The latest articles on DEV Community by Oscar Ricardo Sánche Gutierréz (@oscar_ricardosncheguti). https://dev.to/oscar_ricardosncheguti https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3804416%2F2f910017-a0c5-45f4-99ba-cef5a096c7de.jpg https://dev.to/oscar_ricardosncheguti en Oscar Ricardo Sánche Gutierréz Tue, 31 Mar 2026 00:47:18 +0000 https://dev.to/oscar_ricardosncheguti/rustdesk-how-to-create-a-secure-private-remote-access-network-1dj4 https://dev.to/oscar_ricardosncheguti/rustdesk-how-to-create-a-secure-private-remote-access-network-1dj4 <p>RustDesk is the perfect solution for secure remote access, open-source and under your complete control. In this article I'll show you how to deploy your own server, configure it as a closed network, and secure it for corporate use.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgctjvatzp24vwqaqafx3.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgctjvatzp24vwqaqafx3.gif" alt="Architecture" width="700" height="395"></a></p> <blockquote> <p>Diagram created with <a href="https://savnet.co" rel="noopener noreferrer">https://savnet.co</a></p> </blockquote> <p>RustDesk is an open-source alternative to tools like TeamViewer or AnyDesk, but with a key advantage: <strong>you can self-host it</strong>. This means:</p> <ul> <li> <strong>Complete control</strong> over your data</li> <li><strong>No connection limits</strong></li> <li> <strong>Zero licensing costs</strong> (only server costs)</li> </ul> <h2> Step 1: Prepare the Server </h2> <p>You'll need a Linux server with Ubuntu 22.04 or 24.04 LTS with:</p> <ul> <li> <strong>1 vCPU, 2 GB RAM</strong> (enough for dozens of connections)</li> <li> <strong>Ubuntu 22.04 LTS</strong> or higher</li> <li><strong>Fixed public IP</strong></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc1nozchz2tacuisj03xp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc1nozchz2tacuisj03xp.png" alt="New DigitalOcean server" width="800" height="520"></a></p> <h2> Step 2: Initial Server Configuration </h2> <p>Connect via SSH and update the system:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh root@your_server_ip apt update <span class="o">&amp;&amp;</span> apt upgrade <span class="nt">-y</span> timedatectl set-timezone America/New_York <span class="c"># Adjust to your timezone</span> reboot </code></pre> </div> <h2> Step 3: Install Docker and Docker Compose </h2> <p>Follow the official Docker installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install dependencies</span> apt <span class="nb">install</span> <span class="nt">-y</span> ca-certificates curl gnupg <span class="c"># Add official Docker repository</span> <span class="nb">install</span> <span class="nt">-m</span> 0755 <span class="nt">-d</span> /etc/apt/keyrings curl <span class="nt">-fsSL</span> https://download.docker.com/linux/ubuntu/gpg <span class="nt">-o</span> /etc/apt/keyrings/docker.asc <span class="nb">chmod </span>a+r /etc/apt/keyrings/docker.asc <span class="nb">echo</span> <span class="se">\</span> <span class="s2">"deb [arch=</span><span class="si">$(</span>dpkg <span class="nt">--print-architecture</span><span class="si">)</span><span class="s2"> signed-by=/etc/apt/keyrings/docker.asc] </span><span class="se">\</span><span class="s2"> https://download.docker.com/linux/ubuntu </span><span class="se">\</span><span class="s2"> </span><span class="si">$(</span><span class="nb">.</span> /etc/os-release <span class="o">&amp;&amp;</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$VERSION_CODENAME</span><span class="s2">"</span><span class="si">)</span><span class="s2"> stable"</span> <span class="se">\</span> | <span class="nb">tee</span> /etc/apt/sources.list.d/docker.list <span class="o">&gt;</span> /dev/null <span class="c"># Install Docker</span> apt update apt <span class="nb">install</span> <span class="nt">-y</span> docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin <span class="c"># Verify installation</span> docker <span class="nt">--version</span> docker compose version </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx1avbg4jwfgvd0dd1vz3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx1avbg4jwfgvd0dd1vz3.png" alt="Docker versions" width="377" height="134"></a></p> <h2> Step 4: Prepare RustDesk Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> /opt/rustdesk-server/data <span class="nb">cd</span> /opt/rustdesk-server </code></pre> </div> <h2> Step 5: Create the docker-compose.yml File </h2> <p>Create <code>nano /opt/rustdesk-server/compose.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">hbbr</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">hbbr</span> <span class="na">image</span><span class="pi">:</span> <span class="s">rustdesk/rustdesk-server:latest</span> <span class="na">command</span><span class="pi">:</span> <span class="s">hbbr</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data:/root</span> <span class="na">network_mode</span><span class="pi">:</span> <span class="s2">"</span><span class="s">host"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">hbbs</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">hbbs</span> <span class="na">image</span><span class="pi">:</span> <span class="s">rustdesk/rustdesk-server:latest</span> <span class="na">command</span><span class="pi">:</span> <span class="s">hbbs</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data:/root</span> <span class="na">network_mode</span><span class="pi">:</span> <span class="s2">"</span><span class="s">host"</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">hbbr</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>Important</strong>: We use <code>network_mode: "host"</code> because RustDesk needs to see the real host IP to function correctly.</p> <h2> Step 6: Start the Services </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Start services</span> docker compose up <span class="nt">-d</span> <span class="c"># Verify they're running</span> docker ps <span class="c"># View logs</span> docker compose logs </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkmx4j1ehfg2x9p1rti10.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkmx4j1ehfg2x9p1rti10.png" alt="Docker services" width="800" height="444"></a></p> <h2> Step 7: Get the Server Public Key </h2> <p>This key is crucial for clients to trust your server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> /opt/rustdesk-server/data/id_ed25519.pub <span class="o">&amp;&amp;</span> <span class="nb">echo</span> <span class="s2">""</span> </code></pre> </div> <p>Save the result. It will look something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= </code></pre> </div> <h2> Step 8: Configure the Firewall </h2> <h3> Ports needed for RustDesk OSS: </h3> <ul> <li> <strong>TCP 21115</strong> - Main service</li> <li> <strong>TCP 21116</strong> - ID service</li> <li> <strong>UDP 21116</strong> - For better performance</li> <li> <strong>TCP 21117</strong> - Relay service</li> </ul> <h3> Configure UFW on the server: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install firewall ufw</span> apt <span class="nb">install</span> <span class="nt">-y</span> ufw <span class="c"># Allow SSH from YOUR public IP</span> ufw allow from your_admin_ip to any port 22 <span class="c"># IF YOU DON'T HAVE a public IP, allow any origin with</span> ufw allow 22 <span class="c"># Allow RustDesk ports</span> ufw allow 21115/tcp ufw allow 21116/tcp ufw allow 21116/udp ufw allow 21117/tcp <span class="c"># Enable firewall</span> ufw <span class="nb">enable </span>ufw status verbose </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl8bedz4fx07i1dyb5wjj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl8bedz4fx07i1dyb5wjj.png" alt="Ufw firewall" width="658" height="311"></a></p> <h3> Configure cloud provider firewall: </h3> <p>In your cloud provider panel, create <strong>Inbound</strong> rules that allow only from your corporate IPs:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw7rgd6qo12hrkpq6pwo1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw7rgd6qo12hrkpq6pwo1.png" alt="DigitalOcean firewall" width="800" height="434"></a></p> <h2> Step 9: Configure Computer/Client </h2> <p>On each computer:</p> <ol> <li>Open RustDesk</li> <li>Go to <strong>Settings → Network</strong> </li> <li>Click <strong>Unlock Network Settings</strong> </li> <li>Go to <strong>Server ID/Relay</strong> </li> <li>Configure: <ul> <li> <strong>ID Server</strong>: <code>YourRustServerIP</code> </li> <li> <strong>Relay Server</strong>: <code>YourRustServerIP</code> </li> <li> <strong>Key</strong>: Paste the public key obtained in step 7</li> <li> <strong>API Server</strong>: Leave empty (only for RustDesk Pro)</li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fecxhizufe5wnpnjo2pvj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fecxhizufe5wnpnjo2pvj.png" alt="RustDesk client setup" width="800" height="473"></a></p> <p>If you want to quickly use your configuration, click the copy icon in the top right corner, and the paste icon to import:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8xo5iywnx2lzegfixfta.