The latest articles on DEV Community by Sanskriti Harmukh (@sharmukh). https://dev.to/sharmukh https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3900728%2F38e545fb-274b-483d-a868-8780a6503800.png https://dev.to/sharmukh en Sanskriti Harmukh Tue, 16 Jun 2026 20:57:20 +0000 https://dev.to/vultr/deploying-label-studio-open-source-data-labeling-platform-on-ubuntu-2404-5bd0 https://dev.to/vultr/deploying-label-studio-open-source-data-labeling-platform-on-ubuntu-2404-5bd0 <p>Label Studio is an open-source data labeling platform that supports annotation across text, images, audio, video, and time series, with collaborative workflows and ML-model integrations. This guide deploys Label Studio using Docker Compose with Traefik handling automatic HTTPS and persistent volumes for projects and labels. By the end, you'll have Label Studio serving an annotation workspace securely at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> ~/labelstudio <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/labelstudio </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">labelstudio.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">labelstudio</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">heartexlabs/label-studio:1.23.0</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">labelstudio</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8080"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">DJANGO_ALLOWED_HOSTS=${DOMAIN}</span> <span class="pi">-</span> <span class="s">CSRF_TRUSTED_ORIGINS=https://${DOMAIN}</span> <span class="pi">-</span> <span class="s">USE_X_FORWARDED_HOST=true</span> <span class="pi">-</span> <span class="s">SECURE_PROXY_SSL_HEADER=HTTP_X_FORWARDED_PROTO,https</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data:/label-studio/data</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.labelstudio.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.labelstudio.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.labelstudio.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.labelstudio.loadbalancer.server.port=8080"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Create the data directory with group write access:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir </span>data <span class="gp">$</span><span class="w"> </span><span class="nb">sudo chown</span> :0 data </code></pre> </div> <p><strong>3. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>4. Verify the services and view logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Create the Admin and a Sample Project </h2> <p><strong>1.</strong> Open <code>https://labelstudio.example.com</code> and click <strong>Sign Up</strong> to create the first administrator.</p> <p><strong>2.</strong> From the dashboard, click <strong>Create Project</strong> and set:</p> <ul> <li> <strong>Project Name:</strong> <code>Sentiment Analysis</code> </li> <li> <strong>Labeling Template:</strong> <strong>Text Classification</strong> </li> </ul> <p><strong>3.</strong> Click <strong>Save</strong>, then <strong>Import</strong> and paste the sample data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="nl">"text"</span><span class="p">:</span><span class="w"> </span><span class="s2">"This product is amazing."</span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="nl">"text"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Worst experience ever."</span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <p><strong>4.</strong> Annotate each task, click <strong>Submit</strong>, and confirm the Data Manager shows them as <strong>Completed</strong>.</p> <h2> Next Steps </h2> <p>Label Studio is running and served securely over HTTPS. From here you can:</p> <ul> <li>Configure ML backends (PyTorch, scikit-learn) for active learning loops</li> <li>Invite collaborators with role-based permissions per project</li> <li>Export annotated datasets in COCO, YOLO, JSON, or CSV for downstream training</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-label-studio-open-source-data-labeling-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> ai docker devops datascience Sanskriti Harmukh Tue, 16 Jun 2026 20:55:36 +0000 https://dev.to/vultr/deploying-kestra-open-source-workflow-orchestration-platform-on-ubuntu-2404-4nei https://dev.to/vultr/deploying-kestra-open-source-workflow-orchestration-platform-on-ubuntu-2404-4nei <p>Kestra is an open-source workflow orchestration platform that runs YAML-defined pipelines on schedules, triggers, or events, with a web UI for managing executions, logs, and metadata. This guide deploys Kestra using Docker Compose with a PostgreSQL backend and Traefik handling automatic HTTPS. By the end, you'll have Kestra running a sample workflow with a SUCCESS execution at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directories:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/kestra/data/<span class="o">{</span>postgres,kestra,traefik<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/kestra </code></pre> </div> <p><code>postgres/</code> holds the database, <code>kestra/</code> holds execution artifacts, <code>traefik/</code> holds Let's Encrypt certificates.</p> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">POSTGRES_DB</span><span class="p">=</span><span class="s">kestra</span> <span class="py">POSTGRES_USER</span><span class="p">=</span><span class="s">kestra</span> <span class="py">POSTGRES_PASSWORD</span><span class="p">=</span><span class="s">STRONG-PASSWORD</span> <span class="py">DOMAIN</span><span class="p">=</span><span class="s">kestra.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.tlschallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">./data/traefik:/letsencrypt</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:15</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">${POSTGRES_DB}</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">${POSTGRES_USER}</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">${POSTGRES_PASSWORD}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data/postgres:/var/lib/postgresql/data</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD-SHELL"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">${POSTGRES_USER}"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">kestra</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">kestra/kestra:v1.3.6</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">command</span><span class="pi">:</span> <span class="s">server standalone</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">KESTRA_CONFIGURATION</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">datasources:</span> <span class="s">postgres:</span> <span class="s">url: jdbc:postgresql://postgres:5432/${POSTGRES_DB}</span> <span class="s">driverClassName: org.postgresql.Driver</span> <span class="s">username: ${POSTGRES_USER}</span> <span class="s">password: ${POSTGRES_PASSWORD}</span> <span class="s">kestra:</span> <span class="s">repository:</span> <span class="s">type: postgres</span> <span class="s">storage:</span> <span class="s">type: local</span> <span class="s">local:</span> <span class="s">basePath: /app/storage</span> <span class="s">queue:</span> <span class="s">type: postgres</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data/kestra:/app/storage</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kestra.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kestra.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kestra.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.kestra.loadbalancer.server.port=8080"</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Create the Admin Account </h2> <ol> <li>Open <code>https://kestra.example.com</code>.</li> <li>On the <strong>Create an admin user</strong> page, fill in email and a password with ≥8 characters, ≥1 uppercase, ≥1 number.</li> <li>Click <strong>Create admin user</strong>, then <strong>Start Kestra UI</strong>.</li> </ol> <h2> Create and Run a Sample Workflow </h2> <p><strong>1. Click **Flows → Create</strong> in the sidebar, then paste:**<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">id</span><span class="pi">:</span> <span class="s">hello_world</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">demo</span> <span class="na">tasks</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">id</span><span class="pi">:</span> <span class="s">log_message</span> <span class="na">type</span><span class="pi">:</span> <span class="s">io.kestra.core.tasks.log.Log</span> <span class="na">message</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Hello</span><span class="nv"> </span><span class="s">from</span><span class="nv"> </span><span class="s">Kestra!"</span> </code></pre> </div> <p><strong>2. Click **Save</strong>, then <strong>Execute</strong> in the top right.**</p> <p><strong>3. Open **Executions</strong> and select the run** — the status should read <code>SUCCESS</code>.</p> <h2> Next Steps </h2> <p>Kestra is running and served securely over HTTPS. From here you can:</p> <ul> <li>Add schedules, webhook triggers, and event-based triggers to your flows</li> <li>Install plugins for AWS, GCP, Kubernetes, dbt, and Python tasks</li> <li>Wire RBAC for multi-team usage and store secrets via the secret manager</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-kestra-open-source-workflow-orchestration-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> automation docker devops selfhosted Sanskriti Harmukh Tue, 16 Jun 2026 20:55:00 +0000 https://dev.to/vultr/deploying-jina-serve-open-source-neural-search-and-ai-serving-framework-on-ubuntu-2404-1m8g https://dev.to/vultr/deploying-jina-serve-open-source-neural-search-and-ai-serving-framework-on-ubuntu-2404-1m8g <p>Jina Serve is an open-source framework for building neural search and multimodal AI applications, with a cloud-native runtime that handles dynamic batching, async streaming, and microservice orchestration. This guide deploys a Jina Flow with a custom text executor using Docker Compose, with Traefik handling automatic HTTPS in front of the gateway. By the end, you'll have a Jina Flow serving an <code>/index</code> and <code>/search</code> API securely at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/jina-serve/executor <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/jina-serve </code></pre> </div> <p><strong>2. Create the executor module:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano executor/executor.py </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">jina</span> <span class="kn">import</span> <span class="n">Executor</span><span class="p">,</span> <span class="n">requests</span> <span class="kn">from</span> <span class="n">docarray</span> <span class="kn">import</span> <span class="n">BaseDoc</span><span class="p">,</span> <span class="n">DocList</span> <span class="k">class</span> <span class="nc">TextDoc</span><span class="p">(</span><span class="n">BaseDoc</span><span class="p">):</span> <span class="n">text</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">""</span> <span class="k">class</span> <span class="nc">TextProcessor</span><span class="p">(</span><span class="n">Executor</span><span class="p">):</span> <span class="nd">@requests</span><span class="p">(</span><span class="n">on</span><span class="o">=</span><span class="sh">"</span><span class="s">/index</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">index</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">docs</span><span class="p">:</span> <span class="n">DocList</span><span class="p">[</span><span class="n">TextDoc</span><span class="p">],</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">DocList</span><span class="p">[</span><span class="n">TextDoc</span><span class="p">]:</span> <span class="k">for</span> <span class="n">doc</span> <span class="ow">in</span> <span class="n">docs</span><span class="p">:</span> <span class="k">if</span> <span class="n">doc</span><span class="p">.</span><span class="n">text</span><span class="p">:</span> <span class="n">doc</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="n">doc</span><span class="p">.</span><span class="n">text</span><span class="p">.</span><span class="nf">upper</span><span class="p">()</span> <span class="k">return</span> <span class="n">docs</span> <span class="nd">@requests</span><span class="p">(</span><span class="n">on</span><span class="o">=</span><span class="sh">"</span><span class="s">/search</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">search</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">docs</span><span class="p">:</span> <span class="n">DocList</span><span class="p">[</span><span class="n">TextDoc</span><span class="p">],</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">DocList</span><span class="p">[</span><span class="n">TextDoc</span><span class="p">]:</span> <span class="k">return</span> <span class="n">docs</span> </code></pre> </div> <p><strong>3. Pin the executor's Python dependencies:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano executor/requirements.txt </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>jina==3.34.0 docarray&gt;=0.40.0 </code></pre> </div> <p><strong>4. Wire the executor into Jina's loader:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano executor/config.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">jtype</span><span class="pi">:</span> <span class="s">TextProcessor</span> <span class="na">py_modules</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">executor.py</span> </code></pre> </div> <p><strong>5. Define the Flow:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano flow.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">jtype</span><span class="pi">:</span> <span class="s">Flow</span> <span class="na">with</span><span class="pi">:</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">http</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">executors</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">textprocessor</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">executor/config.yml</span> </code></pre> </div> <p><strong>6. Build the container image with the Flow baked in:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano Dockerfile </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> jinaai/jina:3.34.0-py39-standard</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> executor/requirements.txt /app/executor/requirements.txt</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> <span class="nt">-r</span> /app/executor/requirements.txt <span class="k">COPY</span><span class="s"> executor /app/executor</span> <span class="k">COPY</span><span class="s"> flow.yml /app/flow.yml</span> <span class="k">ENTRYPOINT</span><span class="s"> ["jina", "flow", "--uses", "flow.yml"]</span> </code></pre> </div> <p><strong>7. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">jina.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">JINA_LOG_LEVEL</span><span class="p">=</span><span class="s">INFO</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">jina</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">.</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">jina-flow</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">JINA_LOG_LEVEL=${JINA_LOG_LEVEL}</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8080"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.jina.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.jina.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.jina.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.jina.loadbalancer.server.port=8080"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Build and start the stack:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> <span class="nt">--build</span> </code></pre> </div> <p><strong>3. Verify the services and tail logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Verify the Gateway </h2> <p><strong>1. Check the status endpoint:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl https://jina.example.com/status </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="nl">"jina"</span><span class="p">:{</span><span class="nl">"jina"</span><span class="p">:</span><span class="s2">"3.34.0"</span><span class="p">,</span><span class="nl">"docarray"</span><span class="p">:</span><span class="s2">"0.40.1"</span><span class="err">...</span><span class="w"> </span></code></pre> </div> <p><strong>2. POST a document to <code>/index</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-X</span> POST https://jina.example.com/index <span class="se">\</span> <span class="go"> -H "Content-Type: application/json" \ -d '{"data": [{"text": "hello world"}]}' </span></code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="nl">"data"</span><span class="p">:[{</span><span class="nl">"id"</span><span class="p">:</span><span class="kc">null</span><span class="p">,</span><span class="nl">"text"</span><span class="p">:</span><span class="s2">"HELLO WORLD"</span><span class="p">}],</span><span class="err">...</span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>3. POST to <code>/search</code> to see the passthrough endpoint:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-X</span> POST https://jina.example.com/search <span class="se">\</span> <span class="go"> -H "Content-Type: application/json" \ -d '{"data": [{"text": "test message"}]}' </span></code></pre> </div> <p><strong>4. Submit a batch of documents:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-X</span> POST https://jina.example.com/index <span class="se">\</span> <span class="go"> -H "Content-Type: application/json" \ -d '{"data": [{"text": "first"}, {"text": "second"}, {"text": "third"}]}' </span></code></pre> </div> <h2> Next Steps </h2> <p>Jina Serve is running and serving requests over HTTPS. From here you can:</p> <ul> <li>Add more executors to the Flow for pre-processing, embedding, and ranking</li> <li>Switch the runtime to GPU images for accelerated inference</li> <li>Persist embeddings in Qdrant, Weaviate, or other vector stores</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-jina-serve-open-source-neural-search-and-ai-serving-framework" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> ai docker devops search Sanskriti Harmukh Tue, 16 Jun 2026 20:54:16 +0000 https://dev.to/vultr/deploying-instant-open-source-firebase-alternative-on-ubuntu-2404-2kfj https://dev.to/vultr/deploying-instant-open-source-firebase-alternative-on-ubuntu-2404-2kfj <p>Instant (InstantDB) is an open-source, real-time backend platform (a self-hosted alternative to Firebase) built around a PostgreSQL store with relational queries, authentication, and live sync. This guide deploys Instant using Docker Compose with PostgreSQL and Traefik for automatic HTTPS. By the end, you'll have Instant serving its backend API securely at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory and clone Instant:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> ~/instant <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/instant <span class="gp">$</span><span class="w"> </span>git clone https://github.com/instantdb/instant.git app <span class="gp">$</span><span class="w"> </span><span class="nb">cd </span>app/server </code></pre> </div> <p><strong>2. Move the bundled Compose file aside (we'll provide our own):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mv </span>docker-compose.yml docker-compose.yml.bak </code></pre> </div> <p><strong>3. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">TZ</span><span class="p">=</span><span class="s">UTC</span> <span class="py">DOMAIN</span><span class="p">=</span><span class="s">instant.example.com</span> <span class="py">EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">POSTGRES_USER</span><span class="p">=</span><span class="s">instant</span> <span class="py">POSTGRES_PASSWORD</span><span class="p">=</span><span class="s">YOUR_DATABASE_PASSWORD</span> <span class="py">POSTGRES_DB</span><span class="p">=</span><span class="s">instant</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">ghcr.io/instantdb/postgresql:postgresql-16-pg-hint-plan</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">${POSTGRES_USER}</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">${POSTGRES_PASSWORD}</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">${POSTGRES_DB}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./postgres-data:/var/lib/postgresql/data</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">postgres</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="s">wal_level=logical</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="s">max_replication_slots=4</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="s">max_wal_senders=4</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="s">shared_preload_libraries=pg_hint_plan</span> <span class="pi">-</span> <span class="s">-c</span> <span class="pi">-</span> <span class="s">random_page_cost=1.1</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-U"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">instant"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">server</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">.</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile-dev</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">instant</span> <span class="na">working_dir</span><span class="pi">:</span> <span class="s">/app</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">make"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">dev-oss"</span><span class="pi">]</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">TZ</span><span class="pi">:</span> <span class="s">${TZ}</span> <span class="na">DATABASE_URL</span><span class="pi">:</span> <span class="s2">"</span><span class="s">postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}"</span> <span class="na">NREPL_BIND_ADDRESS</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.0.0.0"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./:/app</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8888"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.instant.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.instant.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.instant.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.instant.loadbalancer.server.port=8888"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Build and start the stack:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> <span class="nt">--build</span> </code></pre> </div> <p><strong>3. Verify the services and tail logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Verify the Backend </h2> <p><strong>1. Test the HTTPS endpoint:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl https://instant.example.com </code></pre> </div> <p>You should see:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;code&gt;Welcome to Instant's Backend!&lt;/code&gt; </code></pre> </div> <blockquote> <p><strong>Note:</strong> First request may take ~1 minute while Let's Encrypt issues the certificate.</p> </blockquote> <p><strong>2. Confirm in a browser:</strong></p> <p>Open <code>https://instant.example.com</code> and verify the page loads over HTTPS.</p> <h2> Verify Database Connectivity </h2> <p><strong>1. Open a <code>psql</code> session inside the postgres container:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose <span class="nb">exec </span>postgres psql <span class="nt">-U</span> instant <span class="nt">-d</span> instant </code></pre> </div> <p><strong>2. Run sample DDL/DML:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">messages</span> <span class="p">(</span><span class="n">id</span> <span class="nb">SERIAL</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">content</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">created_at</span> <span class="nb">TIMESTAMP</span> <span class="k">DEFAULT</span> <span class="n">NOW</span><span class="p">());</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">messages</span> <span class="p">(</span><span class="n">content</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'Hello from Instant'</span><span class="p">),</span> <span class="p">(</span><span class="s1">'Real-time sync test'</span><span class="p">);</span> <span class="k">SELECT</span> <span class="n">id</span><span class="p">,</span> <span class="n">content</span><span class="p">,</span> <span class="n">created_at</span> <span class="k">FROM</span> <span class="n">messages</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">created_at</span> <span class="k">DESC</span><span class="p">;</span> <span class="err">\</span><span class="n">q</span> </code></pre> </div> <p><strong>3. Review backend logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose logs <span class="nt">--tail</span><span class="o">=</span>20 server </code></pre> </div> <h2> Next Steps </h2> <p>Instant is running and served securely over HTTPS. From here you can:</p> <ul> <li>Wire client SDKs against your domain for live-sync apps</li> <li>Configure authentication providers and per-table permissions</li> <li>Set up backups against the <code>postgres-data</code> volume for durability</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-instant-open-source-firebase-alternative" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> backend docker devops selfhosted Sanskriti Harmukh Tue, 16 Jun 2026 20:53:30 +0000 https://dev.to/vultr/deploying-immich-an-open-source-alternative-to-google-photos-on-ubuntu-2404-np1 https://dev.to/vultr/deploying-immich-an-open-source-alternative-to-google-photos-on-ubuntu-2404-np1 <p>Immich is an open-source photo and video management platform — a self-hosted alternative to Google Photos — with native mobile apps, machine-learning search, and automatic backup. This guide deploys Immich using Docker Compose, fronts it with Nginx, and secures it with a Let's Encrypt TLS certificate. By the end, you'll have Immich syncing photos and videos securely at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> ~/immich <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/immich </code></pre> </div> <p><strong>2. Download the official <code>.env</code> template:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>wget <span class="nt">-O</span> .env https://github.com/immich-app/immich/releases/latest/download/example.env </code></pre> </div> <p><strong>3. Edit the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <p>Uncomment and set the timezone, plus customize secrets:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">TZ</span><span class="p">=</span><span class="s">Europe/London</span> </code></pre> </div> <p>Key variables in the file:</p> <ul> <li> <code>UPLOAD_LOCATION</code> — where uploaded media is stored</li> <li> <code>DB_DATA_LOCATION</code> — PostgreSQL data path</li> <li> <code>IMMICH_VERSION</code> — Immich release tag</li> <li> <code>DB_PASSWORD</code>, <code>DB_USERNAME</code>, <code>DB_DATABASE_NAME</code> — database credentials</li> </ul> <h2> Deploy with Docker Compose </h2> <p><strong>1. Download the official Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>wget https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml </code></pre> </div> <p>This brings up three services: <code>immich-server</code>, <code>postgres</code>, and <code>valkey</code> for cache/queues.</p> <p><strong>2. Add your user to the Docker group:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker </code></pre> </div> <p><strong>3. Start the stack:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>4. Verify the services are running and the API responds:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>curl <span class="nt">-X</span> GET 127.0.0.1:2283 </code></pre> </div> <h2> Front Immich with Nginx </h2> <p><strong>1. Install and enable Nginx:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>apt update <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>apt <span class="nb">install </span>nginx <span class="nt">-y</span> <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>systemctl <span class="nb">enable </span>nginx </code></pre> </div> <p><strong>2. Remove the default site:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo rm</span> /etc/nginx/sites-enabled/default </code></pre> </div> <p><strong>3. Create the Immich virtual host:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>nano /etc/nginx/sites-available/immich.conf </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">immich.example.com</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">client_max_body_size</span> <span class="mi">10M</span><span class="p">;</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:2283</span><span class="p">;</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">"upgrade"</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>4. Enable the site and reload:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/immich.conf /etc/nginx/sites-enabled/ <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>nginx <span class="nt">-t</span> <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>systemctl restart nginx </code></pre> </div> <p><strong>5. Open the firewall:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>ufw allow 80/tcp <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>ufw allow 443/tcp <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>ufw reload </code></pre> </div> <h2> Issue a Let's Encrypt Certificate </h2> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>apt <span class="nb">install </span>certbot python3-certbot-nginx <span class="nt">-y</span> <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>certbot <span class="nt">--nginx</span> <span class="nt">-d</span> immich.example.com <span class="nt">-m</span> admin@example.com <span class="nt">--non-interactive</span> </code></pre> </div> <p>Certbot edits the Nginx config in place and enables auto-renewal.</p> <h2> Access and Configure Immich </h2> <ol> <li>Open <code>https://immich.example.com</code> and click <strong>Getting Started</strong>.</li> <li>Create the admin account with email, password, and display name.</li> <li>Sign in and walk through the initial settings: theme, language, privacy, storage template, backup strategy.</li> <li>Click <strong>Upload</strong> to add a batch of photos. They appear under <strong>Photos</strong> once processed.</li> </ol> <p>Add team members from <strong>Administration → Users</strong> with per-user storage quotas.</p> <h2> Next Steps </h2> <p>Immich is running and served securely over HTTPS. From here you can:</p> <ul> <li>Install the iOS / Android app and point it at your domain for automatic phone backup</li> <li>Enable machine-learning search and face recognition for richer organisation</li> <li>Move <code>UPLOAD_LOCATION</code> to Vultr Block Storage to scale beyond the host disk</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-immich-an-opensource-alternative-to-google-photos" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> selfhosted docker devops photos Sanskriti Harmukh Tue, 16 Jun 2026 20:52:38 +0000 https://dev.to/vultr/deploying-discourse-open-source-community-discussion-platform-on-ubuntu-2404-339g https://dev.to/vultr/deploying-discourse-open-source-community-discussion-platform-on-ubuntu-2404-339g <p>Discourse is an open-source community discussion platform that merges traditional forums, mailing-list workflows, and real-time conversations into a mobile-first interface. This guide deploys Discourse on Ubuntu 24.04 using the official installer, which handles Docker setup, configuration generation, and automatic Let's Encrypt HTTPS. By the end, you'll have a Discourse forum running securely at your domain with the community dashboard ready.</p> <blockquote> <p><strong>Prerequisite:</strong> A Discourse ID account at <a href="https://id.discourse.com" rel="noopener noreferrer">id.discourse.com</a>. Custom domain or a free <code>discourse.diy</code> subdomain works.</p> </blockquote> <h2> Claim a Free Subdomain (Optional) </h2> <p>If you don't have a custom domain:</p> <ol> <li>Visit <code>https://id.discourse.com/my/subdomain</code>.</li> <li>Sign in with your Discourse ID account.</li> <li>Pick a unique subdomain (e.g. <code>mydiscourse.discourse.diy</code>).</li> <li>Click <strong>Claim Subdomain</strong>.</li> <li>Generate the verification code (expires in 10 minutes — keep it ready).</li> </ol> <h2> Run the Discourse Installer </h2> <blockquote> <p><strong>Warning:</strong> Run installer scripts only from trusted sources. The Discourse installer runs as root and modifies Docker, firewall rules, and TLS settings.</p> </blockquote> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir </span>discourse <span class="gp">$</span><span class="w"> </span><span class="nb">cd </span>discourse </code></pre> </div> <p><strong>2. Download and execute the installer:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>wget <span class="nt">-qO-</span> https://raw.githubusercontent.com/discourse/discourse_docker/main/install-discourse | <span class="nb">sudo </span>bash </code></pre> </div> <p>The script installs Docker, generates configuration, enables Let's Encrypt, and launches the setup wizard.</p> <h2> Configure the Deployment </h2> <p>The interactive wizard prompts for:</p> <ul> <li> <strong>Admin email</strong> — your Discourse ID account email.</li> <li> <strong>Domain selection</strong> — <code>No</code> to use a <code>discourse.diy</code> subdomain (enter the verification code); <code>Yes</code> for a custom domain already pointing at the server.</li> <li> <strong>SMTP configuration</strong> — <code>No</code> to defer until later; <code>Yes</code> to configure SMTP now.</li> </ul> <p>After reviewing the settings, select <strong>Yes</strong> to deploy. The first build can take a few minutes.</p> <p><strong>Verify the container is running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker ps </code></pre> </div> <p>Look for a container named <code>app</code> using the <code>local_discourse/app</code> image with ports 80 and 443 mapped.</p> <h2> Access the Discourse Dashboard </h2> <p><strong>1. Open the site over HTTPS:</strong></p> <p><code>https://discourse.example.com</code></p> <p><strong>2. Sign in with **Login with Discourse ID</strong>.**</p> <p><strong>3. Complete the Getting Started wizard:</strong></p> <ul> <li> <strong>Community name</strong> — forum title.</li> <li> <strong>Language</strong> — primary interface language.</li> <li> <strong>Visibility</strong> — public (searchable) or private (login required).</li> <li> <strong>Registration</strong> — open sign-up or invite only.</li> <li> <strong>Account approval</strong> — toggle moderator review for new users.</li> </ul> <p><strong>4. Create a starter category and publish an introduction topic</strong> from the <strong>New Topic</strong> button.</p> <h2> Next Steps </h2> <p>Discourse is running with HTTPS at your domain. From here you can:</p> <ul> <li>Configure SMTP under <strong>Admin → Email</strong> for transactional and digest emails</li> <li>Install themes and plugins from the official marketplace</li> <li>Enable single sign-on (Discourse Connect, SAML, OAuth) to bridge your existing user base</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-discourse-open-source-community-discussion-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> selfhosted docker devops forum Sanskriti Harmukh Tue, 16 Jun 2026 20:52:04 +0000 https://dev.to/vultr/deploying-cyberchef-open-source-data-transformation-platform-on-ubuntu-2404-23p5 https://dev.to/vultr/deploying-cyberchef-open-source-data-transformation-platform-on-ubuntu-2404-23p5 <p>CyberChef is GCHQ's open-source "cyber swiss army knife", a browser-based tool for encoding, encryption, compression, and data analysis pipelines. Everything runs client-side, so no data ever leaves the browser. This guide deploys CyberChef using Docker Compose with Traefik handling automatic HTTPS. By the end, you'll have CyberChef serving its full operations catalogue securely at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/cyberchef <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/cyberchef </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">cyberchef.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> </code></pre> </div> <p>CyberChef is stateless — no other directories are needed.</p> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">cyberchef</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">ghcr.io/gchq/cyberchef:10.22.0</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">cyberchef</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.cyberchef.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.cyberchef.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.cyberchef.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.cyberchef.loadbalancer.server.port=80"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">letsencrypt</span><span class="pi">:</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Access CyberChef </h2> <p>Open <code>https://cyberchef.example.com</code> in a browser. The four-panel UI loads:</p> <ul> <li> <strong>Operations</strong> (left): searchable transform list</li> <li> <strong>Recipe</strong> (centre): chain of operations</li> <li> <strong>Input</strong> (top right): paste data</li> <li> <strong>Output</strong> (bottom right): result</li> </ul> <h2> Run a Sample Recipe </h2> <p><strong>1. Paste the Base64 input:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">Q3liZXJDaGVmIHN1Y2Nlc3NmdWxseSBkZXBsb3llZCE</span><span class="p">=</span> </code></pre> </div> <p><strong>2. Search for <code>From Base64</code>, drag it into the Recipe panel, then click Bake.</strong></p> <p>The Output panel shows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>CyberChef successfully deployed! </code></pre> </div> <h2> Next Steps </h2> <p>CyberChef is running and served securely over HTTPS. From here you can:</p> <ul> <li>Save recipes as shareable URLs or JSON for reuse</li> <li>Pin operations as favourites for quick recall</li> <li>Front CyberChef with Authelia or basic auth if you want access control</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-cyberchef-open-source-data-transformation-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> security docker devops selfhosted Sanskriti Harmukh Tue, 16 Jun 2026 20:50:21 +0000 https://dev.to/vultr/deploying-caprover-self-hosted-paas-for-docker-applications-on-ubuntu-2404-2faa https://dev.to/vultr/deploying-caprover-self-hosted-paas-for-docker-applications-on-ubuntu-2404-2faa <p>CapRover is an open-source, self-hosted Platform-as-a-Service that automates application deployment with Docker Swarm, Nginx, and automatic Let's Encrypt certificates. This guide deploys CapRover on Ubuntu 24.04 using Docker Compose, opens the required firewall ports, enables HTTPS for the dashboard, and deploys a sample app from the one-click marketplace. By the end, you'll have a CapRover PaaS running apps on subdomains of your wildcard root domain.</p> <blockquote> <p><strong>Prerequisite:</strong> A wildcard DNS A record (e.g. <code>*.apps.example.com</code>) pointing at the server's IP. Don't use a proxying DNS (Cloudflare orange-cloud), or the ACME challenge will fail.</p> </blockquote> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/caprover <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/caprover </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">ACCEPTED_TERMS</span><span class="p">=</span><span class="s">true</span> <span class="py">DEFAULT_PASSWORD</span><span class="p">=</span><span class="s">StrongPassword-321</span> <span class="py">CAPROVER_ROOT_DOMAIN</span><span class="p">=</span><span class="s">apps.example.com</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">caprover</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">caprover/caprover:1.14.1</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3000:3000"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">ACCEPTED_TERMS</span><span class="pi">:</span> <span class="s2">"</span><span class="s">${ACCEPTED_TERMS}"</span> <span class="na">DEFAULT_PASSWORD</span><span class="pi">:</span> <span class="s2">"</span><span class="s">${DEFAULT_PASSWORD}"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock</span> <span class="pi">-</span> <span class="s">/captain:/captain</span> </code></pre> </div> <h2> Configure the Firewall </h2> <p><strong>1. Allow SSH and the CapRover ports:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>ufw allow OpenSSH <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>ufw allow 80,443,996,7946,4789,2377/tcp <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>ufw allow 3000/tcp <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>ufw allow 7946,4789,2377,443/udp </code></pre> </div> <p><strong>2. Enable and verify the firewall:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>ufw <span class="nb">enable</span> <span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>ufw status </code></pre> </div> <p>Port <code>3000</code> is the initial dashboard and will be closed after HTTPS is forced.</p> <h2> Start CapRover </h2> <p><strong>1. Launch the stack in detached mode:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>2. Verify Swarm services and tail the init logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker service <span class="nb">ls</span> <span class="gp">$</span><span class="w"> </span>docker service logs captain-captain <span class="nt">--tail</span> 20 </code></pre> </div> <p>Wait until the log prints <code>Captain is initialized and ready to serve you</code>.</p> <h2> Configure the Dashboard </h2> <p><strong>1. Sign in:</strong></p> <p>Open <code>http://YOUR_SERVER_IP:3000</code> and authenticate with <code>DEFAULT_PASSWORD</code> from <code>.env</code>.</p> <p><strong>2. Set the root domain:</strong></p> <p>Enter <code>apps.example.com</code>, click <strong>Update Domain</strong>, and reopen <code>http://YOUR_SERVER_IP:3000</code> once CapRover confirms DNS resolution.</p> <p><strong>3. Enable and force HTTPS:</strong></p> <p>Click <strong>Enable HTTPS</strong>, enter the Let's Encrypt email, then click <strong>Force HTTPS</strong>. The dashboard now lives at <code>https://captain.apps.example.com</code>.</p> <p><strong>4. Close port 3000 and change the password:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>ufw delete allow 3000/tcp </code></pre> </div> <p>Change the dashboard password from <strong>Settings</strong> in the sidebar.</p> <h2> Deploy a Sample App </h2> <p><strong>1. From the dashboard, open Apps → One-Click Apps/Databases.</strong></p> <ol> <li>Search <strong>Uptime Kuma</strong>.</li> <li>Set the App Name to <code>uptime-kuma</code> and the version to <code>latest</code>.</li> <li>Click <strong>Deploy</strong>.</li> </ol> <p><strong>5. Enable HTTPS for the app:</strong></p> <p>Go to <strong>Apps → uptime-kuma</strong>, confirm <strong>Websocket Support</strong> is enabled, click <strong>Enable HTTPS</strong>, check <strong>Force HTTPS</strong>, and click <strong>Save &amp; Restart</strong>. The app is live at <code>https://uptime-kuma.apps.example.com</code>.</p> <p>If a deploy fails, check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker service logs captain-captain <span class="nt">--tail</span> 50 </code></pre> </div> <h2> Next Steps </h2> <p>CapRover is running with HTTPS for the dashboard and a sample app deployed. From here you can:</p> <ul> <li>Deploy your own apps via the CapRover CLI (<code>captain-cli</code>) or <code>tar.gz</code> upload</li> <li>Wire <code>git push</code> deploys with GitHub/GitLab webhooks</li> <li>Cluster multiple servers into a single Swarm for horizontal scaling</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-caprover-self-hosted-paas-for-docker-applications" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> paas docker devops selfhosted Sanskriti Harmukh Tue, 16 Jun 2026 20:49:41 +0000 https://dev.to/vultr/deploying-calcom-open-source-calendly-alternative-on-ubuntu-2404-57mj https://dev.to/vultr/deploying-calcom-open-source-calendly-alternative-on-ubuntu-2404-57mj <p>Cal.com is an open-source scheduling platform (a self-hosted alternative to Calendly) that handles bookings, event types, and calendar integrations on infrastructure you control. This guide deploys Cal.com with a PostgreSQL backend using Docker Compose, with Traefik handling automatic HTTPS. By the end, you'll have Cal.com serving bookings securely at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir </span>calcom <span class="gp">$</span><span class="w"> </span><span class="nb">cd </span>calcom </code></pre> </div> <p><strong>2. Generate two random secrets:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>openssl rand <span class="nt">-base64</span> 32 <span class="gp">$</span><span class="w"> </span>openssl rand <span class="nt">-base64</span> 32 </code></pre> </div> <p>Save the outputs — they go into <code>.env</code> as <code>NEXTAUTH_SECRET</code> and <code>CALENDSO_ENCRYPTION_KEY</code>.</p> <p><strong>3. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">NODE_ENV</span><span class="p">=</span><span class="s">production</span> <span class="py">DOMAIN</span><span class="p">=</span><span class="s">cal.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">NEXT_PUBLIC_WEBAPP_URL</span><span class="p">=</span><span class="s">https://cal.example.com</span> <span class="py">NEXTAUTH_URL</span><span class="p">=</span><span class="s">https://cal.example.com</span> <span class="py">ALLOWED_HOSTNAMES</span><span class="p">=</span><span class="s">["cal.example.com"]</span> <span class="py">NEXTAUTH_URL_INTERNAL</span><span class="p">=</span><span class="s">http://calcom:3000</span> <span class="py">AUTH_TRUST_HOST</span><span class="p">=</span><span class="s">true</span> <span class="py">NEXTAUTH_SECRET</span><span class="p">=</span><span class="s">REPLACE_WITH_GENERATED_SECRET</span> <span class="py">CALENDSO_ENCRYPTION_KEY</span><span class="p">=</span><span class="s">REPLACE_WITH_GENERATED_ENCRYPTION_KEY</span> <span class="py">DATABASE_URL</span><span class="p">=</span><span class="s">postgresql://calcom:calcompass@postgres:5432/calcom</span> <span class="py">DATABASE_DIRECT_URL</span><span class="p">=</span><span class="s">postgresql://calcom:calcompass@postgres:5432/calcom</span> <span class="py">CALCOM_TELEMETRY_DISABLED</span><span class="p">=</span><span class="s">1</span> <span class="py">CAL_SIGNATURE_TOKEN</span><span class="p">=</span><span class="s">self-hosted</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Add your user to the Docker group:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker </code></pre> </div> <p><strong>2. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">./letsencrypt:/letsencrypt</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:15</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">calcom</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">calcompass</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">calcom</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./postgres-data:/var/lib/postgresql/data</span> <span class="na">calcom</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">calcom/cal.com:v6.2.0</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">calcom</span> <span class="na">env_file</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">.env</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">postgres</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3000"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.calcom.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.calcom.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.calcom.tls=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.calcom.tls.certresolver=le"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.calcom.loadbalancer.server.port=3000"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./calcom-data:/data/app/.data</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>3. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>4. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs calcom </code></pre> </div> <h2> Complete the Setup Wizard </h2> <ol> <li>Navigate to <code>https://cal.example.com/auth/setup</code>.</li> <li>Fill in administrator username, full name, email, and password.</li> <li>Accept the AGPLv3 license option.</li> <li>Pick integrations and complete profile (timezone, calendars, video conferencing).</li> <li>Set availability and event types.</li> </ol> <h2> Create and Test a Booking </h2> <ol> <li>Open the sidebar and select <strong>Event Types → New</strong>.</li> <li>Fill in title, description, and duration.</li> <li>Copy the booking URL, open it in an incognito window, pick a slot, and confirm.</li> <li>Refresh the <strong>Bookings</strong> view to see the new event appear.</li> </ol> <h2> Next Steps </h2> <p>Cal.com is running and served securely over HTTPS. From here you can:</p> <ul> <li>Connect Google, Microsoft 365, or Apple calendars for two-way sync</li> <li>Add team event types with round-robin or collective scheduling</li> <li>Configure webhooks and Zapier triggers for downstream automation</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-cal-com-open-source-calendly-alternative" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> selfhosted docker devops scheduling Sanskriti Harmukh Tue, 16 Jun 2026 20:49:01 +0000 https://dev.to/vultr/deploying-authelia-open-source-authentication-and-authorization-gateway-on-ubuntu-2404-134 https://dev.to/vultr/deploying-authelia-open-source-authentication-and-authorization-gateway-on-ubuntu-2404-134 <p>Authelia is an open-source authentication and authorization gateway that adds SSO, two-factor authentication, and policy-based access control in front of web applications, integrating natively with reverse proxies through forward-auth. This guide deploys Authelia using Docker Compose with Traefik handling automatic HTTPS, file-backed users, TOTP 2FA, and a sample <code>whoami</code> app protected by forward-auth. By the end, you'll have Authelia gating multiple subdomains with SSO and 2FA over HTTPS.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/authelia/<span class="o">{</span>config,secrets,logs<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/authelia </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> </code></pre> </div> <p>DNS A records for <code>auth.${DOMAIN}</code>, <code>app.${DOMAIN}</code>, and <code>traefik.${DOMAIN}</code> must point at the server.</p> <h2> Generate Authelia Secrets </h2> <p><strong>1. Own the secrets directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo chown </span>8000:8000 ./secrets <span class="gp">$</span><span class="w"> </span><span class="nb">sudo chmod </span>0700 ./secrets </code></pre> </div> <p><strong>2. Generate session, storage, and JWT secrets in one shot:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker run <span class="nt">--rm</span> <span class="nt">-u</span> 8000:8000 <span class="nt">-v</span> ./secrets:/secrets docker.io/authelia/authelia:4.39 <span class="se">\</span> <span class="go"> sh -c "cd /secrets &amp;&amp; authelia crypto rand --length 64 session_secret.txt storage_encryption_key.txt jwt_secret.txt" </span></code></pre> </div> <h2> Write the Authelia Configuration </h2> <p><strong>1. Create the configuration file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano config/configuration.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">server</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="s1">'</span><span class="s">tcp4://:9091'</span> <span class="na">log</span><span class="pi">:</span> <span class="na">level</span><span class="pi">:</span> <span class="s1">'</span><span class="s">info'</span> <span class="na">file_path</span><span class="pi">:</span> <span class="s1">'</span><span class="s">/var/log/authelia/authelia.log'</span> <span class="na">keep_stdout</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">identity_validation</span><span class="pi">:</span> <span class="na">elevated_session</span><span class="pi">:</span> <span class="na">require_second_factor</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">reset_password</span><span class="pi">:</span> <span class="na">jwt_lifespan</span><span class="pi">:</span> <span class="s1">'</span><span class="s">5</span><span class="nv"> </span><span class="s">minutes'</span> <span class="na">jwt_secret</span><span class="pi">:</span> <span class="pi">{{</span> <span class="nv">secret "/secrets/jwt_secret.txt" | mindent 0 "|" | msquote</span> <span class="pi">}}</span> <span class="na">totp</span><span class="pi">:</span> <span class="na">disable</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">issuer</span><span class="pi">:</span> <span class="s1">'</span><span class="s">example.com'</span> <span class="na">period</span><span class="pi">:</span> <span class="m">30</span> <span class="na">skew</span><span class="pi">:</span> <span class="m">1</span> <span class="na">authentication_backend</span><span class="pi">:</span> <span class="na">file</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s1">'</span><span class="s">/config/users.yml'</span> <span class="na">password</span><span class="pi">:</span> <span class="na">algorithm</span><span class="pi">:</span> <span class="s1">'</span><span class="s">argon2'</span> <span class="na">argon2</span><span class="pi">:</span> <span class="na">variant</span><span class="pi">:</span> <span class="s1">'</span><span class="s">argon2id'</span> <span class="na">iterations</span><span class="pi">:</span> <span class="m">3</span> <span class="na">memory</span><span class="pi">:</span> <span class="m">65535</span> <span class="na">parallelism</span><span class="pi">:</span> <span class="m">4</span> <span class="na">key_length</span><span class="pi">:</span> <span class="m">32</span> <span class="na">salt_length</span><span class="pi">:</span> <span class="m">16</span> <span class="na">access_control</span><span class="pi">:</span> <span class="na">default_policy</span><span class="pi">:</span> <span class="s1">'</span><span class="s">deny'</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">domain</span><span class="pi">:</span> <span class="s1">'</span><span class="s">app.example.com'</span> <span class="na">policy</span><span class="pi">:</span> <span class="s1">'</span><span class="s">two_factor'</span> <span class="pi">-</span> <span class="na">domain</span><span class="pi">:</span> <span class="s1">'</span><span class="s">traefik.example.com'</span> <span class="na">policy</span><span class="pi">:</span> <span class="s1">'</span><span class="s">one_factor'</span> <span class="na">session</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">authelia_session'</span> <span class="na">secret</span><span class="pi">:</span> <span class="pi">{{</span> <span class="nv">secret "/secrets/session_secret.txt" | mindent 0 "|" | msquote</span> <span class="pi">}}</span> <span class="na">cookies</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">domain</span><span class="pi">:</span> <span class="s1">'</span><span class="s">example.com'</span> <span class="na">authelia_url</span><span class="pi">:</span> <span class="s1">'</span><span class="s">https://auth.example.com'</span> <span class="na">regulation</span><span class="pi">:</span> <span class="na">max_retries</span><span class="pi">:</span> <span class="m">4</span> <span class="na">find_time</span><span class="pi">:</span> <span class="m">120</span> <span class="na">ban_time</span><span class="pi">:</span> <span class="m">300</span> <span class="na">storage</span><span class="pi">:</span> <span class="na">encryption_key</span><span class="pi">:</span> <span class="pi">{{</span> <span class="nv">secret "/secrets/storage_encryption_key.txt" | mindent 0 "|" | msquote</span> <span class="pi">}}</span> <span class="na">local</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s1">'</span><span class="s">/config/db.sqlite3'</span> <span class="na">notifier</span><span class="pi">:</span> <span class="na">disable_startup_check</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">filesystem</span><span class="pi">:</span> <span class="na">filename</span><span class="pi">:</span> <span class="s1">'</span><span class="s">/config/notification.txt'</span> </code></pre> </div> <p><strong>2. Generate an argon2 hash for the first user's password:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker run <span class="nt">--rm</span> authelia/authelia:4.39 authelia crypto <span class="nb">hash </span>generate argon2 <span class="nt">--password</span> <span class="s1">'your-secure-password'</span> </code></pre> </div> <p><strong>3. Create the user database with that hash:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano config/users.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">users</span><span class="pi">:</span> <span class="na">authuser</span><span class="pi">:</span> <span class="na">displayname</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Auth</span><span class="nv"> </span><span class="s">User'</span> <span class="na">password</span><span class="pi">:</span> <span class="s1">'</span><span class="s">$argon2id$v=19$m=65536,t=3,p=4$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/'</span> <span class="na">email</span><span class="pi">:</span> <span class="s1">'</span><span class="s">authuser@example.com'</span> <span class="na">groups</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">admin'</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">authelia</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--api.dashboard=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.tlschallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.dashboard.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.dashboard.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.dashboard.service=api@internal"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.dashboard.middlewares=authelia@docker"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">authelia</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">authelia/authelia:4.39</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">authelia</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./secrets:/secrets:ro"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./config:/config"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./logs:/var/log/authelia"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">TZ</span><span class="pi">:</span> <span class="s2">"</span><span class="s">UTC"</span> <span class="na">X_AUTHELIA_CONFIG_FILTERS</span><span class="pi">:</span> <span class="s2">"</span><span class="s">template"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.authelia.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.authelia.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">whoami</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik/whoami</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">whoami</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">authelia</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.whoami.rule=Host(`app.${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.whoami.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.whoami.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.whoami.middlewares=authelia@docker"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Register TOTP and Test SSO </h2> <p><strong>1. Open the login portal:</strong></p> <p>Navigate to <code>https://auth.example.com</code> and sign in as <code>authuser</code>.</p> <p><strong>2. Register a TOTP device:</strong></p> <p>Click <strong>Register device</strong> and capture the verification code from the filesystem notifier:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose <span class="nb">exec </span>authelia <span class="nb">cat</span> /config/notification.txt </code></pre> </div> <p>Scan the QR code with an authenticator app and enter the 6-digit code.</p> <p><strong>3. Visit a protected app:</strong></p> <p>Open <code>https://app.example.com</code> — the request redirects through Authelia for password + TOTP, then the <code>whoami</code> container returns the injected identity headers.</p> <p><strong>4. Confirm SSO:</strong></p> <p>Open <code>https://traefik.example.com</code> from the same browser — no re-authentication required.</p> <h2> Next Steps </h2> <p>Authelia is gating multiple subdomains with SSO and 2FA. From here you can:</p> <ul> <li>Protect more apps by adding <code>traefik.http.routers.&lt;svc&gt;.middlewares=authelia@docker</code> and a matching <code>access_control</code> rule</li> <li>Switch the authentication backend to LDAP or OpenID Connect 1.0</li> <li>Configure SMTP under <code>notifier</code> to deliver verification codes by email</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-authelia-open-source-authentication-and-authorization-gateway" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> security docker devops auth Sanskriti Harmukh Wed, 10 Jun 2026 22:24:20 +0000 https://dev.to/vultr/deploying-vector-high-performance-observability-data-pipeline-on-ubuntu-2404-id4 https://dev.to/vultr/deploying-vector-high-performance-observability-data-pipeline-on-ubuntu-2404-id4 <p>Vector is a high-performance observability data pipeline from Datadog that collects, transforms, and routes logs, metrics, and traces across heterogeneous backends. This guide deploys Vector using Docker Compose with Traefik handling automatic HTTPS for the GraphQL API and HTTP ingest endpoint, plus a working sources → transforms → sinks pipeline. By the end, you'll have Vector accepting JSON over HTTPS and forwarding it to multiple sinks on your server.</p> <h2> Set Up the Directory Structure and Configuration </h2> <p><strong>1. Create the project directory structure:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/vector/<span class="o">{</span>config,data<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/vector </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">vector.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> </code></pre> </div> <p><strong>3. Create the Vector pipeline configuration:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano config/vector.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">api</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">address</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.0.0.0:8686"</span> <span class="na">sources</span><span class="pi">:</span> <span class="na">demo_logs</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">demo_logs"</span> <span class="na">format</span><span class="pi">:</span> <span class="s2">"</span><span class="s">syslog"</span> <span class="na">interval</span><span class="pi">:</span> <span class="m">1.0</span> <span class="na">http_input</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">http_server"</span> <span class="na">address</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.0.0.0:8080"</span> <span class="na">decoding</span><span class="pi">:</span> <span class="na">codec</span><span class="pi">:</span> <span class="s2">"</span><span class="s">json"</span> <span class="na">transforms</span><span class="pi">:</span> <span class="na">parse_logs</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">remap"</span> <span class="na">inputs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">demo_logs"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">http_input"</span> <span class="na">source</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">.processed_at = now()</span> <span class="s">.pipeline = "vector-demo"</span> <span class="na">sinks</span><span class="pi">:</span> <span class="na">console_output</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">console"</span> <span class="na">inputs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">parse_logs"</span> <span class="na">encoding</span><span class="pi">:</span> <span class="na">codec</span><span class="pi">:</span> <span class="s2">"</span><span class="s">json"</span> <span class="na">file_output</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">file"</span> <span class="na">inputs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">parse_logs"</span> <span class="na">path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/var/lib/vector/logs-%Y-%m-%d.log"</span> <span class="na">encoding</span><span class="pi">:</span> <span class="na">codec</span><span class="pi">:</span> <span class="s2">"</span><span class="s">json"</span> <span class="na">http_output</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">http"</span> <span class="na">inputs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">parse_logs"</span> <span class="na">uri</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https://httpbin.org/post"</span> <span class="na">encoding</span><span class="pi">:</span> <span class="na">codec</span><span class="pi">:</span> <span class="s2">"</span><span class="s">json"</span> <span class="na">batch</span><span class="pi">:</span> <span class="na">max_bytes</span><span class="pi">:</span> <span class="m">1048576</span> <span class="na">timeout_secs</span><span class="pi">:</span> <span class="m">10</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">vector</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">timberio/vector:0.44.0-alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">vector</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8080"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8686"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./config/vector.yaml:/etc/vector/vector.yaml:ro"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./data:/var/lib/vector"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.vector-api.rule=Host(`${DOMAIN}`)</span><span class="nv"> </span><span class="s">&amp;&amp;</span><span class="nv"> </span><span class="s">(PathPrefix(`/playground`)</span><span class="nv"> </span><span class="s">||</span><span class="nv"> </span><span class="s">PathPrefix(`/graphql`)</span><span class="nv"> </span><span class="s">||</span><span class="nv"> </span><span class="s">PathPrefix(`/health`))"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.vector-api.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.vector-api.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.vector-api.service=vector-api"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.vector-api.loadbalancer.server.port=8686"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.vector-ingest.rule=Host(`${DOMAIN}`)</span><span class="nv"> </span><span class="s">&amp;&amp;</span><span class="nv"> </span><span class="s">PathPrefix(`/ingest`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.vector-ingest.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.vector-ingest.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.vector-ingest.service=vector-ingest"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.vector-ingest.loadbalancer.server.port=8080"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.middlewares.strip-ingest.stripprefix.prefixes=/ingest"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.vector-ingest.middlewares=strip-ingest"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs vector </code></pre> </div> <h2> Verify the Pipeline </h2> <p><strong>1. POST a JSON log to the ingest endpoint:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-X</span> POST https://vector.example.com/ingest <span class="se">\</span> <span class="go"> -H "Content-Type: application/json" \ -d '{"level":"error","service":"api","message":"Database connection timeout","user_id":12345}' </span></code></pre> </div> <p><strong>2. Confirm the file sink wrote the event:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">ls</span> <span class="nt">-lh</span> data/ <span class="gp">$</span><span class="w"> </span><span class="nb">grep</span> <span class="s2">"Database connection timeout"</span> data/logs-<span class="k">*</span>.log </code></pre> </div> <p><strong>3. Stream the live console sink:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose logs <span class="nt">-f</span> vector </code></pre> </div> <h2> Next Steps </h2> <p>Vector is running with HTTPS ingest and three sinks active. From here you can:</p> <ul> <li>Add sources for files, Kafka, syslog, journald, or Kubernetes logs</li> <li>Route to production sinks (Loki, Elasticsearch, S3, Datadog, Splunk)</li> <li>Use VRL (Vector Remap Language) for richer transforms and enrichment</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-vector-high-performance-observability-data-pipeline" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> observability docker devops logging Sanskriti Harmukh Wed, 10 Jun 2026 22:23:48 +0000 https://dev.to/vultr/deploying-dokku-lightweight-open-source-paas-on-ubuntu-2404-17eg https://dev.to/vultr/deploying-dokku-lightweight-open-source-paas-on-ubuntu-2404-17eg <p>Dokku is an open-source, Heroku-like Platform-as-a-Service that lets you <code>git push</code> apps and have them built and deployed automatically. This guide deploys Dokku on Ubuntu 24.04 with Docker Compose, registers an SSH key, deploys a sample Ruby app, and switches the proxy to Traefik for automatic HTTPS. By the end, you'll have a Dokku PaaS running an app at your domain over HTTPS.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/dokku/data <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/dokku </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOKKU_HOSTNAME</span><span class="p">=</span><span class="s">dokku.example.com</span> <span class="py">DOKKU_VERSION</span><span class="p">=</span><span class="s">0.37.6</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Add your user to the Docker group:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker </code></pre> </div> <p><strong>2. Create the Docker Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">dokku</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">dokku/dokku:${DOKKU_VERSION}</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">dokku</span> <span class="na">network_mode</span><span class="pi">:</span> <span class="s">bridge</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3022:22"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./data:/mnt/dokku"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DOKKU_HOSTNAME</span><span class="pi">:</span> <span class="s">${DOKKU_HOSTNAME}</span> <span class="na">DOKKU_HOST_ROOT</span><span class="pi">:</span> <span class="s">/var/lib/dokku/home/dokku</span> <span class="na">DOKKU_LIB_HOST_ROOT</span><span class="pi">:</span> <span class="s">/var/lib/dokku/var/lib/dokku</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>3. Start the service:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> <span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <h2> Register an SSH Key </h2> <p><strong>1. Generate a key on your workstation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>ssh-keygen <span class="nt">-t</span> ed25519 <span class="nt">-f</span> ~/.ssh/id_ed25519 <span class="nt">-C</span> <span class="s2">"dokku"</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cat</span> ~/.ssh/id_ed25519.pub </code></pre> </div> <p><strong>2. Register the public key with Dokku:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">echo</span> <span class="s2">"YOUR_SSH_KEY"</span> | docker compose <span class="nb">exec</span> <span class="nt">-T</span> dokku dokku ssh-keys:add admin <span class="gp">$</span><span class="w"> </span>docker compose <span class="nb">exec</span> <span class="nt">-it</span> dokku dokku ssh-keys:list </code></pre> </div> <p><strong>3. Add a Dokku entry to your SSH config:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano ~/.ssh/config </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="err">Host</span> <span class="err">dokku-server</span> <span class="err">HostName</span> <span class="err">YOUR_SERVER_IP</span> <span class="err">User</span> <span class="err">dokku</span> <span class="err">Port</span> <span class="err">3022</span> <span class="err">IdentityFile</span> <span class="err">~/.ssh/id_ed25519</span> </code></pre> </div> <h2> Deploy a Sample App </h2> <p><strong>1. Create the app on the server:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>ssh dokku-server apps:create ruby-getting-started <span class="gp">$</span><span class="w"> </span>ssh dokku-server apps:list </code></pre> </div> <p><strong>2. Clone the sample app locally and push it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>git clone https://github.com/heroku/ruby-getting-started <span class="gp">$</span><span class="w"> </span><span class="nb">cd </span>ruby-getting-started <span class="gp">$</span><span class="w"> </span>git remote add dokku dokku-server:ruby-getting-started <span class="gp">$</span><span class="w"> </span>git push dokku main </code></pre> </div> <h2> Switch to Traefik with Let's Encrypt </h2> <p><strong>1. Stop the default Nginx proxy and enable Traefik:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>ssh dokku-server nginx:stop <span class="gp">$</span><span class="w"> </span>ssh dokku-server proxy:set <span class="nt">--global</span> traefik <span class="gp">$</span><span class="w"> </span>ssh dokku-server traefik:set <span class="nt">--global</span> letsencrypt-email username@example.com </code></pre> </div> <p><strong>2. Assign the domain and start Traefik:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>ssh dokku-server domains:set ruby-getting-started dokku.example.com <span class="gp">$</span><span class="w"> </span>ssh dokku-server traefik:start <span class="gp">$</span><span class="w"> </span>ssh dokku-server ps:rebuild ruby-getting-started </code></pre> </div> <p>Open <code>https://dokku.example.com</code> to confirm the app is served over HTTPS.</p> <h2> Manage Environment Variables </h2> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>ssh dokku-server config:set ruby-getting-started <span class="nv">SECRET_KEY</span><span class="o">=</span>your-secret-value <span class="gp">$</span><span class="w"> </span>ssh dokku-server config:set ruby-getting-started <span class="nv">DB_HOST</span><span class="o">=</span>localhost <span class="nv">DB_USER</span><span class="o">=</span>admin <span class="nv">DB_PASS</span><span class="o">=</span>secret <span class="gp">$</span><span class="w"> </span>ssh dokku-server config:show ruby-getting-started <span class="gp">$</span><span class="w"> </span>ssh dokku-server config:unset ruby-getting-started SECRET_KEY </code></pre> </div> <h2> Next Steps </h2> <p>Dokku is running with an app deployed via <code>git push</code> and Traefik handling HTTPS. From here you can:</p> <ul> <li>Install plugins for PostgreSQL, MySQL, Redis, and other backing services</li> <li>Configure zero-downtime deploys with <code>checks</code> and <code>procfile</code> health endpoints</li> <li>Deploy multiple apps under subdomains by repeating the <code>apps:create</code> flow</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-dokku-lightweight-open-source-paas-introduction" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> paas docker devops selfhosted