The latest articles on DEV Community by Sanskriti Harmukh (@sharmukh). https://dev.to/sharmukh https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3900728%2F38e545fb-274b-483d-a868-8780a6503800.png https://dev.to/sharmukh en Sanskriti Harmukh Tue, 26 May 2026 15:22:46 +0000 https://dev.to/vultr/deploying-unbound-validating-dns-resolver-on-ubuntu-2404-4pn6 https://dev.to/vultr/deploying-unbound-validating-dns-resolver-on-ubuntu-2404-4pn6 <p>Unbound is a validating, recursive, and caching DNS resolver that performs DNSSEC validation locally and answers queries without relying on third-party resolvers. This guide deploys Unbound using Docker Compose after freeing the system's port 53, with access controls that restrict who can query the resolver. By the end, you'll have a validating DNS resolver answering queries from approved clients on your server.</p> <h2> Free Port 53 </h2> <p>Ubuntu's <code>systemd-resolved</code> binds port 53 by default. Release it before deploying.</p> <p><strong>1. Stop and disable <code>systemd-resolved</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>systemctl stop systemd-resolved <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>systemctl disable systemd-resolved </code></pre> </div> <p><strong>2. Replace the resolver configuration:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo rm</span> /etc/resolv.conf <span class="gp">$</span><span class="w"> </span><span class="nb">echo</span> <span class="s2">"nameserver 1.1.1.1"</span> | <span class="nb">sudo tee</span> /etc/resolv.conf </code></pre> </div> <h2> Set Up the Directory Structure and Configuration </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/unbound <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/unbound </code></pre> </div> <p><strong>2. Create the Unbound configuration file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano unbound.conf </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">server</span><span class="pi">:</span> <span class="na">interface</span><span class="pi">:</span> <span class="s">0.0.0.0</span> <span class="na">interface</span><span class="pi">:</span> <span class="s">::0</span> <span class="na">port</span><span class="pi">:</span> <span class="m">53</span> <span class="na">access-control</span><span class="pi">:</span> <span class="s">127.0.0.0/8 allow</span> <span class="na">access-control</span><span class="pi">:</span> <span class="s">192.168.0.0/16 allow</span> <span class="na">access-control</span><span class="pi">:</span> <span class="s">172.16.0.0/12 allow</span> <span class="na">access-control</span><span class="pi">:</span> <span class="s">10.0.0.0/8 allow</span> <span class="na">access-control</span><span class="pi">:</span> <span class="s">YOUR_CLIENT_IP/32 allow</span> <span class="na">access-control</span><span class="pi">:</span> <span class="s">0.0.0.0/0 refuse</span> <span class="na">hide-identity</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">hide-version</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">use-caps-for-id</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">prefetch</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">num-threads</span><span class="pi">:</span> <span class="m">2</span> <span class="na">msg-cache-slabs</span><span class="pi">:</span> <span class="m">4</span> <span class="na">rrset-cache-slabs</span><span class="pi">:</span> <span class="m">4</span> <span class="na">infra-cache-slabs</span><span class="pi">:</span> <span class="m">4</span> <span class="na">key-cache-slabs</span><span class="pi">:</span> <span class="m">4</span> <span class="na">rrset-cache-size</span><span class="pi">:</span> <span class="s">100m</span> <span class="na">msg-cache-size</span><span class="pi">:</span> <span class="s">50m</span> <span class="na">so-rcvbuf</span><span class="pi">:</span> <span class="s">1m</span> <span class="na">remote-control</span><span class="pi">:</span> <span class="na">control-enable</span><span class="pi">:</span> <span class="s">no</span> </code></pre> </div> <p>Replace <code>YOUR_CLIENT_IP/32</code> with the IP allowed to query the resolver.</p> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">unbound</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">mvance/unbound:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">unbound</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">TZ</span><span class="pi">:</span> <span class="s">UTC</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">53:53/tcp"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">53:53/udp"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./unbound.conf:/opt/unbound/etc/unbound/unbound.conf:ro</span> </code></pre> </div> <p><strong>2. Start the service:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the service is running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <h2> Test Resolution </h2> <p>From an allowed client, query the resolver:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>dig @SERVER_IP vultr.com </code></pre> </div> <p>A valid answer section confirms Unbound is resolving queries.</p> <h2> Next Steps </h2> <p>Unbound is running with DNSSEC validation and tight access controls. From here you can:</p> <ul> <li>Point your network's clients at the resolver to gain DNSSEC validation</li> <li>Tune cache sizes and thread counts for your traffic volume</li> <li>Layer block lists into <code>unbound.conf</code> to filter ads and malicious domains</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-unbound-validating-dns-resolver" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> dns docker devops security Sanskriti Harmukh Tue, 26 May 2026 15:22:17 +0000 https://dev.to/vultr/deploying-prometheus-metrics-collection-server-on-ubuntu-2404-47di https://dev.to/vultr/deploying-prometheus-metrics-collection-server-on-ubuntu-2404-47di <p>Prometheus is an open-source systems monitoring and alerting toolkit that scrapes targets over HTTP and stores time-series metrics in a local TSDB. It exposes a powerful query language (PromQL) and pairs natively with Grafana for visualization. This guide deploys Prometheus using Docker Compose with Traefik handling automatic HTTPS, and verifies the server via a sample scrape config. By the end, you'll have Prometheus collecting and serving metrics over HTTPS at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/prometheus-monitoring/<span class="o">{</span>prometheus-data,prometheus-config<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/prometheus-monitoring </code></pre> </div> <p><strong>2. Set ownership for the Prometheus data directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo chown</span> <span class="nt">-R</span> 65534:65534 prometheus-data </code></pre> </div> <p><strong>3. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DOMAIN=prometheus.example.com LETSENCRYPT_EMAIL=admin@example.com </code></pre> </div> <p><strong>4. Create the Prometheus configuration file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano prometheus-config/prometheus.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">global</span><span class="pi">:</span> <span class="na">scrape_interval</span><span class="pi">:</span> <span class="s">15s</span> <span class="na">evaluation_interval</span><span class="pi">:</span> <span class="s">15s</span> <span class="na">scrape_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">job_name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">prometheus'</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">localhost:9090'</span><span class="pi">]</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">prometheus</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">prom/prometheus:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">prometheus</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">prometheus</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">9090"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./prometheus-config/prometheus.yml:/etc/prometheus/prometheus.yml"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./prometheus-data:/prometheus"</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--config.file=/etc/prometheus/prometheus.yml"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--storage.tsdb.path=/prometheus"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.prometheus.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.prometheus.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.prometheus.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.prometheus.loadbalancer.server.port=9090"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">letsencrypt</span><span class="pi">:</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <p><strong>4. View the logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Access Prometheus </h2> <p>Open <code>https://prometheus.example.com</code> in a browser. Try a basic PromQL query in the expression bar to confirm scraping:</p> <ul> <li> <code>up</code> — scrape status of every target</li> <li> <code>process_cpu_seconds_total</code> — Prometheus's own CPU usage</li> <li> <code>process_resident_memory_bytes</code> — Prometheus's own memory usage</li> </ul> <h2> Next Steps </h2> <p>Prometheus is running and scraping metrics over HTTPS. From here you can:</p> <ul> <li>Add scrape targets for your application, node exporters, and infrastructure</li> <li>Connect Prometheus as a data source in Grafana for dashboards</li> <li>Configure alerting rules and route them through Alertmanager</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-prometheus-metrics-collection-server" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> observability docker devops monitoring Sanskriti Harmukh Tue, 26 May 2026 15:21:54 +0000 https://dev.to/vultr/deploying-grafana-metrics-visualization-platform-on-ubuntu-2404-553j https://dev.to/vultr/deploying-grafana-metrics-visualization-platform-on-ubuntu-2404-553j <p>Grafana is an open-source dashboard and visualization platform that connects to dozens of data sources (Prometheus, Loki, Mimir, Tempo, PostgreSQL, and more) and renders metrics, logs, and traces in interactive panels. This guide deploys Grafana using Docker Compose with Traefik handling automatic HTTPS. By the end, you'll have Grafana running with a persistent data store and a secured admin login at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/grafana-monitoring/grafana-data <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/grafana-monitoring </code></pre> </div> <p><strong>2. Set ownership for the Grafana data directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo chown</span> <span class="nt">-R</span> 472:472 grafana-data </code></pre> </div> <p><strong>3. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">grafana.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">GF_ADMIN_PASSWORD</span><span class="p">=</span><span class="s">changeme</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">grafana</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">grafana/grafana:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">grafana</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">grafana</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3000"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./grafana-data:/var/lib/grafana"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">GF_SECURITY_ADMIN_PASSWORD=${GF_ADMIN_PASSWORD}</span> <span class="pi">-</span> <span class="s">GF_SERVER_ROOT_URL=https://${DOMAIN}</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.grafana.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.grafana.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.grafana.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.grafana.loadbalancer.server.port=3000"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">letsencrypt</span><span class="pi">:</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <p><strong>4. View the logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Access Grafana </h2> <p>Open <code>https://grafana.example.com</code> in a browser. Sign in with:</p> <ul> <li> <strong>Username:</strong> <code>admin</code> </li> <li> <strong>Password:</strong> the value of <code>GF_ADMIN_PASSWORD</code> from <code>.env</code> </li> </ul> <p>Navigate to <strong>Connections → Data sources</strong> to wire in Prometheus, Loki, or other backends.