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8xo5iywnx2lzegfixfta.png" alt="RustDesk client export/import" width="800" height="219"></a></p> <h2> Ways to Improve Your RustDesk Client Security </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fke9a0hzzqwqxt4xe0118.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fke9a0hzzqwqxt4xe0118.png" alt="Security RustDesk client" width="760" height="992"></a></p> <p>RustDesk offers multiple authentication methods to securely control remote access. Here I explain each option:</p> <h3> 1. <strong>One-time password</strong> </h3> <ul> <li>Automatically generated for each session and the user must provide it to the remote technician to connect</li> <li>Length options: 6, 8, or 10 digits</li> <li>The key changes with each session</li> <li> <strong>Ideal use</strong>: Temporary technical support or occasional access</li> </ul> <h3> 2. <strong>Permanent password</strong> </h3> <ul> <li>Key you specify manually that doesn't change between sessions</li> <li>Allows continuous access without needing to share new keys</li> <li> <strong>Ideal use</strong>: Frequent remote access to your own computer</li> </ul> <h3> 3. <strong>Both passwords</strong> </h3> <ul> <li>Flexibility to use temporary OR permanent password</li> <li> <strong>Ideal use</strong>: Mixed scenarios (personal use + occasional support)</li> </ul> <h3> 4. <strong>Two-Factor Authentication (2FA)</strong> </h3> <ul> <li>Additional security layer</li> <li>Options: codes from authenticator app or Telegram bot integration</li> <li> <strong>Ideal use</strong>: Computers accessible from public internet</li> </ul> <h3> 5. <strong>Trusted devices</strong> </h3> <ul> <li>Only applies when using 2FA</li> <li>Mark specific devices as trusted</li> <li>Avoids requesting 2FA on each connection from those devices</li> <li>Improves convenience while maintaining security</li> </ul> <h3> 6. <strong>Additional Security Settings</strong> </h3> <ul> <li> <strong>Password length</strong>: Configurable based on security needs</li> <li> <strong>Expiration time</strong>: For temporary passwords</li> <li> <strong>Audit logging</strong>: Access monitoring</li> </ul> <h2> Practical Recommendations: </h2> <p><strong>For frequent personal use</strong>: Permanent password + optional 2FA<br><br> <strong>For technical support</strong>: One-time password<br><br> <strong>For corporate environments</strong>: Mandatory 2FA + trusted devices<br><br> <strong>For maximum security</strong>: Combination of methods + audit logging </p> <p>These methods allow you to balance security and convenience according to your specific needs.</p> <h2> How to Make This a Truly Closed Network </h2> <h3> 1. Block Access from Public Internet on the RustDesk Server </h3> <p>Don't allow access from any IP in the firewall ufw rules or cloud provider rules. Only allow:</p> <ul> <li>Your office IPs</li> <li>Your corporate VPN IP</li> <li>Specific authorized ranges</li> </ul> <h3> 2. Implement VPN for Remote Access </h3> <p>The most secure way: remote users first connect to the corporate VPN, then access RustDesk.</p> <h3> 3. Create Administrative User Without Root: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>adduser adminops usermod <span class="nt">-aG</span> <span class="nb">sudo </span>adminops <span class="nb">mkdir</span> <span class="nt">-p</span> /home/adminops/.ssh <span class="nb">cp</span> /root/.ssh/authorized_keys /home/adminops/.ssh/authorized_keys <span class="nb">chown</span> <span class="nt">-R</span> adminops:adminops /home/adminops/.ssh <span class="nb">chmod </span>700 /home/adminops/.ssh <span class="nb">chmod </span>600 /home/adminops/.ssh/authorized_keys <span class="c"># Disable root SSH</span> <span class="k">if </span><span class="nb">grep</span> <span class="nt">-q</span> <span class="s1">'^PermitRootLogin'</span> /etc/ssh/sshd_config<span class="p">;</span> <span class="k">then </span><span class="nb">sed</span> <span class="nt">-i</span> <span class="s1">'s/^PermitRootLogin.*/PermitRootLogin no/'</span> /etc/ssh/sshd_config <span class="k">else </span><span class="nb">echo</span> <span class="s1">'PermitRootLogin no'</span> <span class="o">&gt;&gt;</span> /etc/ssh/sshd_config <span class="k">fi </span>sshd <span class="nt">-t</span> <span class="o">&amp;&amp;</span> systemctl restart ssh </code></pre> </div> <h2> RustDesk Pro: For Advanced Enterprise Needs </h2> <p>The RustDesk version we've configured is excellent for basic remote access, but if you need advanced enterprise features, RustDesk offers a Pro version with additional capabilities:</p> <ul> <li><strong>Centralized user and group management</strong></li> <li> <strong>Granular access control</strong> (role-based permissions)</li> <li><strong>LDAP/Active Directory authentication</strong></li> <li><strong>Detailed auditing and logs</strong></li> <li><strong>Priority technical support</strong></li> <li><strong>Mass management functions</strong></li> </ul> <p>For these organizations, you can check the Pro plans at <a href="https://rustdesk.com/pricing/" rel="noopener noreferrer">https://rustdesk.com/pricing/</a>.</p> <p><strong>Need a cloud server?</strong> You can get an Ubuntu Droplet on DigitalOcean using our <a href="https://m.do.co/c/2c579acd7121" rel="noopener noreferrer">referral link</a> and receive initial credits to try this tutorial.</p> <p>Have you implemented RustDesk in your organization? Share your experience in the comments!</p> rustdesk remotedesktop selfhosted opensource Oscar Ricardo Sánche Gutierréz Tue, 31 Mar 2026 00:35:54 +0000 https://dev.to/oscar_ricardosncheguti/rustdesk-como-crear-una-red-de-acceso-remoto-segura-y-privada-50df https://dev.to/oscar_ricardosncheguti/rustdesk-como-crear-una-red-de-acceso-remoto-segura-y-privada-50df <p>RustDesk es la solución perfecta para acceso remoto seguro, de código abierto y bajo tu control completo. En este artículo te mostraré cómo desplegar tu propio servidor, configurarlo como una red cerrada y asegurarlo para uso corporativo.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi38r6i6fxppelpaqzhpa.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi38r6i6fxppelpaqzhpa.gif" alt="Architecture" width="700" height="395"></a></p> <blockquote> <p>Diagrama realizado con <a href="https://savnet.co" rel="noopener noreferrer">https://savnet.co</a></p> </blockquote> <p>RustDesk es una alternativa de código abierto a herramientas como TeamViewer o AnyDesk, pero con una ventaja clave: <strong>puedes autoalojarlo</strong>. Esto significa:</p> <ul> <li> <strong>Control total</strong> sobre tus datos</li> <li> <strong>Sin límites</strong> de conexión</li> <li> <strong>Costo cero</strong> en licencias (solo el servidor)</li> </ul> <h2> Paso 1: Preparar el servidor </h2> <p>Necesitarás un servidor Linux con Ubuntu 22.04 o 24.04 LTS con:</p> <ul> <li> <strong>1 vCPU, 2 GB RAM</strong> (suficiente para decenas de conexiones)</li> <li> <strong>Ubuntu 22.04 LTS</strong> o superior</li> <li><strong>IP pública fija</strong></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0nrxitd5jg1qxzapucor.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0nrxitd5jg1qxzapucor.png" alt="New DigitalOcean Server" width="800" height="520"></a></p> <h2> Paso 2: Configuración inicial del servidor </h2> <p>Conéctate por SSH y actualiza el sistema:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh root@tu_ip_servidor apt update <span class="o">&amp;&amp;</span> apt upgrade <span class="nt">-y</span> timedatectl set-timezone America/Bogota <span class="c"># Ajusta a tu zona horaria</span> reboot </code></pre> </div> <h2> Paso 3: Instalar Docker y Docker Compose </h2> <p>Sigue la instalación oficial de Docker:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Instalar dependencias</span> apt <span class="nb">install</span> <span class="nt">-y</span> ca-certificates curl gnupg <span class="c"># Agregar repositorio oficial de Docker</span> <span class="nb">install</span> <span class="nt">-m</span> 0755 <span class="nt">-d</span> /etc/apt/keyrings curl <span class="nt">-fsSL</span> https://download.docker.com/linux/ubuntu/gpg <span class="nt">-o</span> /etc/apt/keyrings/docker.asc <span class="nb">chmod </span>a+r /etc/apt/keyrings/docker.asc <span class="nb">echo</span> <span class="se">\</span> <span class="s2">"deb [arch=</span><span class="si">$(</span>dpkg <span class="nt">--print-architecture</span><span class="si">)</span><span class="s2"> signed-by=/etc/apt/keyrings/docker.asc] </span><span class="se">\</span><span class="s2"> https://download.docker.com/linux/ubuntu </span><span class="se">\</span><span class="s2"> </span><span class="si">$(</span><span class="nb">.