The latest articles on DEV Community by Vultr (vultr). https://dev.to/vultr https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F13147%2F592526f7-0870-4626-ae0f-ba3c820fcfcb.png https://dev.to/vultr en Sanskriti Harmukh Tue, 23 Jun 2026 18:42:34 +0000 https://dev.to/vultr/deploying-zabbix-open-source-monitoring-platform-on-ubuntu-2404-3coh https://dev.to/vultr/deploying-zabbix-open-source-monitoring-platform-on-ubuntu-2404-3coh <p>Zabbix is an open-source monitoring platform that tracks the health and performance of servers, networks, applications, and services, with built-in alerting and visualisation. This guide deploys the Zabbix server, web UI, agent, and MySQL database using Docker Compose, with Traefik handling automatic HTTPS for the dashboard. By the end, you'll have Zabbix monitoring its own host with a secured dashboard at your domain.</p> <h2> Set Up the Project Directory </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> ~/zabbix-docker <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/zabbix-docker </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">zabbix.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">MYSQL_PASSWORD</span><span class="p">=</span><span class="s">YOUR_DB_PASSWORD</span> <span class="py">MYSQL_ROOT_PASSWORD</span><span class="p">=</span><span class="s">YOUR_ROOT_PASSWORD</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Add your user to the Docker group:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker </code></pre> </div> <p><strong>2. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">./letsencrypt:/letsencrypt</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">zabbix-net</span> <span class="na">mysql-server</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">mysql:8.4.8</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">zabbix-mysql</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">MYSQL_DATABASE</span><span class="pi">:</span> <span class="s">zabbix</span> <span class="na">MYSQL_USER</span><span class="pi">:</span> <span class="s">zabbix</span> <span class="na">MYSQL_PASSWORD</span><span class="pi">:</span> <span class="s">${MYSQL_PASSWORD}</span> <span class="na">MYSQL_ROOT_PASSWORD</span><span class="pi">:</span> <span class="s">${MYSQL_ROOT_PASSWORD}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./mysql-data:/var/lib/mysql</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">zabbix-net</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">zabbix-server</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">zabbix/zabbix-server-mysql:7.4.8-alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">zabbix-server</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DB_SERVER_HOST</span><span class="pi">:</span> <span class="s">mysql-server</span> <span class="na">MYSQL_DATABASE</span><span class="pi">:</span> <span class="s">zabbix</span> <span class="na">MYSQL_USER</span><span class="pi">:</span> <span class="s">zabbix</span> <span class="na">MYSQL_PASSWORD</span><span class="pi">:</span> <span class="s">${MYSQL_PASSWORD}</span> <span class="na">MYSQL_ROOT_PASSWORD</span><span class="pi">:</span> <span class="s">${MYSQL_ROOT_PASSWORD}</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">10051:10051"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./zabbix-server-data:/var/lib/zabbix</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">zabbix-net</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">mysql-server</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">zabbix-web</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">zabbix/zabbix-web-apache-mysql:7.4.8-alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">zabbix-web</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DB_SERVER_HOST</span><span class="pi">:</span> <span class="s">mysql-server</span> <span class="na">MYSQL_DATABASE</span><span class="pi">:</span> <span class="s">zabbix</span> <span class="na">MYSQL_USER</span><span class="pi">:</span> <span class="s">zabbix</span> <span class="na">MYSQL_PASSWORD</span><span class="pi">:</span> <span class="s">${MYSQL_PASSWORD}</span> <span class="na">ZBX_SERVER_HOST</span><span class="pi">:</span> <span class="s">zabbix-server</span> <span class="na">PHP_TZ</span><span class="pi">:</span> <span class="s">UTC</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">zabbix-net</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">mysql-server</span> <span class="pi">-</span> <span class="s">zabbix-server</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.zabbix.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.zabbix.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.zabbix.tls=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.zabbix.tls.certresolver=le"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.zabbix.loadbalancer.server.port=8080"</span> <span class="na">zabbix-agent</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">zabbix/zabbix-agent:7.4.8-alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">zabbix-agent</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">ZBX_HOSTNAME</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Zabbix</span><span class="nv"> </span><span class="s">server"</span> <span class="na">ZBX_SERVER_HOST</span><span class="pi">:</span> <span class="s">zabbix-server</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">10050:10050"</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">zabbix-net</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">zabbix-server</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">zabbix-net</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">bridge</span> </code></pre> </div> <p><strong>3. Start the stack:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> <span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <h2> Sign In and Change the Admin Password </h2> <ol> <li>Open <code>https://zabbix.example.com</code>.</li> <li>Sign in with <code>admin</code> / <code>zabbix</code>.</li> <li>Open <strong>Users → Users</strong>, click <strong>Admin</strong>, click <strong>Change password</strong>, enter the current password, set a new one, and click <strong>Update</strong>.</li> </ol> <h2> Verify the Built-in Host </h2> <ol> <li>Navigate to <strong>Monitoring → Hosts</strong>.</li> <li>Find <strong>Zabbix server</strong> in the list and check the <code>ZBX</code> availability badge.</li> <li>If the badge is red, click the host name, open <strong>Configuration → Host</strong>, change the agent <strong>Connect to</strong> field from <strong>IP</strong> to <strong>DNS</strong>, enter <code>zabbix-agent</code> in the <strong>DNS name</strong> field, and click <strong>Update</strong>.</li> <li>Refresh — the badge should turn green.</li> <li>Open <strong>Monitoring → Latest data</strong>, filter by host <code>Zabbix server</code>, and confirm CPU, memory, and network metrics arrive.</li> </ol> <h2> Next Steps </h2> <p>Zabbix is running and served securely over HTTPS. From here you can:</p> <ul> <li>Add more hosts by deploying the Zabbix agent on remote servers and registering them</li> <li>Import community templates for common workloads (PostgreSQL, Nginx, MySQL, Linux)</li> <li>Configure media types (email, Slack, PagerDuty) and triggers for alerting</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-zabbix-open-source-monitoring-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> observability docker devops monitoring Sanskriti Harmukh Tue, 23 Jun 2026 18:42:14 +0000 https://dev.to/vultr/deploying-seaweedfs-an-open-source-s3-storage-alternative-to-minio-on-ubuntu-2404-jpn https://dev.to/vultr/deploying-seaweedfs-an-open-source-s3-storage-alternative-to-minio-on-ubuntu-2404-jpn <p>SeaweedFS is an open-source, distributed object storage system with an S3-compatible API, a filer for POSIX-style hierarchical access, and a small footprint. This guide deploys SeaweedFS using Docker Compose with the master, volume, filer, S3, and admin services behind Traefik for automatic HTTPS on separate admin and S3 domains. By the end, you'll have SeaweedFS serving S3-compatible object storage securely at your domains.</p> <blockquote> <p><strong>Prerequisite:</strong> Two DNS A records pointing at the server — <code>storage.example.com</code> (admin dashboard) and <code>s3.storage.example.com</code> (S3 API). AWS CLI installed on your local machine for testing.</p> </blockquote> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir </span>seaweedfs <span class="o">&amp;&amp;</span> <span class="nb">cd </span>seaweedfs </code></pre> </div> <p><strong>2. Generate an access key and a secret key (run twice and save both):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>openssl rand <span class="nt">-hex</span> 16 </code></pre> </div> <p><strong>3. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">STORAGE_DOMAIN</span><span class="p">=</span><span class="s">storage.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">your-email@example.com</span> <span class="py">ADMIN_PASSWORD</span><span class="p">=</span><span class="s">yourpassword</span> </code></pre> </div> <p><strong>4. Create the S3 identities file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano s3-config.json </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"identities"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"admin"</span><span class="p">,</span><span class="w"> </span><span class="nl">"credentials"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"accessKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"YOUR_ACCESS_KEY"</span><span class="p">,</span><span class="w"> </span><span class="nl">"secretKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"YOUR_SECRET_KEY"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"actions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"Admin"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write"</span><span class="p">,</span><span class="w"> </span><span class="s2">"List"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Tagging"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.7.0</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">./letsencrypt:/letsencrypt</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">--providers.docker=true</span> <span class="pi">-</span> <span class="s">--providers.docker.exposedByDefault=false</span> <span class="pi">-</span> <span class="s">--entrypoints.web.address=:80</span> <span class="pi">-</span> <span class="s">--entrypoints.websecure.address=:443</span> <span class="pi">-</span> <span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure</span> <span class="pi">-</span> <span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https</span> <span class="pi">-</span> <span class="s">--entrypoints.web.http.redirections.entrypoint.permanent=true</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true</span> <span class="pi">-</span> <span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web</span> <span class="na">master</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">chrislusf/seaweedfs:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">seaweed-master</span> <span class="na">command</span><span class="pi">:</span> <span class="s">master -ip.bind=0.0.0.0 -port=9333</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./master-data:/data</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">volume</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">chrislusf/seaweedfs:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">seaweed-volume</span> <span class="na">command</span><span class="pi">:</span> <span class="s">volume -mserver=master:9333 -port=8080 -ip.bind=0.0.0.0</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./volume-data:/data</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">master</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">filer</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">chrislusf/seaweedfs:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">seaweed-filer</span> <span class="na">command</span><span class="pi">:</span> <span class="s">filer -master=master:9333 -port=8888 -ip.bind=0.0.0.0</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./filer-data:/data</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">master</span> <span class="pi">-</span> <span class="s">volume</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">s3</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">chrislusf/seaweedfs:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">seaweed-s3</span> <span class="na">command</span><span class="pi">:</span> <span class="s">s3 -filer=filer:8888 -port=8333 -ip.bind=0.0.0.0 -config=/etc/seaweedfs/s3.json</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./s3-config.json:/etc/seaweedfs/s3.json</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">filer</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.s3.rule=Host(`s3.${STORAGE_DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.s3.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.s3.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.s3.loadbalancer.server.port=8333"</span> <span class="na">admin</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">chrislusf/seaweedfs:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">seaweed-admin</span> <span class="na">command</span><span class="pi">:</span> <span class="s1">'</span><span class="s">admin</span><span class="nv"> </span><span class="s">-masters="master:9333"</span><span class="nv"> </span><span class="s">-port=23646</span><span class="nv"> </span><span class="s">-adminUser=admin</span><span class="nv"> </span><span class="s">-adminPassword=${ADMIN_PASSWORD}</span><span class="nv"> </span><span class="s">-dataDir=/data'</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./admin-data:/data</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">master</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.admin.rule=Host(`${STORAGE_DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.admin.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.admin.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.admin.loadbalancer.server.port=23646"</span> </code></pre> </div> <p><strong>2. Add your user to the Docker group and start the stack:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker <span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> <span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <h2> Test the S3 API with AWS CLI </h2> <p><strong>1. Configure a named profile:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>aws configure <span class="nt">--profile</span> seaweedfs </code></pre> </div> <p>Use the <code>accessKey</code> / <code>secretKey</code> from <code>s3-config.json</code>. Press Enter for region, then enter <code>json</code> for output.</p> <p><strong>2. Create a bucket and round-trip a file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>aws <span class="nt">--endpoint-url</span> https://s3.storage.example.com <span class="nt">--profile</span> seaweedfs s3 mb s3://test-bucket <span class="gp">$</span><span class="w"> </span><span class="nb">echo</span> <span class="s2">"This is test content."</span> | aws <span class="nt">--endpoint-url</span> https://s3.storage.example.com <span class="nt">--profile</span> seaweedfs s3 <span class="nb">cp</span> - s3://test-bucket/test.txt <span class="gp">$</span><span class="w"> </span>aws <span class="nt">--endpoint-url</span> https://s3.storage.example.com <span class="nt">--profile</span> seaweedfs s3 <span class="nb">cp </span>s3://test-bucket/test.txt downloaded.txt <span class="gp">$</span><span class="w"> </span><span class="nb">cat </span>downloaded.txt </code></pre> </div> <p>A printout of <code>This is test content.</code> confirms upload and download work end-to-end.</p> <h2> Browse the Admin Dashboard </h2> <p>Open <code>https://storage.example.com</code> and sign in with <code>admin</code> / <code>ADMIN_PASSWORD</code>. Use the <strong>Buckets</strong> tab to manage buckets and the <strong>Browser</strong> to inspect files.</p> <h2> Next Steps </h2> <p>SeaweedFS is running with a separate admin dashboard and S3 API behind HTTPS. From here you can:</p> <ul> <li>Add more <code>volume</code> services for horizontal capacity scaling</li> <li>Mount the filer over WebDAV or FUSE for traditional file access</li> <li>Enable replication strategies (e.g. <code>replication=001</code>) for fault tolerance</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-seaweedfs-an-open-source-s3-storage-alternative-to-minio" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> storage docker devops s3 Sanskriti Harmukh Tue, 23 Jun 2026 18:41:48 +0000 https://dev.to/vultr/deploying-qdrant-open-source-vector-database-for-ai-applications-on-ubuntu-2404-5235 https://dev.to/vultr/deploying-qdrant-open-source-vector-database-for-ai-applications-on-ubuntu-2404-5235 <p>Qdrant is an open-source vector database for AI applications, optimised for similarity search over high-dimensional embeddings, with a REST/gRPC API, payload filtering, and a built-in dashboard. This guide deploys Qdrant using Docker Compose with Traefik handling automatic HTTPS, API-key authentication, and a sample collection that runs a similarity search. By the end, you'll have Qdrant serving vector search securely at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/qdrant/data <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/qdrant </code></pre> </div> <p><strong>2. Generate a strong API key:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>openssl rand <span class="nt">-hex</span> 32 </code></pre> </div> <p>Save the value for the <code>.env</code> file.</p> <p><strong>3. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">qdrant.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">QDRANT_API_KEY</span><span class="p">=</span><span class="s">PASTE_GENERATED_KEY_HERE</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--api.dashboard=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">qdrant</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">qdrant/qdrant:v1.17.1</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">qdrant</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">6333"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./data:/qdrant/storage"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">QDRANT__SERVICE__API_KEY</span><span class="pi">:</span> <span class="s2">"</span><span class="s">${QDRANT_API_KEY}"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.qdrant.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.qdrant.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.qdrant.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.qdrant.loadbalancer.server.port=6333"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Start the services and tail logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> <span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs <span class="nt">--tail</span><span class="o">=</span>50 </code></pre> </div> <h2> Access the Dashboard and Health Endpoint </h2> <p><strong>1. Open <code>https://qdrant.example.com/dashboard</code> and paste the API key when prompted.</strong></p> <p><strong>2. Confirm the service is ready:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl https://qdrant.example.com/readyz </code></pre> </div> <p>A response of <code>all shards are ready</code> confirms Qdrant is healthy.</p> <h2> Create a Collection and Run a Similarity Search </h2> <p><strong>1. Export the API key:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">export </span><span class="nv">QDRANT_API_KEY</span><span class="o">=</span>YOUR_API_KEY </code></pre> </div> <p><strong>2. Create a 4-dimensional collection with cosine distance:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-X</span> PUT <span class="s2">"https://qdrant.example.com/collections/star_charts"</span> <span class="se">\</span> <span class="go"> -H "Content-Type: application/json" \ </span><span class="gp"> -H "api-key: $</span><span class="o">{</span>QDRANT_API_KEY<span class="o">}</span><span class="s2">" </span><span class="se">\</span><span class="s2"> </span><span class="go"> -d '{ "vectors": { "size": 4, "distance": "Cosine" } }' </span></code></pre> </div> <p><strong>3. Insert sample points:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-X</span> PUT <span class="s2">"https://qdrant.example.com/collections/star_charts/points"</span> <span class="se">\</span> <span class="go"> -H "Content-Type: application/json" \ </span><span class="gp"> -H "api-key: $</span><span class="o">{</span>QDRANT_API_KEY<span class="o">}</span><span class="s2">" </span><span class="se">\</span><span class="s2"> </span><span class="go"> -d '{ "points": [ {"id": 1, "vector": [0.05, 0.61, 0.76, 0.74], "payload": {"colony": "Mars"}}, {"id": 2, "vector": [0.19, 0.81, 0.75, 0.11], "payload": {"colony": "Jupiter"}}, {"id": 3, "vector": [0.36, 0.55, 0.47, 0.94], "payload": {"colony": "Venus"}}, {"id": 4, "vector": [0.18, 0.01, 0.85, 0.80], "payload": {"colony": "Moon"}}, {"id": 5, "vector": [0.24, 0.18, 0.22, 0.44], "payload": {"colony": "Pluto"}} ] }' </span></code></pre> </div> <p><strong>4. Run a similarity search:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-X</span> POST <span class="s2">"https://qdrant.example.com/collections/star_charts/points/search"</span> <span class="se">\</span> <span class="go"> -H "Content-Type: application/json" \ </span><span class="gp"> -H "api-key: $</span><span class="o">{</span>QDRANT_API_KEY<span class="o">}</span><span class="s2">" </span><span class="se">\</span><span class="s2"> </span><span class="go"> -d '{ "vector": [0.2, 0.1, 0.9, 0.7], "limit": 3, "with_payload": true }' </span></code></pre> </div> <p>The top result is the <code>Moon</code> point (cosine ~0.99). The dashboard's <strong>Collections</strong> tab shows <code>star_charts</code> with a green status and 5 points.</p> <h2> Next Steps </h2> <p>Qdrant is running and serving vector search over HTTPS. From here you can:</p> <ul> <li>Generate embeddings with OpenAI, Cohere, or Sentence-Transformers and upsert them</li> <li>Add payload filters to combine vector similarity with structured criteria</li> <li>Snapshot the <code>data/</code> volume regularly for restore-able backups</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-qdrant-open-source-vector-database-for-ai-applications" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> ai docker devops vectordb Sanskriti Harmukh Tue, 23 Jun 2026 18:41:22 +0000 https://dev.to/vultr/deploying-paperless-ngx-open-source-document-management-system-on-ubuntu-2404-1og5 https://dev.to/vultr/deploying-paperless-ngx-open-source-document-management-system-on-ubuntu-2404-1og5 <p>Paperless-ngx is an open-source document management system that converts scans and PDFs into a fully searchable archive using Tesseract OCR, with tags, custom fields, and automated processing rules. This guide deploys Paperless-ngx using Docker Compose with PostgreSQL, Redis, and Traefik handling automatic HTTPS, then uploads a document and verifies OCR extraction. By the end, you'll have Paperless-ngx serving an OCR-indexed document archive securely at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directories:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/paperless-ngx/<span class="o">{</span>data,media,export,consume,pgdata<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/paperless-ngx </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">paperless.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">PAPERLESS_SECRET_KEY</span><span class="p">=</span><span class="s">CHANGE_TO_RANDOM_STRING</span> <span class="py">PAPERLESS_URL</span><span class="p">=</span><span class="s">https://paperless.example.com</span> <span class="py">PAPERLESS_TIME_ZONE</span><span class="p">=</span><span class="s">UTC</span> <span class="py">PAPERLESS_OCR_LANGUAGE</span><span class="p">=</span><span class="s">eng</span> <span class="py">PAPERLESS_DBPASS</span><span class="p">=</span><span class="s">STRONG_PASSWORD_HERE</span> <span class="py">POSTGRES_DB</span><span class="p">=</span><span class="s">paperless</span> <span class="py">POSTGRES_USER</span><span class="p">=</span><span class="s">paperless</span> <span class="py">POSTGRES_PASSWORD</span><span class="p">=</span><span class="s">STRONG_PASSWORD_HERE</span> </code></pre> </div> <p>Use the same value for <code>PAPERLESS_DBPASS</code> and <code>POSTGRES_PASSWORD</code>. <code>PAPERLESS_SECRET_KEY</code> should be a 32+ character random string.</p> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:16</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">paperless-db</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">${POSTGRES_DB}</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">${POSTGRES_USER}</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">${POSTGRES_PASSWORD}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./pgdata:/var/lib/postgresql/data"</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-U"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">${POSTGRES_USER}"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-d"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">${POSTGRES_DB}"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:7</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">paperless-redis</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">paperless</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">ghcr.io/paperless-ngx/paperless-ngx:2.20.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">paperless</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">PAPERLESS_REDIS</span><span class="pi">:</span> <span class="s">redis://redis:6379</span> <span class="na">PAPERLESS_DBHOST</span><span class="pi">:</span> <span class="s">db</span> <span class="na">PAPERLESS_SECRET_KEY</span><span class="pi">:</span> <span class="s">${PAPERLESS_SECRET_KEY}</span> <span class="na">PAPERLESS_URL</span><span class="pi">:</span> <span class="s">${PAPERLESS_URL}</span> <span class="na">PAPERLESS_TIME_ZONE</span><span class="pi">:</span> <span class="s">${PAPERLESS_TIME_ZONE}</span> <span class="na">PAPERLESS_OCR_LANGUAGE</span><span class="pi">:</span> <span class="s">${PAPERLESS_OCR_LANGUAGE}</span> <span class="na">PAPERLESS_DBPASS</span><span class="pi">:</span> <span class="s">${PAPERLESS_DBPASS}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./data:/usr/src/paperless/data"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./media:/usr/src/paperless/media"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./export:/usr/src/paperless/export"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./consume:/usr/src/paperless/consume"</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8000"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.paperless.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.paperless.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.paperless.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.paperless.loadbalancer.server.port=8000"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> <span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <p><strong>3. Create a superuser inside the Paperless container:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose <span class="nb">exec</span> <span class="nt">-it</span> paperless python3 manage.py createsuperuser </code></pre> </div> <p>Follow the prompts for username, email, and password.</p> <h2> Upload a Document and Verify OCR </h2> <ol> <li>Open <code>https://paperless.example.com</code> and sign in with the superuser.</li> <li>Click <strong>Upload documents</strong> at the top right and pick a PDF or image.</li> <li>Wait 5–30 seconds for Paperless to OCR the document.</li> <li>Click the thumbnail, then the <strong>Content</strong> tab — the extracted text appears alongside the document preview.</li> </ol> <h2> Next Steps </h2> <p>Paperless-ngx is running with PostgreSQL persistence and Tesseract OCR. From here you can:</p> <ul> <li>Set up the <strong>Consume</strong> folder for automatic ingestion of scans dropped via SFTP or a scanner watch folder</li> <li>Add tags, correspondents, document types, and storage paths for auto-classification</li> <li>Enable additional OCR languages by adding ISO codes to <code>PAPERLESS_OCR_LANGUAGE</code> (e.g. <code>eng+deu+fra</code>)</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-paperless-ngx-open-source-document-management-system" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> selfhosted docker devops ocr Sanskriti Harmukh Tue, 23 Jun 2026 18:41:02 +0000 https://dev.to/vultr/deploying-overleaf-open-source-latex-collaboration-platform-on-ubuntu-2404-5cc1 https://dev.to/vultr/deploying-overleaf-open-source-latex-collaboration-platform-on-ubuntu-2404-5cc1 <p>Overleaf is an open-source, collaborative LaTeX editor that bundles MongoDB, Redis, and the ShareLaTeX application into a single self-hosted stack. This guide deploys Overleaf Community Edition using the official Toolkit plus a Traefik override that adds automatic HTTPS via Let's Encrypt. By the end, you'll have Overleaf serving collaborative LaTeX editing securely at your domain.</p> <h2> Set Up the Project Directory </h2> <p><strong>1. Clone the Overleaf Toolkit:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>git clone https://github.com/overleaf/toolkit.git ~/overleaf-toolkit <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/overleaf-toolkit </code></pre> </div> <p><strong>2. Initialize the configuration:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>bin/init </code></pre> </div> <p>This creates <code>config/overleaf.rc</code>, <code>config/variables.env</code>, and <code>config/version</code>.</p> <p><strong>3. Create a directory for Traefik file-provider routes:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir </span>traefik-routes </code></pre> </div> <h2> Configure Overleaf for a Reverse Proxy </h2> <p><strong>1. Edit <code>config/variables.env</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano config/variables.env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">OVERLEAF_APP_NAME</span><span class="p">=</span><span class="s">"My Overleaf Instance"</span> <span class="py">OVERLEAF_SITE_URL</span><span class="p">=</span><span class="s">https://overleaf.example.com</span> <span class="py">OVERLEAF_NAV_TITLE</span><span class="p">=</span><span class="s">"Overleaf CE"</span> <span class="py">OVERLEAF_BEHIND_PROXY</span><span class="p">=</span><span class="s">true</span> <span class="py">OVERLEAF_SECURE_COOKIE</span><span class="p">=</span><span class="s">true</span> </code></pre> </div> <p>The last two flags are required when Overleaf is fronted by an HTTPS reverse proxy.</p> <p><strong>2. Edit <code>config/overleaf.rc</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano config/overleaf.rc </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">SIBLING_CONTAINERS_ENABLED</span><span class="p">=</span><span class="s">false</span> </code></pre> </div> <p><strong>3. Create the project-level <code>.env</code> file used by the Traefik Compose file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">overleaf.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">SERVER_IP</span><span class="p">=</span><span class="s">192.0.2.1</span> </code></pre> </div> <p><code>SERVER_IP</code> should be the server's public IP (Traefik binds 80/443 to it).</p> <h2> Add the Traefik Route </h2> <p><strong>1. Create the dynamic route:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano traefik-routes/overleaf.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">http</span><span class="pi">:</span> <span class="na">routers</span><span class="pi">:</span> <span class="na">overleaf</span><span class="pi">:</span> <span class="na">rule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Host(`overleaf.example.com`)"</span> <span class="na">service</span><span class="pi">:</span> <span class="s">overleaf</span> <span class="na">entryPoints</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">websecure</span> <span class="na">tls</span><span class="pi">:</span> <span class="na">certResolver</span><span class="pi">:</span> <span class="s">le</span> <span class="na">services</span><span class="pi">:</span> <span class="na">overleaf</span><span class="pi">:</span> <span class="na">loadBalancer</span><span class="pi">:</span> <span class="na">servers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">http://sharelatex:80"</span> </code></pre> </div> <p><strong>2. Create the Traefik Compose file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.traefik.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.file.directory=/etc/traefik/routes"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">${SERVER_IP}:80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">${SERVER_IP}:443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">./letsencrypt:/letsencrypt</span> <span class="pi">-</span> <span class="s">./traefik-routes:/etc/traefik/routes</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">overleaf_default</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">overleaf_default</span><span class="pi">:</span> <span class="na">external</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h2> Start the Stacks </h2> <p><strong>1. Add your user to the Docker group:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker </code></pre> </div> <p><strong>2. Run the Toolkit doctor:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>bin/doctor </code></pre> </div> <p><strong>3. Start Overleaf (sharelatex + mongo + redis):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>bin/up <span class="nt">-d</span> <span class="gp">$</span><span class="w"> </span>bin/docker-compose ps </code></pre> </div> <p><strong>4. Start Traefik in the same Docker network:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose <span class="nt">-f</span> docker-compose.traefik.yml up <span class="nt">-d</span> <span class="gp">$</span><span class="w"> </span>docker compose <span class="nt">-f</span> docker-compose.traefik.yml ps <span class="gp">$</span><span class="w"> </span>docker compose <span class="nt">-f</span> docker-compose.traefik.yml logs traefik </code></pre> </div> <h2> Create the Admin and First Project </h2> <p><strong>1. Open the launchpad and register the admin user:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://overleaf.example.com/launchpad </code></pre> </div> <p><strong>2. Sign in, then open Admin → Manage Users</strong> to create more accounts.</p> <p><strong>3. Create your first LaTeX project:</strong></p> <ul> <li>Visit <code>https://overleaf.example.com/project</code>.</li> <li>Click <strong>Create a new project → Example project</strong>.</li> <li>Enter a name and click <strong>Create</strong>.</li> <li>Edit the default template and click <strong>Recompile</strong> to render the PDF preview.</li> </ul> <h2> Next Steps </h2> <p>Overleaf CE is running and served securely over HTTPS. From here you can:</p> <ul> <li>Configure SMTP under <code>config/variables.env</code> for invitations and notifications</li> <li>Mount external storage volumes for <code>data/sharelatex_data</code> to scale capacity</li> <li>Pin the Overleaf release in <code>config/version</code> and use <code>bin/upgrade</code> for controlled updates</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-overleaf-open-source-latex-collaboration-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> selfhosted docker devops latex Sanskriti Harmukh Tue, 23 Jun 2026 18:40:35 +0000 https://dev.to/vultr/deploying-ory-kratos-open-source-identity-and-user-management-system-on-ubuntu-2404-3k47 https://dev.to/vultr/deploying-ory-kratos-open-source-identity-and-user-management-system-on-ubuntu-2404-3k47 <p>Ory Kratos is an open-source, API-first identity and user management system handling registration, login, recovery, verification, and session management with a self-service UI. This guide deploys Kratos using Docker Compose with PostgreSQL, the self-service UI Node, and Traefik handling automatic HTTPS for the public API. By the end, you'll have Kratos managing identities and sessions for users registering through your domain over HTTPS.</p> <blockquote> <p><strong>Prerequisite:</strong> SMTP credentials are required for verification and recovery emails. The admin API stays bound to <code>127.0.0.1</code> on purpose — never expose it publicly.</p> </blockquote> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directories:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/ory-kratos/<span class="o">{</span>config,data/postgres<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/ory-kratos </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">kratos.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">KRATOS_VERSION</span><span class="p">=</span><span class="s">v26.2.0</span> <span class="py">POSTGRES_USER</span><span class="p">=</span><span class="s">kratos</span> <span class="py">POSTGRES_PASSWORD</span><span class="p">=</span><span class="s">EXAMPLE_DB_PASSWORD</span> <span class="py">POSTGRES_DB</span><span class="p">=</span><span class="s">kratosdb</span> <span class="py">LOG_LEVEL</span><span class="p">=</span><span class="s">info</span> </code></pre> </div> <p><strong>3. Create the identity schema</strong> — defines the user fields (email + name) and how the email maps to login, recovery, and verification:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano config/identity.schema.json </code></pre> </div> <p>Use the schema described in the Vultr Docs walkthrough — email is the login identifier with password auth; name is a free-text trait.</p> <p><strong>4. Create the Kratos configuration</strong> — public/admin API URLs, password policy (12-char minimum + HaveIBeenPwned), session lifetimes, self-service flows, SMTP courier:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano config/kratos.yml </code></pre> </div> <p>Fill in the full configuration from the source article. Key points to keep consistent with the stack below:</p> <ul> <li>Public API listens on the internal port and is fronted by Traefik on <code>${DOMAIN}</code>.</li> <li>Admin API listens on <code>127.0.0.1:4434</code> only — used by tooling on the host.</li> <li>The DSN points at the <code>postgres</code> service (<code>postgres://kratos:...@postgres:5432/kratosdb?sslmode=disable</code>).</li> <li>The courier section uses your SMTP provider for verification mail.</li> </ul> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:16</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">kratos-postgres</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">${POSTGRES_USER}</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">${POSTGRES_PASSWORD}</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">${POSTGRES_DB}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data/postgres:/var/lib/postgresql/data</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-U"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">${POSTGRES_USER}"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-d"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">${POSTGRES_DB}"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">kratos-migrate</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">oryd/kratos:${KRATOS_VERSION}</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">kratos-migrate</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./config:/etc/config/kratos:ro</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DSN</span><span class="pi">:</span> <span class="s2">"</span><span class="s">postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable"</span> <span class="na">command</span><span class="pi">:</span> <span class="s">migrate -c /etc/config/kratos/kratos.yml sql -e --yes</span> <span class="na">kratos</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">oryd/kratos:${KRATOS_VERSION}</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">kratos</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">kratos-migrate</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_completed_successfully</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./config:/etc/config/kratos:ro</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DSN</span><span class="pi">:</span> <span class="s2">"</span><span class="s">postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable"</span> <span class="na">LOG_LEVEL</span><span class="pi">:</span> <span class="s">${LOG_LEVEL}</span> <span class="na">command</span><span class="pi">:</span> <span class="s">serve -c /etc/config/kratos/kratos.yml --watch-courier</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:4434:4434"</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">4433"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kratos.rule=Host(`${DOMAIN}`)</span><span class="nv"> </span><span class="s">&amp;&amp;</span><span class="nv"> </span><span class="s">PathPrefix(`/.ory/kratos/public`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kratos.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kratos.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.kratos.loadbalancer.server.port=4433"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">kratos-ui</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">oryd/kratos-selfservice-ui-node:${KRATOS_VERSION}</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">kratos-ui</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">kratos</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">KRATOS_PUBLIC_URL</span><span class="pi">:</span> <span class="s">https://${DOMAIN}/.ory/kratos/public</span> <span class="na">KRATOS_BROWSER_URL</span><span class="pi">:</span> <span class="s">https://${DOMAIN}/.ory/kratos/public</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3000"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kratos-ui.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kratos-ui.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kratos-ui.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.kratos-ui.loadbalancer.server.port=3000"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Start the stack:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> <span class="gp">$</span><span class="w"> </span>docker compose ps <span class="nt">-a</span> <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Health Checks </h2> <p><strong>1. Probe the admin API on the loopback:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose <span class="nb">exec </span>kratos wget <span class="nt">-qO-</span> http://127.0.0.1:4434/health/alive </code></pre> </div> <p><strong>2. Probe the public API over HTTPS:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-s</span> https://kratos.example.com/.ory/kratos/public/health/alive </code></pre> </div> <p><strong>3. Confirm the self-service UI loads:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-s</span> <span class="nt">-o</span> /dev/null <span class="nt">-w</span> <span class="s2">"%{http_code}"</span> https://kratos.example.com/ </code></pre> </div> <h2> Register and Sign In via the API </h2> <p><strong>1. Open a registration flow:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-s</span> https://kratos.example.com/.ory/kratos/public/self-service/registration/api </code></pre> </div> <p>Capture the <code>id</code> from the response — it's the <code>FLOW_ID</code> below.</p> <p><strong>2. Submit the registration:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-s</span> <span class="nt">-X</span> POST <span class="se">\</span> <span class="go"> "https://kratos.example.com/.ory/kratos/public/self-service/registration?flow=FLOW_ID" \ -H 'Content-Type: application/json' \ -d '{ "method": "password", "password": "YOUR-PASSWORD", "traits": { "email": "YOUR-EMAIL", "name": { "first": "FIRST-NAME", "last": "LAST-NAME" } } }' </span></code></pre> </div> <p><strong>3. List identities through the admin API:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose <span class="nb">exec </span>kratos wget <span class="nt">-qO-</span> http://127.0.0.1:4434/admin/identities </code></pre> </div> <p><strong>4. Sign in:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-s</span> https://kratos.example.com/.ory/kratos/public/self-service/login/api <span class="gp">$</span><span class="w"> </span>curl <span class="nt">-s</span> <span class="nt">-X</span> POST <span class="se">\</span> <span class="go"> "https://kratos.example.com/.ory/kratos/public/self-service/login?flow=FLOW_ID" \ -H 'Content-Type: application/json' \ -d '{ "method": "password", "identifier": "YOUR-EMAIL", "password": "YOUR-PASSWORD" }' </span></code></pre> </div> <p><strong>5. Verify the session:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-s</span> https://kratos.example.com/.ory/kratos/public/sessions/whoami <span class="se">\</span> <span class="go"> -H "X-Session-Token: SESSION_TOKEN" </span></code></pre> </div> <h2> Next Steps </h2> <p>Kratos is running with PostgreSQL persistence, the self-service UI, and HTTPS in front of the public API. From here you can:</p> <ul> <li>Add social sign-in (Google, GitHub, Apple) through the OIDC provider list</li> <li>Wire Kratos sessions to other services via Ory Oathkeeper or forward-auth</li> <li>Use Ory Hydra alongside Kratos to expose OpenID Connect to client apps</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-ory-kratos-open-source-identity-and-user-management-system" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> security docker devops auth Sanskriti Harmukh Tue, 23 Jun 2026 18:39:56 +0000 https://dev.to/vultr/deploying-nocodb-open-source-airtable-alternative-on-ubuntu-2404-2eam https://dev.to/vultr/deploying-nocodb-open-source-airtable-alternative-on-ubuntu-2404-2eam <p>NocoDB is an open-source no-code platform that puts a spreadsheet-style UI on top of a relational database, with grid, form, Kanban, and gallery views plus a REST API. This guide deploys NocoDB using Docker Compose with a PostgreSQL backend and Traefik handling automatic HTTPS, then exercises the API with a sample base. By the end, you'll have NocoDB serving a base over HTTPS with API access at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directories:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/nocodb/<span class="o">{</span>data,pgdata,letsencrypt<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/nocodb </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">nocodb.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">POSTGRES_DB</span><span class="p">=</span><span class="s">postgres</span> <span class="py">POSTGRES_PASSWORD</span><span class="p">=</span><span class="s">strong_password</span> <span class="py">POSTGRES_USER</span><span class="p">=</span><span class="s">postgres</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:16</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">nocodb-db</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">root_db</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">${POSTGRES_DB}</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">${POSTGRES_USER}</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">${POSTGRES_PASSWORD}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./pgdata:/var/lib/postgresql/data"</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-U"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">${POSTGRES_USER}"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-d"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">${POSTGRES_DB}"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">nocodb</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nocodb/nocodb:0.301.2</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">nocodb</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">NC_DB</span><span class="pi">:</span> <span class="s2">"</span><span class="s">pg://db:5432?u=${POSTGRES_USER}&amp;p=${POSTGRES_PASSWORD}&amp;d=${POSTGRES_DB}"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./data:/usr/app/data"</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8080"</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.nocodb.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.nocodb.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.nocodb.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.nocodb.loadbalancer.server.port=8080"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the services and tail logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Create the Super Admin </h2> <ol> <li>Open <code>https://nocodb.example.com</code>.</li> <li>Register the Super Admin account with email and password.</li> <li>Complete the onboarding wizard (role and workspace prefs).</li> </ol> <h2> Create a Base and Query the API </h2> <p><strong>1. From the dashboard, create a base named <code>Employee Directory</code>.</strong></p> <p><strong>2. Add a table named <code>Employees</code></strong> with fields: <code>Name</code> (text), <code>Email</code> (text), <code>Department</code> (text).</p> <p><strong>3. Insert a sample record</strong> — for example, <code>Jane Smith</code>, <code>jane@example.com</code>, <code>Engineering</code>.</p> <p><strong>4. Generate an API token</strong> from the profile menu → <strong>API Tokens</strong>.</p> <p><strong>5. Copy the table ID</strong> from the table context menu.</p> <p><strong>6. Query the table over HTTPS:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-s</span> <span class="nt">-H</span> <span class="s2">"xc-token: YOUR_API_TOKEN"</span> <span class="se">\</span> <span class="go"> "https://nocodb.example.com/api/v2/tables/TABLE_ID/records" | jq </span></code></pre> </div> <h2> Next Steps </h2> <p>NocoDB is running and served securely over HTTPS. From here you can:</p> <ul> <li>Add views (Grid, Form, Kanban, Gallery, Calendar) for the same table</li> <li>Invite collaborators with role-based permissions per base</li> <li>Wire automations to webhooks or Zapier/Make for downstream integrations</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-nocodb-open-source-airtable-alternative" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> database docker devops selfhosted Sanskriti Harmukh Tue, 23 Jun 2026 18:39:33 +0000 https://dev.to/vultr/deploying-mlflow-open-source-machine-learning-experiment-tracking-on-ubuntu-2404-1fcg https://dev.to/vultr/deploying-mlflow-open-source-machine-learning-experiment-tracking-on-ubuntu-2404-1fcg <p>MLflow is an open-source platform for managing the machine learning lifecycle — experiment tracking, model registry, and reproducible runs. This guide deploys MLflow using Docker Compose with a PostgreSQL backend, S3-compatible artifact storage, basic-auth, and Traefik handling automatic HTTPS, then logs a sample scikit-learn run. By the end, you'll have MLflow recording experiments at your domain over HTTPS.</p> <blockquote> <p><strong>Prerequisite:</strong> An S3-compatible bucket (e.g. Vultr Object Storage) with access key, secret key, region, and endpoint URL.</p> </blockquote> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/mlflow <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/mlflow </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">mlflow.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> <span class="py">POSTGRES_USER</span><span class="p">=</span><span class="s">mlflow</span> <span class="py">POSTGRES_PASSWORD</span><span class="p">=</span><span class="s">StrongDatabasePassword123</span> <span class="py">MLFLOW_AUTH_CONFIG_PATH</span><span class="p">=</span><span class="s">/app/basic_auth.ini</span> <span class="py">MLFLOW_FLASK_SERVER_SECRET_KEY</span><span class="p">=</span><span class="s">GENERATED_SECRET_KEY</span> <span class="py">S3_BUCKET</span><span class="p">=</span><span class="s">mlflow-artifacts</span> <span class="py">S3_ACCESS_KEY</span><span class="p">=</span><span class="s">YOUR_ACCESS_KEY</span> <span class="py">S3_SECRET_KEY</span><span class="p">=</span><span class="s">YOUR_SECRET_KEY</span> <span class="py">S3_REGION</span><span class="p">=</span><span class="s">YOUR_REGION</span> <span class="py">S3_ENDPOINT</span><span class="p">=</span><span class="s">https://YOUR_OBJECT_STORAGE_ENDPOINT</span> </code></pre> </div> <p><strong>3. Create the basic-auth configuration:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano basic_auth.ini </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="nn">[mlflow]</span> <span class="py">default_permission</span> <span class="p">=</span> <span class="s">READ</span> <span class="py">database_uri</span> <span class="p">=</span> <span class="s">sqlite:///basic_auth.db</span> <span class="py">admin_username</span> <span class="p">=</span> <span class="s">admin</span> <span class="py">admin_password</span> <span class="p">=</span> <span class="s">ADMIN_PASSWORD</span> <span class="py">authorization_function</span> <span class="p">=</span> <span class="s">mlflow.server.auth:authenticate_request_basic_auth</span> </code></pre> </div> <p><strong>4. Create a Dockerfile that adds the auth-server extras and Postgres/S3 clients to the official image:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano Dockerfile </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> ghcr.io/mlflow/mlflow:v3.10.1</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> psycopg2-binary boto3 <span class="s1">'mlflow[auth]'</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:15</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">mlflow-postgres</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">${POSTGRES_USER}</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">${POSTGRES_PASSWORD}</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">mlflow</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./postgres_data:/var/lib/postgresql/data</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD-SHELL"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">${POSTGRES_USER}"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">mlflow</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">.