</p> <h2> Next Steps </h2> <p>Grafana is running and served securely over HTTPS. From here you can:</p> <ul> <li>Add Prometheus, Loki, Mimir, or Tempo as data sources</li> <li>Import community dashboards or build custom ones for your stack</li> <li>Configure alerting rules and notification channels</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-grafana-metrics-visualization-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> observability docker devops monitoring Sanskriti Harmukh Tue, 26 May 2026 15:21:29 +0000 https://dev.to/vultr/deploying-gogs-simple-git-hosting-on-ubuntu-2404-2abm https://dev.to/vultr/deploying-gogs-simple-git-hosting-on-ubuntu-2404-2abm <p>Gogs (Go Git Service) is a lightweight, self-hosted Git server written in Go, designed to be fast, simple, and easy to run on modest hardware. This guide deploys Gogs with a PostgreSQL backend using Docker Compose, with Traefik handling automatic HTTPS and SSH exposed on port 2222. By the end, you'll have a Gogs instance ready for repositories at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/gogs/<span class="o">{</span>data,db,letsencrypt<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/gogs </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">POSTGRES_USER</span><span class="p">=</span><span class="s">gogs</span> <span class="py">POSTGRES_PASSWORD</span><span class="p">=</span><span class="s">STRONG_DB_PASSWORD</span> <span class="py">POSTGRES_DB</span><span class="p">=</span><span class="s">gogs</span> <span class="py">DOMAIN</span><span class="p">=</span><span class="s">gogs.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Add your user to the Docker group:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker </code></pre> </div> <p><strong>2. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DOCKER_API_VERSION</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.44"</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">./letsencrypt:/letsencrypt</span> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:16-alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">gogs-db</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">POSTGRES_USER=${POSTGRES_USER}</span> <span class="pi">-</span> <span class="s">POSTGRES_PASSWORD=${POSTGRES_PASSWORD}</span> <span class="pi">-</span> <span class="s">POSTGRES_DB=${POSTGRES_DB}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./db:/var/lib/postgresql/data</span> <span class="na">gogs</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">gogs/gogs:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">gogs</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">db</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">2222:22"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data:/data</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.gogs.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.gogs.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.gogs.tls=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.gogs.tls.certresolver=le"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.gogs.loadbalancer.server.port=3000"</span> </code></pre> </div> <p><strong>3. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>4. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <h2> Complete the Installation </h2> <p>Open <code>https://gogs.example.com</code> in a browser and fill in the install form:</p> <ul> <li> <strong>Database Host:</strong> <code>db:5432</code> </li> <li> <strong>Database User / Password / Name:</strong> the values from <code>.env</code> </li> <li> <strong>SSH Port:</strong> <code>2222</code> </li> <li> <strong>Application URL:</strong> <code>https://gogs.example.com/</code> </li> </ul> <p>Configure the administrator account and click <strong>Install Gogs</strong>.</p> <h2> Next Steps </h2> <p>Gogs is running and served securely over HTTPS. From here you can:</p> <ul> <li>Create organizations and repositories, and invite collaborators</li> <li>Push and clone via SSH on port 2222 or HTTPS on 443</li> <li>Configure SMTP for email notifications and webhooks for CI integrations</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-gogs-simple-git-hosting" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> git docker devops selfhosted Sanskriti Harmukh Tue, 26 May 2026 15:21:07 +0000 https://dev.to/vultr/deploying-mongodb-nosql-document-database-on-ubuntu-2404-15c3 https://dev.to/vultr/deploying-mongodb-nosql-document-database-on-ubuntu-2404-15c3 <p>MongoDB is an open-source NoSQL document database that stores data as flexible BSON documents and scales horizontally through sharding. This guide deploys MongoDB using Docker Compose with persistent volume storage and a root user, then verifies it with the <code>mongosh</code> shell. By the end, you'll have a MongoDB instance ready for application use on your server.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/mongodb-logging/mongodb-data <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/mongodb-logging </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">MONGO_ROOT_USERNAME</span><span class="p">=</span><span class="s">admin</span> <span class="py">MONGO_ROOT_PASSWORD</span><span class="p">=</span><span class="s">changeme</span> </code></pre> </div> <p>Pick a strong password before deploying.</p> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">mongodb</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">mongo:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">mongodb</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">mongodb</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">27017:27017"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./mongodb-data:/data/db"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USERNAME}</span> <span class="pi">-</span> <span class="s">MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD}</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Start the service:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the service is running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <p><strong>4. View the logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Access MongoDB </h2> <p><strong>1. Open a <code>mongosh</code> shell inside the container:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker <span class="nb">exec</span> <span class="nt">-it</span> mongodb mongosh <span class="nt">-u</span> admin <span class="nt">-p</span> changeme </code></pre> </div> <p><strong>2. Switch to an application database and insert a document:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>use logs db.application_logs.insertOne({ level: "info", message: "first entry", timestamp: new Date() }) </code></pre> </div> <p><strong>3. Query and index the collection:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>db.application_logs.find() db.application_logs.createIndex({ timestamp: -1 }) show collections exit </code></pre> </div> <h2> Next Steps </h2> <p>MongoDB is running with persistent storage and authenticated access. From here you can:</p> <ul> <li>Create application-scoped users with <code>db.createUser()</code> instead of using root</li> <li>Enable TLS by mounting certificates and adding <code>--tlsMode requireTLS</code> </li> <li>Bind the port to <code>127.0.0.1</code> and front MongoDB with a VPN for remote access</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-mongodb-nosql-document-database" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> mongodb docker database devops Sanskriti Harmukh Tue, 26 May 2026 15:20:46 +0000 https://dev.to/vultr/deploying-passbolt-team-password-manager-on-ubuntu-2404-3564 https://dev.to/vultr/deploying-passbolt-team-password-manager-on-ubuntu-2404-3564 <p>Passbolt CE is an open-source, end-to-end encrypted password manager built for teams, with browser extensions and a web interface for secure credential sharing. This guide deploys Passbolt with a MariaDB backend using Docker Compose, with Traefik handling automatic HTTPS, then registers the first administrator. By the end, you'll have Passbolt running securely at your domain with the first admin account ready.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/passbolt/<span class="o">{</span>db,gpg,letsencrypt<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">sudo chown</span> <span class="nt">-R</span> 33:33 ~/passbolt/gpg <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/passbolt </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">passbolt.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">MYSQL_USER</span><span class="p">=</span><span class="s">passbolt</span> <span class="py">MYSQL_PASSWORD</span><span class="p">=</span><span class="s">STRONG_DB_PASSWORD</span> <span class="py">MYSQL_DATABASE</span><span class="p">=</span><span class="s">passbolt</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Add your user to the Docker group:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker </code></pre> </div> <p><strong>2. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DOCKER_API_VERSION</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.44"</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">./letsencrypt:/letsencrypt</span> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">mariadb:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">passbolt-db</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">MYSQL_RANDOM_ROOT_PASSWORD=yes</span> <span class="pi">-</span> <span class="s">MYSQL_DATABASE=${MYSQL_DATABASE}</span> <span class="pi">-</span> <span class="s">MYSQL_USER=${MYSQL_USER}</span> <span class="pi">-</span> <span class="s">MYSQL_PASSWORD=${MYSQL_PASSWORD}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./db:/var/lib/mysql</span> <span class="na">passbolt</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">passbolt/passbolt:latest-ce</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">passbolt</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">db</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">APP_FULL_BASE_URL=https://${DOMAIN}</span> <span class="pi">-</span> <span class="s">DATASOURCES_DEFAULT_HOST=db</span> <span class="pi">-</span> <span class="s">DATASOURCES_DEFAULT_USERNAME=${MYSQL_USER}</span> <span class="pi">-</span> <span class="s">DATASOURCES_DEFAULT_PASSWORD=${MYSQL_PASSWORD}</span> <span class="pi">-</span> <span class="s">DATASOURCES_DEFAULT_DATABASE=${MYSQL_DATABASE}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./gpg:/etc/passbolt/gpg</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.passbolt.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.passbolt.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.passbolt.tls=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.passbolt.tls.certresolver=le"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.passbolt.loadbalancer.server.port=80"</span> </code></pre> </div> <p><strong>3. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>4. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <h2> Create the First Administrator </h2> <p>Register the first admin account using Passbolt's CLI inside the container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose <span class="nb">exec </span>passbolt su <span class="nt">-m</span> <span class="nt">-c</span> <span class="s2">"/usr/share/php/passbolt/bin/cake passbolt register_user -u admin@example.com -f FIRSTNAME -l LASTNAME -r admin"</span> <span class="nt">-s</span> /bin/sh www-data </code></pre> </div> <p>The command prints a one-time setup URL. Open it in a browser, install the Passbolt browser extension, and complete the account creation flow.</p> <h2> Next Steps </h2> <p>Passbolt is running and served securely over HTTPS. From here you can:</p> <ul> <li>Invite team members and organize credentials into shared groups</li> <li>Configure SMTP for invitation and notification emails</li> <li>Enable MFA (TOTP, YubiKey, or DUO) for admin and team accounts</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-passbolt-team-password-manager" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> security docker devops selfhosted Sanskriti Harmukh Tue, 26 May 2026 15:20:17 +0000 https://dev.to/vultr/deploying-openwebui-local-ai-interface-on-ubuntu-2404-553d https://dev.to/vultr/deploying-openwebui-local-ai-interface-on-ubuntu-2404-553d <p>Open WebUI is a self-hosted, ChatGPT-style interface for local and remote AI models, supporting Ollama, OpenAI-compatible endpoints, and per-user authentication. This guide deploys Open WebUI using Docker Compose with Traefik handling automatic HTTPS. By the end, you'll have an Open WebUI instance running securely at your domain, ready to point at a model backend.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/openwebui/data <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/openwebui </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">openwebui.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">openwebui</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">ghcr.io/open-webui/open-webui:main</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">openwebui</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">openwebui</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8080"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./data:/app/backend/data"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">WEBUI_AUTH=true</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.openwebui.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.openwebui.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.openwebui.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.openwebui.loadbalancer.server.port=8080"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">letsencrypt</span><span class="pi">:</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <p><strong>4. View the logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Access Open WebUI </h2> <p>Open <code>https://openwebui.example.com</code> in a browser. The first user you register becomes the administrator. Additional users sign up through the same flow and can be managed from <strong>Admin Panel → Users</strong>.</p> <h2> Next Steps </h2> <p>Open WebUI is running and served securely over HTTPS. From here you can:</p> <ul> <li>Connect a local Ollama instance or any OpenAI-compatible endpoint as a model backend</li> <li>Enable RAG by uploading documents to the knowledge base</li> <li>Configure per-user model permissions and rate limits from the admin panel</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-openwebui-local-ai-interface" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> ai docker devops selfhosted Sanskriti Harmukh Tue, 26 May 2026 15:19:46 +0000 https://dev.to/vultr/deploying-bitwarden-password-management-vault-on-ubuntu-2404-1men https://dev.to/vultr/deploying-bitwarden-password-management-vault-on-ubuntu-2404-1men <p>Bitwarden is an open-source, end-to-end encrypted password manager. The official self-hosted server runs as a stack of Docker containers and ships with an interactive installer that wires up TLS and the database. This guide installs the official Bitwarden server on Ubuntu 24.04, configures automatic Let's Encrypt TLS through the installer, and creates the first vault user. By the end, you'll have a self-hosted Bitwarden vault available securely at your domain.</p> <blockquote> <p><strong>Prerequisites:</strong> Ubuntu 24.04 with at least 2 GB RAM (4 GB recommended), Docker + Docker Compose installed, a domain pointed at the server, and an Installation ID + Key from <a href="https://bitwarden.com/host" rel="noopener noreferrer">bitwarden.com/host</a>.</p> </blockquote> <h2> Prepare the Environment </h2> <p><strong>1. Add your user to the Docker group:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker </code></pre> </div> <p><strong>2. Create and own the install directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo mkdir</span> <span class="nt">-p</span> /opt/bitwarden <span class="gp">$</span><span class="w"> </span><span class="nb">sudo chown</span> <span class="nt">-R</span> <span class="nv">$USER</span>:<span class="nv">$USER</span> /opt/bitwarden <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> /opt/bitwarden </code></pre> </div> <h2> Download and Install Bitwarden </h2> <p><strong>1. Fetch the installer script:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-Lso</span> bitwarden.sh https://go.btwrdn.co/bw-sh <span class="gp">$</span><span class="w"> </span><span class="nb">chmod </span>700 bitwarden.sh </code></pre> </div> <p><strong>2. Run the installer:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>./bitwarden.sh <span class="nb">install</span> </code></pre> </div> <p>Answer the interactive prompts:</p> <ul> <li> <strong>Domain name:</strong> your fully qualified domain (e.g. <code>bitwarden.example.com</code>)</li> <li> <strong>Use Let's Encrypt:</strong> <code>y</code> (recommended) — supply a contact email</li> <li> <strong>Database name:</strong> <code>vault</code> (default is fine)</li> <li> <strong>Installation ID and Key:</strong> from <code>bitwarden.com/host</code> </li> <li> <strong>Region:</strong> <code>US</code> or <code>EU</code> to match where you obtained your install ID</li> </ul> <h2> Start the Server </h2> <p><strong>1. Bring the stack online:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>./bitwarden.sh start </code></pre> </div> <p><strong>2. Confirm the containers are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker container <span class="nb">ls</span> </code></pre> </div> <p>The first start downloads images and builds configuration. Initial start can take a few minutes.</p> <h2> Create Your First User </h2> <ol> <li>Open <code>https://bitwarden.example.com</code> in a browser.</li> <li>Click <strong>Create Account</strong> and complete the signup form.</li> <li>Verify the email address (configure SMTP in <code>/opt/bitwarden/bwdata/env/global.override.env</code> if not already set).</li> <li>Sign in to create your first organization and vault items.</li> </ol> <blockquote> <p><strong>Warning:</strong> Bitwarden uses zero-knowledge encryption. If the master password is lost, the vault cannot be recovered. Save it in a secure offline location.</p> </blockquote> <h2> Next Steps </h2> <p>Bitwarden is running securely at your domain. From here you can:</p> <ul> <li>Configure SMTP so users receive invitations and password reset emails</li> <li>Set up scheduled backups of <code>/opt/bitwarden/bwdata</code> </li> <li>Use <code>./bitwarden.sh update</code> and <code>./bitwarden.sh restart</code> to roll new releases</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-bitwarden-password-management-vault" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> security docker devops selfhosted Sanskriti Harmukh Tue, 26 May 2026 15:19:00 +0000 https://dev.to/vultr/deploying-gitlab-ce-devops-management-suite-on-ubuntu-2404-595i https://dev.to/vultr/deploying-gitlab-ce-devops-management-suite-on-ubuntu-2404-595i <p>GitLab CE (Community Edition) is a complete, open-source DevOps platform that combines source code management, CI/CD pipelines, security testing, and project planning in a single application. This guide deploys GitLab CE using Docker Compose with Traefik handling automatic HTTPS, then retrieves the initial root password. By the end, you'll have a self-hosted GitLab instance running securely at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/gitlab/<span class="o">{</span>config,logs,data,letsencrypt<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/gitlab </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GITLAB_DOMAIN=gitlab.example.com LETSENCRYPT_EMAIL=admin@example.com </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Add your user to the Docker group:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker </code></pre> </div> <p><strong>2. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DOCKER_API_VERSION</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.44"</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">./letsencrypt:/letsencrypt</span> <span class="na">gitlab</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">gitlab/gitlab-ce:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">gitlab</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">${GITLAB_DOMAIN}</span> <span class="na">shm_size</span><span class="pi">:</span> <span class="s1">'</span><span class="s">256m'</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">GITLAB_OMNIBUS_CONFIG</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">external_url 'https://${GITLAB_DOMAIN}'</span> <span class="s">nginx['listen_port'] = 80</span> <span class="s">nginx['listen_https'] = false</span> <span class="s">nginx['proxy_set_headers'] = {</span> <span class="s">"X-Forwarded-Proto" =&gt; "https",</span> <span class="s">"X-Forwarded-Ssl" =&gt; "on"</span> <span class="s">}</span> <span class="s">gitlab_rails['gitlab_shell_ssh_port'] = 2222</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">2222:22"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./config:/etc/gitlab</span> <span class="pi">-</span> <span class="s">./logs:/var/log/gitlab</span> <span class="pi">-</span> <span class="s">./data:/var/opt/gitlab</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.gitlab.rule=Host(`${GITLAB_DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.gitlab.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.gitlab.tls=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.gitlab.tls.certresolver=le"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.gitlab.loadbalancer.server.port=80"</span> </code></pre> </div> <p><strong>3. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>4. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <p>GitLab takes a few minutes to initialize on the first start.</p> <h2> Access GitLab </h2> <p><strong>1. Retrieve the initial root password:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>docker <span class="nb">exec</span> <span class="nt">-it</span> gitlab <span class="nb">grep</span> <span class="s1">'Password:'</span> /etc/gitlab/initial_root_password </code></pre> </div> <p>This file auto-deletes after 24 hours, so capture the password right away.</p> <p><strong>2. Sign in:</strong></p> <ul> <li> <strong>URL:</strong> <code>https://gitlab.example.com</code> </li> <li> <strong>Username:</strong> <code>root</code> </li> <li> <strong>Password:</strong> the value from the command above</li> </ul> <p>Change the root password immediately after first login.</p> <h2> Next Steps </h2> <p>GitLab CE is running and served securely over HTTPS. From here you can:</p> <ul> <li>Create groups and projects, and invite team members</li> <li>Configure GitLab Runners to execute CI/CD pipelines</li> <li>Set up SMTP for email notifications and SAML/OIDC for SSO</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-gitlab-ce-devops-management-suite" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> devops docker git cicd Sanskriti Harmukh Tue, 26 May 2026 15:18:31 +0000 https://dev.to/vultr/deploying-n8n-workflow-automation-engine-on-ubuntu-2404-3jpi https://dev.to/vultr/deploying-n8n-workflow-automation-engine-on-ubuntu-2404-3jpi <p>n8n is an open-source, node-based workflow automation engine (a self-hosted alternative to Zapier and Make) with hundreds of integrations and full control over data flow. This guide deploys n8n using Docker Compose with Traefik handling automatic HTTPS. By the end, you'll have an n8n instance running securely at your domain, ready to build workflows.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/n8n-automation/n8n-data <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/n8n-automation </code></pre> </div> <p><strong>2. Set ownership for the n8n data directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo chown</span> <span class="nt">-R</span> 1000:1000 n8n-data </code></pre> </div> <p><strong>3. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DOMAIN=n8n.example.com LETSENCRYPT_EMAIL=admin@example.com </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">n8n</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">n8nio/n8n:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">n8n</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">n8n</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5678"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./n8n-data:/home/node/.n8n"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">N8N_HOST=${DOMAIN}</span> <span class="pi">-</span> <span class="s">N8N_PORT=5678</span> <span class="pi">-</span> <span class="s">N8N_PROTOCOL=https</span> <span class="pi">-</span> <span class="s">WEBHOOK_URL=https://${DOMAIN}/</span> <span class="pi">-</span> <span class="s">GENERIC_TIMEZONE=UTC</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.n8n.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.n8n.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.n8n.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.n8n.loadbalancer.server.port=5678"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">letsencrypt</span><span class="pi">:</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <p><strong>4. View the logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Access n8n </h2> <p>Open <code>https://n8n.example.com</code> in a browser. The first sign-up creates the owner account — from there you can build workflows in the node-based editor or import community templates.</p> <h2> Next Steps </h2> <p>n8n is running and served securely over HTTPS. From here you can:</p> <ul> <li>Connect to your services with built-in nodes (HTTP, databases, SaaS APIs, AI)</li> <li>Add credentials and create scheduled, webhook-triggered, or event-driven workflows</li> <li>Switch persistence to PostgreSQL for production-scale workloads</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-n8n-workflow-automation-engine" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> automation docker devops selfhosted Sanskriti Harmukh Wed, 20 May 2026 14:04:17 +0000 https://dev.to/vultr/deploying-tempo-distributed-tracing-backend-on-ubuntu-2404-32kl https://dev.to/vultr/deploying-tempo-distributed-tracing-backend-on-ubuntu-2404-32kl <p>Tempo is an open-source, high-scale distributed tracing backend from Grafana Labs that ingests trace spans over Jaeger, OpenTelemetry, and Zipkin protocols. It requires only object storage and pairs natively with Grafana for trace visualization. This guide deploys Tempo using Docker Compose with Traefik handling automatic HTTPS, and verifies the backend through its status endpoints. By the end, you'll have Tempo accepting trace spans over HTTPS at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/tempo-tracing/<span class="o">{</span>tempo-data,tempo-config<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/tempo-tracing </code></pre> </div> <p><strong>2. Set ownership for the Tempo data directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo chown</span> <span class="nt">-R</span> 10001:10001 tempo-data </code></pre> </div> <p><strong>3. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code><span class="n">DOMAIN</span>=<span class="n">tempo</span>.<span class="n">example</span>.<span class="n">com</span> <span class="n">LETSENCRYPT_EMAIL</span>=<span class="n">admin</span>@<span class="n">example</span>.<span class="n">com</span> </code></pre> </div> <p><strong>4. Create the Tempo configuration file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano tempo-config/tempo-config.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">server</span><span class="pi">:</span> <span class="na">http_listen_port</span><span class="pi">:</span> <span class="m">3200</span> <span class="na">distributor</span><span class="pi">:</span> <span class="na">receivers</span><span class="pi">:</span> <span class="na">jaeger</span><span class="pi">:</span> <span class="na">protocols</span><span class="pi">:</span> <span class="na">thrift_http</span><span class="pi">:</span> <span class="na">grpc</span><span class="pi">:</span> <span class="na">otlp</span><span class="pi">:</span> <span class="na">protocols</span><span class="pi">:</span> <span class="na">http</span><span class="pi">:</span> <span class="na">grpc</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="na">trace</span><span class="pi">:</span> <span class="na">backend</span><span class="pi">:</span> <span class="s">local</span> <span class="na">local</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/var/tempo/traces</span> <span class="na">wal</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/var/tempo/wal</span> <span class="na">compactor</span><span class="pi">:</span> <span class="na">compaction</span><span class="pi">:</span> <span class="na">block_retention</span><span class="pi">:</span> <span class="s">168h</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">tempo</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">grafana/tempo:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">tempo</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">tempo</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3200"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">4317"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">4318"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">14250"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">14268"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./tempo-config/tempo-config.yaml:/etc/tempo/tempo.yaml"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./tempo-data:/var/tempo"</span> <span class="na">command</span><span class="pi">:</span> <span class="s">-config.file=/etc/tempo/tempo.yaml</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.tempo.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.tempo.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.tempo.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.tempo.loadbalancer.server.port=3200"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">letsencrypt</span><span class="pi">:</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <p><strong>4. View the logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Access Tempo </h2> <p><strong>1. Check the readiness endpoint:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl https://tempo.example.com/ready </code></pre> </div> <p>A <code>ready</code> response confirms the backend is up.</p> <p><strong>2. Query the service status:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl https://tempo.example.com/status </code></pre> </div> <p><strong>3. Check the build information:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl https://tempo.example.com/api/status/buildinfo </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="nl">"version"</span><span class="p">:</span><span class="s2">"v2.9.0"</span><span class="p">,</span><span class="nl">"revision"</span><span class="p">:</span><span class="s2">"032d47627"</span><span class="p">,</span><span class="nl">"branch"</span><span class="p">:</span><span class="s2">"main"</span><span class="p">,</span><span class="nl">"buildUser"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="nl">"buildDate"</span><span class="p">:</span><span class="s2">""</span><span class="p">,</span><span class="nl">"goVersion"</span><span class="p">:</span><span class="s2">"go1.25.1"</span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Next Steps </h2> <p>Tempo is running and accepting distributed trace spans over HTTPS. From here you can:</p> <ul> <li>Add Tempo as a data source in Grafana for trace visualization</li> <li>Point OpenTelemetry, Jaeger, or Zipkin exporters at your domain</li> <li>Swap the local storage backend for S3-compatible object storage at scale</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-tempo-distributed-tracing-backend" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> observability docker devops opensource Sanskriti Harmukh Wed, 20 May 2026 14:04:03 +0000 https://dev.to/vultr/deploying-technitium-dns-server-platform-on-ubuntu-2404-99d https://dev.to/vultr/deploying-technitium-dns-server-platform-on-ubuntu-2404-99d <p>Technitium DNS Server is an open-source, authoritative and recursive DNS server built for privacy and security, with DNS-over-TLS, DNS-over-HTTPS, ad blocking, and a modern web console for zone and record management. This guide deploys Technitium using Docker Compose with Traefik securing the web console over HTTPS, after freeing the system's port 53. By the end, you'll have a working DNS server resolving queries with an HTTPS-secured admin console.</p> <h2> Free Port 53 </h2> <p>Ubuntu's <code>systemd-resolved</code> binds port 53 by default. Release it before deploying.</p> <p><strong>1. Stop and disable <code>systemd-resolved</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>systemctl stop systemd-resolved <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>systemctl disable systemd-resolved </code></pre> </div> <p><strong>2. Replace the resolver configuration:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo rm</span> /etc/resolv.conf <span class="gp">$</span><span class="w"> </span><span class="nb">echo</span> <span class="s2">"nameserver 1.1.1.1"</span> | <span class="nb">sudo tee</span> /etc/resolv.conf </code></pre> </div> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/technitium/<span class="o">{</span>config,letsencrypt<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/technitium </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code><span class="n">DOMAIN</span>=<span class="n">technitium</span>.<span class="n">example</span>.<span class="n">com</span> <span class="n">LETSENCRYPT_EMAIL</span>=<span class="n">admin</span>@<span class="n">example</span>.<span class="n">com</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Add your user to the Docker group:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker </code></pre> </div> <p><strong>2. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DOCKER_API_VERSION</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.44"</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.network=traefik-public"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">./letsencrypt:/letsencrypt</span> <span class="na">dns-server</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">technitium/dns-server:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">dns-server</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">TZ=UTC</span> <span class="pi">-</span> <span class="s">DNS_SERVER_DOMAIN=${DOMAIN}</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">53:53/udp"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">53:53/tcp"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./config:/etc/dns</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.dns.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.dns.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.dns.tls=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.dns.tls.certresolver=le"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.dns.loadbalancer.server.port=5380"</span> </code></pre> </div> <p><strong>3. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>4. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <h2> Initial Configuration </h2> <ol> <li>Navigate to <code>https://technitium.example.com</code>.</li> <li>Log in with the default credentials <code>admin</code> / <code>admin</code>.</li> <li>Change the password when prompted.</li> <li>Go to <strong>Settings → Proxy &amp; Forwarders</strong>.</li> <li>Add upstream DNS providers, one per line: <code>1.1.1.1</code> and <code>8.8.8.8</code>.</li> <li>Click <strong>Save Settings</strong>.</li> </ol> <h2> Test Resolution </h2> <p>From any machine, query the server by its IP:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>dig @SERVER_IP vultr.com </code></pre> </div> <p>A valid answer section confirms the DNS server is resolving queries.</p> <h2> Next Steps </h2> <p>Technitium is running with an HTTPS-secured console. From here you can:</p> <ul> <li>Create authoritative zones and records for your domains</li> <li>Enable DNS-over-TLS and DNS-over-HTTPS for encrypted resolution</li> <li>Turn on block lists to filter ads and malicious domains network-wide</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-technitium-dns-server-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> docker devops networking opensource