</span> /etc/os-release <span class="o">&amp;&amp;</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$VERSION_CODENAME</span><span class="s2">"</span><span class="si">)</span><span class="s2"> stable"</span> <span class="se">\</span> | <span class="nb">tee</span> /etc/apt/sources.list.d/docker.list <span class="o">&gt;</span> /dev/null <span class="c"># Instalar Docker</span> apt update apt <span class="nb">install</span> <span class="nt">-y</span> docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin <span class="c"># Verificar instalación</span> docker <span class="nt">--version</span> docker compose version </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo6pn1ggqqirum8e9u2r4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo6pn1ggqqirum8e9u2r4.png" alt="Versiones docker" width="377" height="134"></a></p> <h2> Paso 4: Preparar la estructura de RustDesk </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> /opt/rustdesk-server/data <span class="nb">cd</span> /opt/rustdesk-server </code></pre> </div> <h2> Paso 5: Crear el archivo docker-compose.yml </h2> <p>Crea <code>nano /opt/rustdesk-server/compose.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">hbbr</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">hbbr</span> <span class="na">image</span><span class="pi">:</span> <span class="s">rustdesk/rustdesk-server:latest</span> <span class="na">command</span><span class="pi">:</span> <span class="s">hbbr</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data:/root</span> <span class="na">network_mode</span><span class="pi">:</span> <span class="s2">"</span><span class="s">host"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">hbbs</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">hbbs</span> <span class="na">image</span><span class="pi">:</span> <span class="s">rustdesk/rustdesk-server:latest</span> <span class="na">command</span><span class="pi">:</span> <span class="s">hbbs</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data:/root</span> <span class="na">network_mode</span><span class="pi">:</span> <span class="s2">"</span><span class="s">host"</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">hbbr</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>Importante</strong>: Usamos <code>network_mode: "host"</code> porque RustDesk necesita ver la IP real del host para funcionar correctamente.</p> <h2> Paso 6: Levantar los servicios </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Levantar servicios</span> docker compose up <span class="nt">-d</span> <span class="c"># Verificar que estén corriendo</span> docker ps <span class="c"># Ver logs</span> docker compose logs </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F939r0p4g61pmlkc6c1ss.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F939r0p4g61pmlkc6c1ss.png" alt="Servicios docker" width="800" height="444"></a></p> <h2> Paso 7: Obtener la clave pública del servidor </h2> <p>Esta clave es crucial para que los clientes confíen en tu servidor:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> /opt/rustdesk-server/data/id_ed25519.pub <span class="o">&amp;&amp;</span> <span class="nb">echo</span> <span class="s2">""</span> </code></pre> </div> <p>Guarda el resultado. Se verá algo como:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= </code></pre> </div> <h2> Paso 8: Configurar el firewall </h2> <h3> Puertos necesarios para RustDesk OSS: </h3> <ul> <li> <strong>TCP 21115</strong> - Servicio principal</li> <li> <strong>TCP 21116</strong> - Servicio de ID</li> <li> <strong>UDP 21116</strong> - Para mejor rendimiento</li> <li> <strong>TCP 21117</strong> - Servicio de relay</li> </ul> <h3> Configurar UFW en el servidor: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Instalar firewall ufw</span> apt <span class="nb">install</span> <span class="nt">-y</span> ufw <span class="c"># Permitir SSH desde TU IP pública</span> ufw allow from tu_ip_admin to any port 22 <span class="c"># SI NO TIENES IP pública, permite cualquier origen con</span> ufw allow 22 <span class="c"># Permitir puertos de RustDesk</span> ufw allow 21115/tcp ufw allow 21116/tcp ufw allow 21116/udp ufw allow 21117/tcp <span class="c"># Activar firewall</span> ufw <span class="nb">enable </span>ufw status verbose </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd2t0jrrgs9ozzj3tss1z.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd2t0jrrgs9ozzj3tss1z.png" alt="Firewall ufw" width="658" height="311"></a></p> <h3> Configurar firewall del proveedor cloud: </h3> <p>En el panel de tu proveedor cloud, crea reglas <strong>Inbound</strong> que permitan solo desde tus IPs corporativas:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frv9dt0ytzh0h2d3g8lu7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frv9dt0ytzh0h2d3g8lu7.png" alt="Firewall DigitalOcean" width="800" height="434"></a></p> <h2> Paso 9: Configurar computador/cliente </h2> <p>En cada equipo:</p> <ol> <li>Abre RustDesk</li> <li>Ve a <strong>Settings → Network</strong> </li> <li>Haz click en <strong>Unlock Network Settings</strong> </li> <li>Ve a <strong>Servidor ID/Relay</strong> </li> <li>Configura: <ul> <li> <strong>ID Server</strong>: <code>IpServidorRust</code> </li> <li> <strong>Relay Server</strong>: <code>IpServidorRust</code> </li> <li> <strong>Key</strong>: Pega la clave pública obtenida en el paso 7</li> <li> <strong>API Server</strong>: Déjalo vacío (solo para RustDesk Pro)</li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb5yb7rwtyhmmggqph587.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb5yb7rwtyhmmggqph587.png" alt="Configuración cliente Rust" width="800" height="473"></a></p> <p>Si quieres usar rápidamente tu configuración da click en el icono de copiar en la parte superior derecha, y el icono de pegar para importar:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbgjimz6pmo0cffgaeuqv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbgjimz6pmo0cffgaeuqv.png" alt="Export/Import cliente RustDesk" width="800" height="219"></a></p> <h2> Formas de mejorar la seguridad de tu computador/cliente RustDesk </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6fson7mgpdnrdwh7kvii.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6fson7mgpdnrdwh7kvii.png" alt="Configuración seguridad cliente RustDesk" width="760" height="992"></a></p> <p>RustDesk ofrece múltiples métodos de autenticación para controlar el acceso remoto de forma segura. Aquí te explico cada opción:</p> <h3> 1. <strong>Contraseña de un solo uso (One-time password)</strong> </h3> <ul> <li>Se genera automáticamente en cada sesión y el usuario debe suministrarla al técnico remoto para que pueda conectarse.</li> <li>Opciones de longitud: 6, 8 o 10 dígitos</li> <li>La clave cambia en cada sesión.</li> <li> <strong>Uso ideal</strong>: Soporte técnico puntual o accesos temporales</li> </ul> <h3> 2. <strong>Contraseña permanente (Permanent password)</strong> </h3> <ul> <li>Clave que especificas manualmente y no cambia entre sesiones</li> <li>Permite acceso continuo sin necesidad de compartir nuevas claves</li> <li> <strong>Uso ideal</strong>: Acceso remoto frecuente a tu propio equipo</li> </ul> <h3> 3. <strong>Combinación de ambos métodos (Both passwords)</strong> </h3> <ul> <li>Flexibilidad para usar contraseña temporal O permanente</li> <li> <strong>Uso ideal</strong>: Escenarios mixtos (uso personal + soporte ocasional)</li> </ul> <h3> 4. <strong>Autenticación en dos factores (2FA)</strong> </h3> <ul> <li>Capa adicional de seguridad</li> <li>Opciones: códigos desde app autenticadora o integración con bot de Telegram</li> <li> <strong>Uso ideal</strong>: Equipos accesibles desde internet público</li> </ul> <h3> 5. <strong>Dispositivos de confianza (Trusted devices)</strong> </h3> <ul> <li>Solo aplica cuando usas 2FA</li> <li>Marcar dispositivos específicos como confiables</li> <li>Evita solicitar 2FA en cada conexión desde esos dispositivos</li> <li>Mejora la comodidad manteniendo seguridad</li> </ul> <h3> 6. <strong>Configuraciones de seguridad adicionales</strong> </h3> <ul> <li> <strong>Longitud de contraseña</strong>: Configurable según necesidades de seguridad</li> <li> <strong>Tiempo de expiración</strong>: Para contraseñas temporales</li> <li> <strong>Registro de auditoría</strong>: Monitoreo de accesos</li> </ul> <h2> Recomendaciones prácticas: </h2> <p><strong>Para uso personal frecuente</strong>: Contraseña permanente + 2FA opcional<br><br> <strong>Para soporte técnico</strong>: Contraseña de un solo uso<br><br> <strong>Para entornos corporativos</strong>: 2FA obligatorio + dispositivos de confianza<br><br> <strong>Para máxima seguridad</strong>: Combinación de métodos + registro de auditoría </p> <p>Estos métodos te permiten balancear seguridad y conveniencia según tus necesidades específicas.</p> <h2> Cómo convertir esto en una red realmente cerrada </h2> <h3> 1. Bloquear acceso desde Internet público del servidor RustDesk </h3> <p>No permitas acceso a cualquier ip en las reglas del firewall ufw o del operador cloud. Solo permite:</p> <ul> <li>IPs de tus oficinas</li> <li>IP de tu VPN corporativa</li> <li>Rangos específicos autorizados</li> </ul> <h3> 2. Implementar VPN para acceso remoto </h3> <p>La forma más segura: usuarios remotos primero se conectan a la VPN corporativa, luego acceden a RustDesk.</p> <h3> 3. Crear usuario administrativo sin root: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>adduser adminops usermod <span class="nt">-aG</span> <span class="nb">sudo </span>adminops <span class="nb">mkdir</span> <span class="nt">-p</span> /home/adminops/.ssh <span class="nb">cp</span> /root/.ssh/authorized_keys /home/adminops/.ssh/authorized_keys <span class="nb">chown</span> <span class="nt">-R</span> adminops:adminops /home/adminops/.ssh <span class="nb">chmod </span>700 /home/adminops/.ssh <span class="nb">chmod </span>600 /home/adminops/.ssh/authorized_keys <span class="c"># Deshabilitar root por SSH</span> <span class="k">if </span><span class="nb">grep</span> <span class="nt">-q</span> <span class="s1">'^PermitRootLogin'</span> /etc/ssh/sshd_config<span class="p">;</span> <span class="k">then </span><span class="nb">sed</span> <span class="nt">-i</span> <span class="s1">'s/^PermitRootLogin.*/PermitRootLogin no/'</span> /etc/ssh/sshd_config <span class="k">else </span><span class="nb">echo</span> <span class="s1">'PermitRootLogin no'</span> <span class="o">&gt;&gt;</span> /etc/ssh/sshd_config <span class="k">fi </span>sshd <span class="nt">-t</span> <span class="o">&amp;&amp;</span> systemctl restart ssh </code></pre> </div> <h2> RustDesk Pro: Para necesidades empresariales avanzadas </h2> <p>La versión RustDesk que hemos configurado es excelente para acceso remoto básico, pero si necesitas funcionalidades empresariales avanzadas, RustDesk ofrece una versión Pro con características adicionales:</p> <ul> <li><strong>Gestión centralizada de usuarios y grupos</strong></li> <li> <strong>Control de acceso granular</strong> (permisos por rol)</li> <li><strong>Autenticación LDAP/Active Directory</strong></li> <li><strong>Auditoría y logs detallados</strong></li> <li><strong>Soporte técnico prioritario</strong></li> <li><strong>Funciones de administración masiva</strong></li> </ul> <p>Para estas organizaciones puedes consultar los planes Pro en <a href="https://rustdesk.com/pricing/" rel="noopener noreferrer">https://rustdesk.com/pricing/</a>.</p> <p><strong>¿Necesitas un servidor en la nube?</strong> Puedes obtener un Droplet Ubuntu en DigitalOcean usando nuestro <a href="https://m.do.co/c/2c579acd7121" rel="noopener noreferrer">enlace de referido</a> y recibir créditos iniciales para probar este tutorial.</p> <p>¿Has implementado RustDesk en tu organización? ¡Comparte tu experiencia en los comentarios!</p> rustdesk remotedesktop selfhosted opensource Oscar Ricardo Sánche Gutierréz Fri, 27 Mar 2026 22:41:28 +0000 https://dev.to/oscar_ricardosncheguti/how-to-deploy-dokploy-on-an-ubuntu-server-and-create-your-first-hello-world-in-nodejs-lg2 https://dev.to/oscar_ricardosncheguti/how-to-deploy-dokploy-on-an-ubuntu-server-and-create-your-first-hello-world-in-nodejs-lg2 <h2> Introduction </h2> <p>Dokploy is a self-hosted deployment platform that simplifies containerized application management using Docker Swarm. In this comprehensive tutorial, I'll show you how to install Dokploy on an <strong>Ubuntu server</strong>, configure security with firewalls, deploy your first Node.js application, and follow production best practices.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5jvvlixnrkljsaanq0x3.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5jvvlixnrkljsaanq0x3.gif" alt="Architecture" width="700" height="395"></a></p> <blockquote> <p>Diagram created with <a href="https://savnet.co" rel="noopener noreferrer">https://savnet.co</a></p> </blockquote> <h2> What You'll Need </h2> <p>Before starting, make sure you have:</p> <ul> <li>An <strong>Ubuntu 24.04 LTS server</strong> (minimum 2 GB RAM for testing)</li> <li> <strong>SSH access</strong> with configured keys</li> <li>A <strong>domain or subdomain</strong> (optional but recommended for HTTPS)</li> <li>Basic terminal and Docker knowledge</li> </ul> <h2> Step 1: Prepare Your Ubuntu Server </h2> <p>If you already have an Ubuntu 24.04 LTS server with SSH access, you can skip this step. If you need to create one, follow these recommendations:</p> <ol> <li> <strong>Choose a cloud or VPS provider</strong> that offers Ubuntu 24.04 LTS</li> <li> <strong>Select a plan</strong> with at least 2 GB of RAM for testing</li> <li> <strong>Configure SSH key access</strong> instead of password (more secure)</li> <li> <strong>Consider enabling backups and monitoring</strong> for production</li> <li> <strong>Note the public IP</strong> of your server</li> </ol> <p>If your provider has an integrated firewall (like DigitalOcean Cloud Firewall, AWS Security Groups, etc.), configure the necessary rules from the control panel.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0o655rkgi11xk9gqelp2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0o655rkgi11xk9gqelp2.png" alt="New Server DigitalOcean" width="800" height="446"></a></p> <h2> Step 2: Initial Server Configuration </h2> <p>Connect to the server via SSH:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh root@YOUR_PUBLIC_IP </code></pre> </div> <h3> Update system and install utilities </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>apt update <span class="o">&amp;&amp;</span> apt upgrade <span class="nt">-y</span> apt <span class="nb">install</span> <span class="nt">-y</span> curl wget git ufw ca-certificates gnupg lsb-release </code></pre> </div> <h3> Create administrator user (recommended) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>adduser deploy usermod <span class="nt">-aG</span> <span class="nb">sudo </span>deploy rsync <span class="nt">--archive</span> <span class="nt">--chown</span><span class="o">=</span>deploy:deploy ~/.ssh /home/deploy </code></pre> </div> <p>Now you can connect with the new user:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh deploy@YOUR_PUBLIC_IP </code></pre> </div> <h2> Step 3: Configure Firewall with UFW </h2> <p>Dokploy needs specific ports open. Configure UFW properly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Allow SSH first to avoid locking ourselves out</span> <span class="nb">sudo </span>ufw allow OpenSSH <span class="c"># Open ports needed for Dokploy and applications</span> <span class="nb">sudo </span>ufw allow 80/tcp <span class="c"># HTTP for Traefik</span> <span class="nb">sudo </span>ufw allow 443/tcp <span class="c"># HTTPS for Traefik</span> <span class="nb">sudo </span>ufw allow 443/udp <span class="c"># HTTPS UDP for Traefik</span> <span class="nb">sudo </span>ufw allow 3000/tcp <span class="c"># Dokploy panel (temporary only)</span> <span class="c"># Enable firewall</span> <span class="nb">sudo </span>ufw <span class="nb">enable sudo </span>ufw status numbered </code></pre> </div> <p><strong>Important</strong>: Docker can bypass UFW rules because it manipulates <code>iptables</code> directly. If your cloud provider offers an integrated firewall (like DigitalOcean Cloud Firewall, AWS Security Groups, etc.), we recommend configuring it as an additional security layer.