedero/sqlite-mcp-server

Repository files navigation

SQLite MCP Server

Docker Hub License: MIT GitHub

Admin panel — available MCP servers

A small, self-contained MCP (Model Context Protocol) server that turns any number of SQLite databases into live MCP endpoints, plus a password-protected admin panel (web UI + JSON API) to browse, edit, import, and regenerate the data.

  • Every SQLite file is its own MCP server at /mcp-<name>/mcp.
  • Admin panel at /admin: create databases from a template, import a .sql script or a real .db/.sqlite file, edit rows, run SQL, regenerate with one click, and export/back up any database as a .db file or a portable .sql dump.
  • SQL console with a live table/column sidebar (click to insert a query), execution time, EXPLAIN QUERY PLAN, and a multi-statement script mode.
  • Interactive schema diagram — click any table to jump straight to its rows.
  • Imported files are copied into the container, the original file on your machine is never modified.
  • One container, public in one flag: an ngrok or Cloudflare tunnel runs inside the same image, no extra services needed.
  • Hardened image: non-root, read-only root filesystem, no shell, all Linux capabilities dropped.
  • Admin panel forms are protected against CSRF (double-submit cookie), and a changed admin password must be 8+ characters with at least one symbol.
  • Runs with docker run, docker-compose, or Kubernetes (Helm).

Quick start

docker run

docker run -d --name mcp-sqlite \
  -p 127.0.0.1:8080:8080 \
  -e SEED_DEMO_DATA=true \
  -v mcp_data:/data \
  paredero/sqlite-mcp-server:latest

# Find the auto-generated admin password:
docker logs mcp-sqlite | grep "Admin pass"

Open http://localhost:8080/admin (user admin). MCP endpoints: http://localhost:8080/mcp-store/mcp and http://localhost:8080/mcp-agenda/mcp.

docker-compose

cp .env.example .env        # optional: set ADMIN_PASSWORD, tunnel tokens, etc.
docker compose up -d
docker compose logs app | grep "Admin pass"

Same admin panel and endpoints as above, plus whatever you set in .env.

Remote access: ngrok / Cloudflare

The tunnel runs inside the same container, no sidecar, no second image. Pick it with TUNNEL in .env, then docker compose up -d:

# ngrok
TUNNEL=ngrok
NGROK_AUTHTOKEN=xxxxxxxx                    # dashboard.ngrok.com
NGROK_DOMAIN=your-subdomain.ngrok-free.dev  # optional reserved static domain
# Cloudflare Tunnel: create a tunnel in the Zero Trust dashboard first
# (Networks > Tunnels), route its public hostname to http://localhost:8080
TUNNEL=cloudflare
TUNNEL_TOKEN=xxxxxxxx

Check docker compose logs app for the ngrok public URL, or use the hostname you routed in Cloudflare. Your endpoints are then https://<your-domain>/mcp-<name>/mcp. Leave TUNNEL=none (the default) to stay local-only, the admin panel is always reachable at http://localhost:8080/admin regardless.

Kubernetes (Helm)

helm install mcp ./helm/sqlite-mcp-server \
  --set image.repository=paredero/sqlite-mcp-server \
  --set seed.demoData=true

kubectl logs deploy/mcp-sqlite-mcp-server | grep "Admin pass"
kubectl port-forward svc/mcp-sqlite-mcp-server 8080:8080

Enable the tunnel with --set tunnel.mode=cloudflare --set tunnel.cloudflareToken=… or --set tunnel.mode=ngrok --set tunnel.ngrokAuthtoken=…. Keep replicaCount: 1, SQLite writes to a single ReadWriteOnce volume.

Key configuration

Variable Default Purpose
ADMIN_PASSWORD auto-generated Fixed admin password; otherwise printed in the logs on boot
SEED_DEMO_DATA true in compose Pre-fill the default databases (store, agenda) with demo rows
TUNNEL none none | ngrok | cloudflare
LANDING public public or private home page at /

See .env.example for the full list of tunnel and admin options.

License

MIT, see LICENSE.

About

All-in-One container SQLite MCP Server

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors