Installing the Nautobot MCP Server (Production)

Here you will find detailed instructions on how to install and configure the Nautobot MCP Server within your environment using the pip package from Artifactory.

Use this guide to deploy the Nautobot MCP Server on a Linux server with automatic startup, restart on failure, and centralized logging via systemd.

Local deployment quick start? See the Quick Start Installation guide instead.

Prerequisites

• Linux system with systemd - Server required for running as a service
• Root or sudo access - Access to create users, directories, and systemd services
• Python 3.11, 3.12, or 3.13 - Installed on your system (including pip and the python3-venv package)
• Artifactory Access - Credentials to install from Network to Code's private PyPI repository
• Nautobot Instance - Version 2.x or higher with API access

Install Guide

1. Create a Dedicated Service User

sudo useradd --system --shell /bin/bash --create-home --home-dir /opt/nautobot-mcp nautobot-mcp

2. Configure pip for Network to Code Artifactory

Configure pip for the service user to use Network to Code's private Artifactory PyPI repository.

Create the pip configuration file at /opt/nautobot-mcp/.config/pip/pip.conf:

sudo mkdir -p /opt/nautobot-mcp/.config/pip
sudo chown -R nautobot-mcp:nautobot-mcp /opt/nautobot-mcp/.config

Add the following content, replacing <USERNAME> and <API_TOKEN> with your Artifactory credentials:

[global]
extra-index-url = https://<USERNAME>:<API_TOKEN>@nautobot.jfrog.io/artifactory/api/pypi/nautobot-mcp-server/simple

3. Install the Package

Create a virtual environment and install the package as the service user:

sudo -u nautobot-mcp python3 -m venv /opt/nautobot-mcp/venv
sudo -u nautobot-mcp /opt/nautobot-mcp/venv/bin/pip install nautobot-mcp-server

4. Set Up Configuration

Create configuration directory and set permissions:

sudo mkdir -p /opt/nautobot-mcp-server
sudo chown nautobot-mcp:nautobot-mcp /opt/nautobot-mcp-server

Create the .env file with your configuration:

sudo -u nautobot-mcp bash -c 'cat > /opt/nautobot-mcp-server/.env << "EOF"
# Nautobot MCP Server Configuration
#
# Only NAUTOBOT_BASE_URL is required. All other settings have sensible defaults.
# Uncomment and modify any setting you want to change.

# ============================================
# Nautobot Connection Settings
# ============================================

# REQUIRED: URL of your Nautobot instance
NAUTOBOT_BASE_URL=https://your-nautobot-instance.com

# Verify SSL certificates when connecting to Nautobot (default: true)
# Set to false for self-signed certificates (not recommended for production)
# NAUTOBOT_VERIFY_SSL=true

# Timeout for Nautobot API requests in seconds (default: 60)
# NAUTOBOT_TIMEOUT=60

# ============================================
# MCP Server Settings
# ============================================

# Name of the MCP server shown in MCP client connections (default: nautobot-mcp-server)
# MCP_SERVER_NAME=nautobot-mcp-server

# Transport protocol for MCP communication (default: streamable-http)
# Options: streamable-http (recommended), sse
# MCP_TRANSPORT=streamable-http

# Host address to bind the server to (default: 0.0.0.0)
# MCP_SERVER_HOST=0.0.0.0

# Port number for the MCP server (default: 8000)
# MCP_SERVER_PORT=8000

# Logging level (default: INFO)
# Options: DEBUG, INFO, WARNING, ERROR, CRITICAL
# LOG_LEVEL=INFO

# ============================================
# MCP Client Cache Settings
# ============================================