</p> <p>Configure the same firewall rules in your provider's panel:</p> <ul> <li> <strong>22/TCP</strong> from your IP or trusted range (SSH)</li> <li> <strong>80/TCP</strong> from Anywhere (HTTP)</li> <li> <strong>443/TCP</strong> from Anywhere (HTTPS)</li> <li> <strong>443/UDP</strong> from Anywhere (HTTPS UDP)</li> <li> <strong>3000/TCP</strong> temporarily from your IP only (for initial setup)</li> </ul> <blockquote> <p>assets/dropplet-firewall.png</p> </blockquote> <h2> Step 4: Install Dokploy </h2> <p>The official Dokploy installation is straightforward with their script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-sSL</span> https://dokploy.com/install.sh | <span class="nb">sudo </span>sh </code></pre> </div> <p>This script automatically:</p> <ul> <li>Installs Docker if not present</li> <li>Initializes Docker Swarm</li> <li>Creates the overlay network <code>dokploy-network</code> </li> <li>Deploys Postgres, Redis, and Dokploy services</li> <li>Launches Traefik as reverse proxy</li> <li>Publishes the panel on port 3000</li> </ul> <h2> Step 5: Verify the Installation </h2> <p>Check that everything is working:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># View Docker Swarm services</span> docker service <span class="nb">ls</span> <span class="c"># View running containers</span> docker ps <span class="c"># Verify ports are listening</span> ss <span class="nt">-lntup</span> | <span class="nb">grep</span> <span class="nt">-E</span> <span class="s1">'(:80|:443|:3000)'</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F81yncuovtp3fgsxjdp01.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F81yncuovtp3fgsxjdp01.png" alt="Console up services" width="800" height="329"></a></p> <p>Now open your browser and access the Dokploy panel:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://YOUR_PUBLIC_IP:3000 </code></pre> </div> <p>Complete the initial setup wizard by creating your administrator account.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb7dzlkajpvs6xif8zvy8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb7dzlkajpvs6xif8zvy8.png" alt="Dashboard Home" width="800" height="421"></a></p> <h2> Step 6: Configure Domain and HTTPS (optional but recommended) </h2> <p>To access your applications with your own domain and HTTPS:</p> <ol> <li>In your DNS provider's panel (Cloudflare, DigitalOcean, AWS Route53, etc.), add your domain if you haven't already.</li> <li>Create DNS records: <ul> <li> <strong>A</strong> record for <code>@</code> pointing to your server IP</li> <li> <strong>A</strong> record for <code>www</code> pointing to your server IP</li> <li>Or a subdomain like <code>dokploy.yourdomain.com</code> </li> </ul> </li> </ol> <p>Wait for DNS propagation (may take a few minutes).</p> <h3> Restrict access to port 3000 </h3> <p>For security, once Dokploy is configured, restrict access to port 3000:</p> <ul> <li>In your cloud provider's firewall, limit it to your IP only if you need administrative access</li> </ul> <p> </p> <h2> Step 7: Deploy Your First "Hello World" Application in Node.js </h2> <p>Let's create a simple Node.js application and deploy it to Dokploy.</p> <h3> 7.1 Create the project locally </h3> <p>Create a folder for your project with the following files:</p> <p><strong>package.json</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"hello-world-dokploy"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.0.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Hello World application for Dokploy"</span><span class="p">,</span><span class="w"> </span><span class="nl">"main"</span><span class="p">:</span><span class="w"> </span><span class="s2">"app.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"start"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node app.js"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"express"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^4.18.2"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>app.js</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">PORT</span> <span class="o">=</span> <span class="mi">3000</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Hello World from Dokploy!</span><span class="dl">'</span><span class="p">,</span> <span class="na">timestamp</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">environment</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="p">});</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/health</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">OK</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">PORT</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Server running on port </span><span class="p">${</span><span class="nx">PORT</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>Dockerfile</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> node:18-alpine</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="nt">--omit</span><span class="o">=</span>dev <span class="k">COPY</span><span class="s"> . .</span> <span class="k">EXPOSE</span><span class="s"> 3000</span> <span class="k">USER</span><span class="s"> node</span> <span class="k">CMD</span><span class="s"> ["node", "app.js"]</span> </code></pre> </div> <p><strong>docker-compose.yml</strong> (for reference):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.8'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">.</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">NODE_ENV=staging</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <h3> 7.2 Deploy to Dokploy </h3> <h4> Deploy part 1 </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fei5sgxaa5p58rgg5sqgp.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fei5sgxaa5p58rgg5sqgp.gif" alt="Deploy part 1" width="600" height="338"></a></p> <h4> Deploy part 2 </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk437rlxfxy662zubyddy.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk437rlxfxy662zubyddy.gif" alt="Deploy part 2" width="720" height="406"></a></p> <ol> <li>In the Dokploy panel, click <strong>Create Project</strong> </li> <li>Give your project a name (e.g., "Tests")</li> <li>In the project panel, click <strong>Create Service</strong> and select Application</li> <li>Name your application: <strong>Hello World</strong> </li> <li>Then access your application and in the bottom section <strong>Build Type</strong> select Dockerfile and then Save.</li> <li>In the top section you have <strong>Provider</strong>. For this test we'll select the Drop type, however for real cases the best option is through git repository.</li> <li>Once Drop is selected, drag to the <strong>Zip file</strong> area the zip with the code we specified in point 7.1.</li> <li>Click the <strong>Deploy</strong> button</li> <li>Once deployment is complete, it will show the <strong>Deployments</strong> tab where you should see a green dot and <strong>Done</strong> indicating the process was successful. You can click <strong>View</strong> to verify the process.</li> <li>Now, to deploy our Hello World, go to the <strong>Domains</strong> tab.</li> <li>For this test we'll use a free Traefik domain by clicking on the dice icon, specify that the <strong>Container Port</strong> is 3000 and enable HTTPS with Let's Encrypt provider.</li> <li>Then click the <strong>Create</strong> button</li> <li>When finished, it will give us a URL where we can enter and see our web. Important: since we're using a test domain it will give security warnings. For production environments use your own domain.</li> </ol> <h3> 7.3 Verify the deployment </h3> <p>Once deployment is complete, access your application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://tests-hello-world-puloud-d13d9c-167-172-as2dsaccc234-151.traefik.me/ </code></pre> </div> <p>You should see the JSON "Hello World" message.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo1t1gls363gjabhue4xk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo1t1gls363gjabhue4xk.png" alt="Browser Helo App" width="784" height="303"></a></p> <h2> Step 8: Production Best Practices </h2> <h3> 1. Don't build on production server </h3> <p>Dokploy recommends building Docker images in CI/CD (GitHub Actions, GitLab CI) and then deploying the pre-built image. This saves resources and reduces downtime risk.</p> <h3> 2. Use health checks </h3> <p>Configure health checks in your applications (like the <code>/health</code> endpoint in our example) so Docker Swarm can monitor status.</p> <h3> 3. Configure backups </h3> <ul> <li> <strong>Configure regular server backups</strong> (if your provider offers this feature)</li> <li>Configure regular database backups</li> <li>Use <code>docker volume</code> for persistent data</li> </ul> <h3> 4. Monitoring and logs </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># View Dokploy logs</span> docker service logs dokploy <span class="nt">--tail</span> 100 <span class="nt">-f</span> <span class="c"># View application logs</span> docker service logs hello-world_app <span class="nt">--tail</span> 100 <span class="nt">-f</span> <span class="c"># View service status</span> docker service ps hello-world_app </code></pre> </div> <h2> Conclusion </h2> <p>Dokploy offers a robust, self-hosted solution for deploying applications on Docker Swarm. By implementing it on an Ubuntu server, you get a scalable, secure, and professional infrastructure at an accessible cost.</p> <p><strong>Need a cloud server?</strong> You can get an Ubuntu Droplet on DigitalOcean using our <a href="https://m.do.co/c/2c579acd7121" rel="noopener noreferrer">referral link</a> and receive initial credits to try this tutorial.</p> <h2> Additional Resources </h2> <ul> <li><a href="https://docs.dokploy.com" rel="noopener noreferrer">Official Dokploy Documentation</a></li> <li><a href="https://docs.dokploy.com/docs/core/remote-servers/security" rel="noopener noreferrer">Dokploy Security Guide</a></li> <li><a href="https://docs.digitalocean.com/products/networking/firewalls/" rel="noopener noreferrer">DigitalOcean Firewall Documentation</a></li> <li><a href="https://github.com/dokploy/dokploy" rel="noopener noreferrer">Dokploy GitHub Repository</a></li> <li><a href="https://discord.gg/dokploy" rel="noopener noreferrer">Dokploy Discord Community</a></li> </ul> <p><strong>Enjoyed this tutorial?</strong> Share your experiences deploying applications with Dokploy in the comments or suggest topics for future articles.</p> devops dokploy node tutorial Oscar Ricardo Sánche Gutierréz Fri, 27 Mar 2026 22:38:03 +0000 https://dev.to/oscar_ricardosncheguti/como-desplegar-dokploy-en-un-servidor-ubuntu-y-crear-tu-primer-hola-mundo-en-nodejs-14b8 https://dev.to/oscar_ricardosncheguti/como-desplegar-dokploy-en-un-servidor-ubuntu-y-crear-tu-primer-hola-mundo-en-nodejs-14b8 <h2> Introducción </h2> <p>Dokploy es una plataforma de despliegue auto-hospedada que simplifica la gestión de aplicaciones en contenedores Docker usando Docker Swarm. En este tutorial completo, te mostraré cómo instalar Dokploy en un <strong>servidor Ubuntu</strong>, configurar seguridad con firewall, desplegar tu primera aplicación Node.js y seguir las mejores prácticas para producción.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F85bwgux6b6zb9kbrh6s3.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F85bwgux6b6zb9kbrh6s3.gif" alt="Arquitectura" width="700" height="395"></a></p> <blockquote> <p>Diagrama realizado con <a href="https://savnet.co" rel="noopener noreferrer">https://savnet.co</a></p> </blockquote> <h2> ¿Qué necesitas? </h2> <p>Antes de comenzar, asegúrate de tener:</p> <ul> <li>Un <strong>servidor con Ubuntu 24.04 LTS</strong> (2 GB de RAM mínimo para pruebas)</li> <li>Acceso por <strong>SSH</strong> con claves configuradas</li> <li>Un <strong>dominio o subdominio</strong> (opcional, pero recomendado para HTTPS)</li> <li>Conocimientos básicos de terminal y Docker</li> </ul> <h2> Paso 1: Preparar tu servidor Ubuntu </h2> <p>Si ya tienes un servidor Ubuntu 24.04 LTS con acceso SSH, puedes saltar este paso. Si necesitas crear uno, sigue estas recomendaciones:</p> <ol> <li> <strong>Elige un proveedor de cloud o VPS</strong> que ofrezca Ubuntu 24.04 LTS</li> <li> <strong>Selecciona un plan</strong> con al menos 2 GB de RAM para pruebas</li> <li> <strong>Configura acceso SSH con claves</strong> en lugar de contraseña (más seguro)</li> <li> <strong>Considera activar backups y monitoreo</strong> si es para producción</li> <li> <strong>Anota la IP pública</strong> de tu servidor</li> </ol> <p>Si usas un proveedor con firewall integrado (como Cloud Firewall de DigitalOcean, Security Groups de AWS, etc.), configura las reglas necesarias desde el panel de control.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fku8nrc9a6pjt628k29w4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fku8nrc9a6pjt628k29w4.png" alt="Servidor DitialOcean" width="800" height="446"></a></p> <h2> Paso 2: Configuración inicial del servidor </h2> <p>Conéctate al servidor por SSH:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh root@TU_IP_PUBLICA </code></pre> </div> <h3> Actualizar sistema e instalar utilidades </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>apt update <span class="o">&amp;&amp;</span> apt upgrade <span class="nt">-y</span> apt <span class="nb">install</span> <span class="nt">-y</span> curl wget git ufw ca-certificates gnupg lsb-release </code></pre> </div> <h3> Crear usuario administrador (recomendado) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>adduser deploy usermod <span class="nt">-aG</span> <span class="nb">sudo </span>deploy rsync <span class="nt">--archive</span> <span class="nt">--chown</span><span class="o">=</span>deploy:deploy ~/.ssh /home/deploy </code></pre> </div> <p>Ahora puedes conectarte con el nuevo usuario:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh deploy@TU_IP_PUBLICA </code></pre> </div> <h2> Paso 3: Configurar firewall con UFW </h2> <p>Dokploy necesita puertos específicos abiertos. Configura UFW correctamente:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Permitir SSH primero para no bloquearnos</span> <span class="nb">sudo </span>ufw allow OpenSSH <span class="c"># Abrir puertos necesarios para Dokploy y aplicaciones</span> <span class="nb">sudo </span>ufw allow 80/tcp <span class="c"># HTTP para Traefik</span> <span class="nb">sudo </span>ufw allow 443/tcp <span class="c"># HTTPS para Traefik</span> <span class="nb">sudo </span>ufw allow 443/udp <span class="c"># HTTPS UDP para Traefik</span> <span class="nb">sudo </span>ufw allow 3000/tcp <span class="c"># Panel de Dokploy (solo temporal)</span> <span class="c"># Activar firewall</span> <span class="nb">sudo </span>ufw <span class="nb">enable sudo </span>ufw status numbered </code></pre> </div> <p><strong>Importante</strong>: Docker puede saltarse reglas de UFW porque manipula <code>iptables</code> directamente. Si tu proveedor de cloud ofrece firewall integrado (como Cloud Firewall de DigitalOcean, Security Groups de AWS, etc.), te recomendamos configurarlo también como capa adicional de seguridad.</p> <p>Configura las mismas reglas de firewall en el panel de tu proveedor:</p> <ul> <li> <strong>22/TCP</strong> desde tu IP o rango de confianza (SSH)</li> <li> <strong>80/TCP</strong> desde Anywhere (HTTP)</li> <li> <strong>443/TCP</strong> desde Anywhere (HTTPS)</li> <li> <strong>443/UDP</strong> desde Anywhere (HTTPS UDP)</li> <li> <strong>3000/TCP</strong> temporalmente desde tu IP (solo para configuración inicial)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F68fg2sgmhbws48kp8hqv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F68fg2sgmhbws48kp8hqv.png" alt="Firewall de servidor" width="800" height="208"></a></p> <h2> Paso 4: Instalar Dokploy </h2> <p>La instalación oficial de Dokploy es sencilla con su script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-sSL</span> https://dokploy.com/install.sh | <span class="nb">sudo </span>sh </code></pre> </div> <p>Este script automáticamente:</p> <ul> <li>Instala Docker si no está presente</li> <li>Inicializa Docker Swarm</li> <li>Crea la red overlay <code>dokploy-network</code> </li> <li>Despliega servicios de Postgres, Redis y Dokploy</li> <li>Levanta Traefik como reverse proxy</li> <li>Publica el panel en el puerto 3000</li> </ul> <h2> Paso 5: Verificar la instalación </h2> <p>Comprueba que todo esté funcionando:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Ver servicios de Docker Swarm</span> docker service <span class="nb">ls</span> <span class="c"># Ver contenedores en ejecución</span> docker ps <span class="c"># Verificar que los puertos estén escuchando</span> ss <span class="nt">-lntup</span> | <span class="nb">grep</span> <span class="nt">-E</span> <span class="s1">'(:80|:443|:3000)'</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8yyavlrgbn1qy9h58g8l.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8yyavlrgbn1qy9h58g8l.png" alt="Dashboard Dokploy" width="800" height="329"></a></p> <p>Ahora abre tu navegador y accede al panel de Dokploy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://TU_IP_PUBLICA:3000 </code></pre> </div> <p>Completa el asistente inicial creando tu cuenta de administrador.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F13s0ydlj7piamh37mmbg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F13s0ydlj7piamh37mmbg.png" alt="Home dokploy" width="800" height="421"></a></p> <h2> Paso 6: Configurar dominio y HTTPS (opcional pero recomendado) </h2> <p>Para acceder a tus aplicaciones con dominio propio y HTTPS:</p> <ol> <li>En el panel de DNS de tu proveedor (Cloudflare, DigitalOcean, AWS Route53, etc.), añade tu dominio si no lo tienes ya.</li> <li>Crea registros DNS: <ul> <li> <strong>A</strong> record para <code>@</code> apuntando a la IP de tu servidor</li> <li> <strong>A</strong> record para <code>www</code> apuntando a la IP de tu servidor</li> <li>O un subdominio como <code>dokploy.tudominio.com</code> </li> </ul> </li> </ol> <p>Espera la propagación DNS (puede tomar unos minutos).