# Seconds before a cached per-user client pair is re-initialized (default: 3600)
# MCP_CLIENT_TTL=3600

# Maximum number of per-user client pairs to cache (default: 100)
# MCP_CLIENT_CACHE_SIZE=100

# ============================================
# Query Safety Limits
# ============================================

# Maximum number of fields allowed in a single GraphQL query (default: 100)
# MAX_FIELDS=100

# Maximum nesting depth allowed in GraphQL queries (default: 5)
# MAX_DEPTH=5

# Maximum number of objects returned per GraphQL list query (default: 250)
# MAX_GRAPHQL_LIMIT=250

# Maximum number of pages to auto-paginate in REST API requests (default: 5, 0 = unlimited)
# MAX_PAGE_LIMIT=5

# Maximum concurrent Nautobot API requests per user token (default: 5)
# MAX_CONCURRENT_REQUESTS_PER_USER=5
EOF'
sudo chmod 600 /opt/nautobot-mcp-server/.env

Edit the .env file and configure your settings:

# Required: Set your Nautobot instance URL
NAUTOBOT_BASE_URL=https://your-nautobot-instance.com

All other settings have sensible defaults and can be left as-is or adjusted as needed. See Configuration for all available options.

5. Create the Systemd Service File

Create the systemd service file:

sudo bash -c 'cat > /etc/systemd/system/nautobot-mcp-server.service << "EOF"
[Unit]
Description=Nautobot MCP Server
After=network.target

[Service]
Type=simple
User=nautobot-mcp
WorkingDirectory=/opt/nautobot-mcp-server
EnvironmentFile=/opt/nautobot-mcp-server/.env
ExecStart=/opt/nautobot-mcp/venv/bin/nautobot-mcp-server
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF'

Note: The example service file expects the binary at /opt/nautobot-mcp/venv/bin/nautobot-mcp-server. If you installed to a different location, update the ExecStart path accordingly.

6. Enable and Start the Service

sudo systemctl daemon-reload
sudo systemctl enable nautobot-mcp-server
sudo systemctl start nautobot-mcp-server

7. Verify Deployment

Check the service status:

sudo systemctl status nautobot-mcp-server

Follow the logs to confirm it started correctly:

sudo journalctl -u nautobot-mcp-server -f

You should see output similar to:

2026-02-19 15:00:53,708 - __main__ - INFO - Starting MCP server with streamable-http transport on 0.0.0.0:8000...
2026-02-19 15:00:54,028 - __main__ - INFO - Nautobot MCP Server starting (Nautobot URL: https://your-nautobot-instance.com)
INFO     Starting MCP server 'nautobot-mcp-server' with transport 'streamable-http' on http://0.0.0.0:8000/mcp

Test that the endpoint is responding:

curl http://localhost:8000/mcp

You should receive a 401 Unauthorized or "invalid token" response. This is expected - it confirms the server is running and enforcing authentication.

Common Commands

Service Control

sudo systemctl start nautobot-mcp-server
sudo systemctl stop nautobot-mcp-server
sudo systemctl restart nautobot-mcp-server
sudo systemctl status nautobot-mcp-server

Logs

# Follow logs in real-time
sudo journalctl -u nautobot-mcp-server -f

# View last 100 lines
sudo journalctl -u nautobot-mcp-server -n 100

After Editing Configuration

sudo systemctl restart nautobot-mcp-server
sudo systemctl status nautobot-mcp-server

Next Steps

At this point, the MCP server is running on plain HTTP (port 8000 by default) and is only suitable for local testing on the server itself. To enable remote access from MCP clients on other machines, you will need to:

• Set up a reverse proxy with TLS (e.g., nginx, Caddy, or Apache) in front of the MCP server to encrypt traffic. MCP clients will send bearer tokens with every request, so TLS is essential to protect credentials in transit.
• Configure firewall rules to allow inbound traffic on your chosen HTTPS port (typically 443) while keeping port 8000 restricted to localhost or the reverse proxy.

Additional Resources

• Configuration - All configuration options, transport types, and TLS/reverse proxy setup
• Upgrade Guide - How to upgrade to a new version
• Troubleshooting - Common issues and solutions