</p> <h3> Restringir acceso al puerto 3000 </h3> <p>Por seguridad, una vez configurado Dokploy, restringe el acceso al puerto 3000:</p> <ul> <li>En el firewall de tu proveedor de cloud, limítala solo a tu IP si necesitas acceso administrativo.</li> </ul> <h2> Paso 7: Desplegar tu primera aplicación "Hola Mundo" en Node.js </h2> <p>Vamos a crear una aplicación Node.js simple y desplegarla en Dokploy.</p> <h3> 7.1 Crear el proyecto localmente </h3> <p>Crea una carpeta para tu proyecto y los siguientes archivos:</p> <p><strong>package.json</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"hola-mundo-dokploy"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.0.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Aplicación Hola Mundo para Dokploy"</span><span class="p">,</span><span class="w"> </span><span class="nl">"main"</span><span class="p">:</span><span class="w"> </span><span class="s2">"app.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"start"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node app.js"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"express"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^4.18.2"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>app.js</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">PORT</span> <span class="o">=</span> <span class="mi">3000</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">¡Hola Mundo desde Dokploy!</span><span class="dl">'</span><span class="p">,</span> <span class="na">timestamp</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">(),</span> <span class="na">environment</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="p">});</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/health</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">OK</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">PORT</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Servidor corriendo en puerto </span><span class="p">${</span><span class="nx">PORT</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>Dockerfile</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> node:18-alpine</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="nt">--omit</span><span class="o">=</span>dev <span class="k">COPY</span><span class="s"> . .</span> <span class="k">EXPOSE</span><span class="s"> 3000</span> <span class="k">USER</span><span class="s"> node</span> <span class="k">CMD</span><span class="s"> ["node", "app.js"]</span> </code></pre> </div> <p><strong>docker-compose.yml</strong> (para referencia):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.8'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">.</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">NODE_ENV=staging</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <h3> 7.2 Desplegar en Dokploy </h3> <h4> Despliegue parte 1 </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foo2i64a6w4f9i3jnoix3.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foo2i64a6w4f9i3jnoix3.gif" alt="Despliegue parte 1" width="600" height="338"></a></p> <h4> Despliegue parte 2 </h4> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsxwo1zm9ub2ywxa11jmz.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsxwo1zm9ub2ywxa11jmz.gif" alt="Despliegue parte 2" width="720" height="406"></a></p> <ol> <li>En el panel de Dokploy, haz clic en <strong>Create Project</strong> </li> <li>Dale un nombre a tu proyecto (ej: "Tests")</li> <li>En el panel de proyecto, haz click en <strong>Create Service</strong> y selecciona Application</li> <li>Dale un nombre a tu aplicación: <strong>Hello World</strong> </li> <li>Luego accede a tu aplicación y en la sección inferior <strong>Build Type</strong> selecciona Dockerfile y luego Save.</li> <li>En la parte superior cuentas con la sección <strong>Provider</strong>. Para esta prueba seleccionaremos el tipo Drop, sin embargo para casos reales la mejor opción es a través de repositorio git.</li> <li>Una vez seleccionado Drop, arrastra al área <strong>Zip file</strong> el zip con el código que especificamos en el punto 7.1.</li> <li>Haz clic en el botón <strong>Deploy</strong> </li> <li>Una vez terminado el despliegue, te mostrará la pestaña <strong>Deployments</strong> en la cual deberás ver un punto verde y <strong>Done</strong> que indica que el proceso fue exitoso. Puedes hacer clic en <strong>View</strong> para verificar el proceso.</li> <li>Ahora, para desplegar nuestro Hola Mundo, ve a la pestaña <strong>Domains</strong>.</li> <li>Para esta prueba usaremos un dominio gratuito de Traefik haciendo click en el icono de un par de dados, especificamos que el <strong>Container Port</strong> es 3000 y habilitamos el HTTPS con proveedor Let's Encrypt.</li> <li>Luego haz clic en el botón <strong>Create</strong> </li> <li>Al terminar nos dará una URL a la cual podremos ingresar y ver nuestra web. Importante: como estamos usando un dominio de prueba nos dará advertencia de seguridad. Para entornos de producción usa un dominio propio.</li> </ol> <h3> 7.3 Verificar el despliegue </h3> <p>Una vez completado el despliegue, accede a tu aplicación:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://tests-hello-world-puloud-d13d9c-167-172-as2dsaccc234-151.traefik.me/ </code></pre> </div> <p>Deberías ver el mensaje JSON de "Hola Mundo".</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0m7kcndy3bhchw2c4ous.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0m7kcndy3bhchw2c4ous.png" alt=" " width="784" height="303"></a></p> <h2> Paso 8: Buenas prácticas para producción </h2> <h3> 1. No compilar en el servidor de producción </h3> <p>Dokploy recomienda construir las imágenes Docker en CI/CD (GitHub Actions, GitLab CI) y luego desplegar la imagen ya construida. Esto ahorra recursos y reduce riesgo de downtime.</p> <h3> 2. Usar health checks </h3> <p>Configura health checks en tus aplicaciones (como el endpoint <code>/health</code> en nuestro ejemplo) para que Docker Swarm pueda monitorear el estado.</p> <h3> 3. Configurar backups </h3> <ul> <li> <strong>Configura backups regulares</strong> de tu servidor (si tu proveedor ofrece esta funcionalidad)</li> <li>Configura backups de bases de datos regularmente</li> <li>Usa <code>docker volume</code> para datos persistentes</li> </ul> <h3> 4. Monitoreo y logs </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Ver logs de Dokploy</span> docker service logs dokploy <span class="nt">--tail</span> 100 <span class="nt">-f</span> <span class="c"># Ver logs de tu aplicación</span> docker service logs hola-mundo_app <span class="nt">--tail</span> 100 <span class="nt">-f</span> <span class="c"># Ver estado de los servicios</span> docker service ps hola-mundo_app </code></pre> </div> <h2> Conclusión </h2> <p>Dokploy ofrece una solución robusta y auto-hospedada para el despliegue de aplicaciones en Docker Swarm. Al implementarlo en un servidor Ubuntu, obtienes una infraestructura escalable, segura y profesional a un costo accesible.</p> <p><strong>¿Necesitas un servidor en la nube?</strong> Puedes obtener un Droplet Ubuntu en DigitalOcean usando nuestro <a href="https://m.do.co/c/2c579acd7121" rel="noopener noreferrer">enlace de referido</a> y recibir créditos iniciales para probar este tutorial.</p> <h2> Recursos adicionales </h2> <ul> <li><a href="https://docs.dokploy.com" rel="noopener noreferrer">Documentación oficial de Dokploy</a></li> <li><a href="https://docs.dokploy.com/docs/core/remote-servers/security" rel="noopener noreferrer">Guía de seguridad de Dokploy</a></li> <li><a href="https://docs.digitalocean.com/products/networking/firewalls/" rel="noopener noreferrer">Documentación de DigitalOcean sobre firewalls</a></li> <li><a href="https://github.com/dokploy/dokploy" rel="noopener noreferrer">Repositorio GitHub de Dokploy</a></li> <li><a href="https://discord.gg/dokploy" rel="noopener noreferrer">Comunidad Discord de Dokploy</a></li> </ul> <p><strong>¿Te gustó este tutorial?</strong> Comparte tus experiencias desplegando aplicaciones con Dokploy en los comentarios o sugiere temas para futuros artículos.</p> devops dokploy node tutorial Oscar Ricardo Sánche Gutierréz Fri, 06 Mar 2026 20:43:27 +0000 https://dev.to/oscar_ricardosncheguti/basic-load-balancing-for-a-web-system-on-digitalocean-2hf7 https://dev.to/oscar_ricardosncheguti/basic-load-balancing-for-a-web-system-on-digitalocean-2hf7 <p>In this article we’ll build a <strong>simple and inexpensive load-balanced web setup on DigitalOcean</strong>.</p> <p>The architecture is intentionally minimal:</p> <ul> <li>1 DigitalOcean Load Balancer</li> <li>2 small droplets</li> <li>A lightweight web app running with <strong>Docker + PHP + Nginx</strong> </li> </ul> <p>The goal is to show how quickly you can build a <strong>basic scalable web entry point</strong> without complex infrastructure.</p> <p>Architecture diagram created with <strong><a href="https://savnet.co" rel="noopener noreferrer">savnet.co</a></strong>:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1yoatkmjtxd5u51jmo92.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1yoatkmjtxd5u51jmo92.gif" alt="architecture" width="962" height="690"></a></p> <h1> Creating the first server </h1> <p>Go to your <strong>DigitalOcean account</strong> and create a small droplet.</p> <p>Configuration used in this guide:</p> <ul> <li>Image: <strong>Docker latest on Ubuntu 22.04</strong> </li> <li>Region: choose the closest to your users</li> <li>Authentication: <strong>SSH recommended</strong> (Password also works)</li> <li>Hostname: <code>WebServer-1</code> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2wj8xt2x7tox1kmq5683.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2wj8xt2x7tox1kmq5683.gif" alt="create-server-1" width="720" height="404"></a></p> <p>Once the droplet is ready, connect to the server.</p> <h1> Preparing the server </h1> <h2> 1. Create a user </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>adduser web_app usermod <span class="nt">-aG</span> <span class="nb">sudo </span>web_app <span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker web_app su - web_app </code></pre> </div> <p>This user will run the application and manage Docker.</p> <h2> 2. Create the application folder </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> ~/app <span class="nb">cd</span> ~/app </code></pre> </div> <h2> 3. Create the application files </h2> <h3> <code>index.php</code> </h3> <p>A very small script that prints the server IP responding to the request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">echo</span> <span class="s1">'Hi. From ip '</span><span class="mf">.</span><span class="nv">$_SERVER</span><span class="p">[</span><span class="s1">'SERVER_ADDR'</span><span class="p">];</span> </code></pre> </div> <h3> <code>nginx.conf</code> </h3> <p>Basic Nginx configuration to serve PHP via PHP-FPM.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">localhost</span><span class="p">;</span> <span class="kn">root</span> <span class="n">/var/www/html</span><span class="p">;</span> <span class="kn">index</span> <span class="s">index.php</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">try_files</span> <span class="nv">$uri</span> <span class="nv">$uri</span><span class="n">/</span> <span class="p">=</span><span class="mi">404</span><span class="p">;</span> <span class="p">}</span> <span class="kn">location</span> <span class="p">~</span> <span class="sr">\.php$</span> <span class="p">{</span> <span class="kn">fastcgi_pass</span> <span class="nf">127.0.0.1</span><span class="p">:</span><span class="mi">9000</span><span class="p">;</span> <span class="kn">fastcgi_index</span> <span class="s">index.php</span><span class="p">;</span> <span class="kn">fastcgi_param</span> <span class="s">SCRIPT_FILENAME</span> <span class="nv">$document_root$fastcgi_script_name</span><span class="p">;</span> <span class="kn">include</span> <span class="s">fastcgi_params</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> <code>docker-compose.yml</code> </h3> <p>This setup runs <strong>Nginx + PHP-FPM</strong> using Docker.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.8'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">nginx</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">nginx-web</span> <span class="na">network_mode</span><span class="pi">:</span> <span class="s">host</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./:/var/www/html</span> <span class="pi">-</span> <span class="s">./nginx.conf:/etc/nginx/conf.d/default.conf</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">php-fpm</span> <span class="na">php-fpm</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">php:8.2-fpm</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">php-app</span> <span class="na">network_mode</span><span class="pi">:</span> <span class="s">host</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./:/var/www/html</span> </code></pre> </div> <h2> 4. Start the application </h2> <p>Run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker compose up </code></pre> </div> <p>If everything is correct you should see the containers starting.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9ebfgjd2nbkb3i8cxmgu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9ebfgjd2nbkb3i8cxmgu.png" alt="app-start" width="800" height="354"></a></p> <p>Open the <strong>server IP in your browser</strong>.</p> <p>You should see something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Hi. From ip 10.x.x.x </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6q5s7v1ykntmpwgwrze0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6q5s7v1ykntmpwgwrze0.png" alt="app-running" width="446" height="275"></a></p> <h1> Creating the Load Balancer </h1> <p>Now we create the <strong>DigitalOcean Load Balancer</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1cbsc6m7jfhakj3kmpjv.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1cbsc6m7jfhakj3kmpjv.gif" alt="load-balancer" width="600" height="588"></a></p> <p>Configure:</p> <ul> <li>HTTP forwarding</li> <li>Attach <strong>WebServer-1</strong> </li> </ul> <p>Once created, open the <strong>load balancer IP</strong>.</p> <p>You’ll see something similar to this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fljl8v6qz9wpe63dxr9qz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fljl8v6qz9wpe63dxr9qz.png" alt="lb-response" width="395" height="192"></a></p> <p>Notice that the response shows an <strong>internal server IP</strong>, because traffic between the load balancer and droplets happens inside DigitalOcean’s network.</p> <h1> Creating the second server faster </h1> <p>Instead of repeating the setup manually, we can <strong>create a snapshot</strong> of the first droplet.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fawsi0hnl7so42xc3ilhv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fawsi0hnl7so42xc3ilhv.png" alt="snapshot" width="800" height="491"></a></p> <p>Then create a <strong>new droplet from that snapshot</strong> in the same region.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhaxczvla64clgpfqmr9a.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhaxczvla64clgpfqmr9a.png" alt="snapshot-server" width="800" height="347"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn4ac3ds1ktk5xo3mrzh2.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn4ac3ds1ktk5xo3mrzh2.gif" alt=" " width="600" height="589"></a></p> <h1> Adding the new node to the Load Balancer </h1> <p>Go back to the Load Balancer configuration and attach the second server.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft44g2ezvux5imh69t98b.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft44g2ezvux5imh69t98b.png" alt="attach-node" width="800" height="338"></a></p> <p>After about a minute, DigitalOcean will mark the droplet as <strong>healthy</strong>.</p> <p>Now refresh the Load Balancer IP multiple times.</p> <p>You should see responses coming from <strong>different internal IPs</strong>, meaning traffic is being distributed.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpcbf7jyehw5d1934bm47.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpcbf7jyehw5d1934bm47.png" alt="node1" width="800" height="474"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo5ofclo5h1h1gr4jp5lc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo5ofclo5h1h1gr4jp5lc.png" alt="node2" width="616" height="327"></a></p> <h1> Security recommendations </h1> <p>This example focuses on the <strong>basic load balancing setup</strong>, but in a real environment you should also:</p> <ul> <li>Add a <strong>DigitalOcean firewall</strong> </li> <li>Restrict droplets so they are <strong>only reachable from the load balancer</strong> </li> <li>Enable <strong>HTTPS</strong> </li> <li>Configure <strong>health checks</strong> </li> </ul> <p>These small changes significantly improve the security of the system.</p> <h1> Tools used </h1> <ul> <li> <strong>OBS</strong> – screen recording</li> <li> <strong>Kdenlive</strong> – video editing</li> <li> <strong><a href="https://savnet.co" rel="noopener noreferrer">savnet.co</a></strong> – architecture diagrams used in this article</li> </ul> beginners cloud devops tutorial