</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">mlflow</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5000"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">AWS_ACCESS_KEY_ID</span><span class="pi">:</span> <span class="s">${S3_ACCESS_KEY}</span> <span class="na">AWS_SECRET_ACCESS_KEY</span><span class="pi">:</span> <span class="s">${S3_SECRET_KEY}</span> <span class="na">AWS_DEFAULT_REGION</span><span class="pi">:</span> <span class="s">${S3_REGION}</span> <span class="na">AWS_S3_FORCE_PATH_STYLE</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">MLFLOW_S3_ENDPOINT_URL</span><span class="pi">:</span> <span class="s">${S3_ENDPOINT}</span> <span class="na">MLFLOW_AUTH_CONFIG_PATH</span><span class="pi">:</span> <span class="s">${MLFLOW_AUTH_CONFIG_PATH}</span> <span class="na">MLFLOW_FLASK_SERVER_SECRET_KEY</span><span class="pi">:</span> <span class="s">${MLFLOW_FLASK_SERVER_SECRET_KEY}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./basic_auth.ini:/app/basic_auth.ini:ro</span> <span class="pi">-</span> <span class="s">./mlflow_auth:/app</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">&gt;</span> <span class="s">mlflow server</span> <span class="s">--backend-store-uri "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/mlflow"</span> <span class="s">--default-artifact-root "s3://${S3_BUCKET}/"</span> <span class="s">--serve-artifacts</span> <span class="s">--host 0.0.0.0</span> <span class="s">--port 5000</span> <span class="s">--allowed-hosts "${DOMAIN},https://${DOMAIN}"</span> <span class="s">--app-name basic-auth</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.mlflow.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.mlflow.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.mlflow.tls.certresolver=letsencrypt"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Build and start the stack:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> <span class="nt">--build</span> </code></pre> </div> <p><strong>3. Verify the services and tail logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Sign In and Log a Sample Experiment </h2> <p><strong>1. Open <code>https://mlflow.example.com</code> and authenticate with <code>admin</code> / the password from <code>basic_auth.ini</code>.</strong></p> <p><strong>2. On the workstation, create a virtualenv and install dependencies:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>apt <span class="nb">install </span>python3-venv <span class="nt">-y</span> <span class="gp">$</span><span class="w"> </span>python3 <span class="nt">-m</span> venv mlflow-env <span class="gp">$</span><span class="w"> </span><span class="nb">source </span>mlflow-env/bin/activate <span class="gp">$</span><span class="w"> </span>pip <span class="nb">install </span>mlflow scikit-learn pandas numpy boto3 </code></pre> </div> <p><strong>3. Save a demo experiment script:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano mlflow_demo.py </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">mlflow</span> <span class="kn">import</span> <span class="n">mlflow.sklearn</span> <span class="kn">from</span> <span class="n">sklearn.model_selection</span> <span class="kn">import</span> <span class="n">train_test_split</span> <span class="kn">from</span> <span class="n">sklearn.linear_model</span> <span class="kn">import</span> <span class="n">ElasticNet</span> <span class="kn">from</span> <span class="n">sklearn.metrics</span> <span class="kn">import</span> <span class="n">mean_squared_error</span><span class="p">,</span> <span class="n">r2_score</span> <span class="kn">from</span> <span class="n">sklearn.datasets</span> <span class="kn">import</span> <span class="n">load_diabetes</span> <span class="kn">import</span> <span class="n">pandas</span> <span class="k">as</span> <span class="n">pd</span> <span class="kn">import</span> <span class="n">numpy</span> <span class="k">as</span> <span class="n">np</span> <span class="n">diabetes</span> <span class="o">=</span> <span class="nf">load_diabetes</span><span class="p">()</span> <span class="n">X</span> <span class="o">=</span> <span class="n">pd</span><span class="p">.</span><span class="nc">DataFrame</span><span class="p">(</span><span class="n">diabetes</span><span class="p">.</span><span class="n">data</span><span class="p">,</span> <span class="n">columns</span><span class="o">=</span><span class="n">diabetes</span><span class="p">.</span><span class="n">feature_names</span><span class="p">)</span> <span class="n">y</span> <span class="o">=</span> <span class="n">pd</span><span class="p">.</span><span class="nc">Series</span><span class="p">(</span><span class="n">diabetes</span><span class="p">.</span><span class="n">target</span><span class="p">)</span> <span class="n">X_train</span><span class="p">,</span> <span class="n">X_test</span><span class="p">,</span> <span class="n">y_train</span><span class="p">,</span> <span class="n">y_test</span> <span class="o">=</span> <span class="nf">train_test_split</span><span class="p">(</span><span class="n">X</span><span class="p">,</span> <span class="n">y</span><span class="p">,</span> <span class="n">test_size</span><span class="o">=</span><span class="mf">0.2</span><span class="p">,</span> <span class="n">random_state</span><span class="o">=</span><span class="mi">42</span><span class="p">)</span> <span class="n">mlflow</span><span class="p">.</span><span class="nf">set_tracking_uri</span><span class="p">(</span><span class="sh">"</span><span class="s">https://mlflow.example.com</span><span class="sh">"</span><span class="p">)</span> <span class="n">mlflow</span><span class="p">.</span><span class="nf">set_experiment</span><span class="p">(</span><span class="sh">"</span><span class="s">official_demo_experiment</span><span class="sh">"</span><span class="p">)</span> <span class="k">with</span> <span class="n">mlflow</span><span class="p">.</span><span class="nf">start_run</span><span class="p">():</span> <span class="n">alpha</span><span class="p">,</span> <span class="n">l1_ratio</span> <span class="o">=</span> <span class="mf">0.5</span><span class="p">,</span> <span class="mf">0.5</span> <span class="n">mlflow</span><span class="p">.</span><span class="nf">log_param</span><span class="p">(</span><span class="sh">"</span><span class="s">alpha</span><span class="sh">"</span><span class="p">,</span> <span class="n">alpha</span><span class="p">)</span> <span class="n">mlflow</span><span class="p">.</span><span class="nf">log_param</span><span class="p">(</span><span class="sh">"</span><span class="s">l1_ratio</span><span class="sh">"</span><span class="p">,</span> <span class="n">l1_ratio</span><span class="p">)</span> <span class="n">model</span> <span class="o">=</span> <span class="nc">ElasticNet</span><span class="p">(</span><span class="n">alpha</span><span class="o">=</span><span class="n">alpha</span><span class="p">,</span> <span class="n">l1_ratio</span><span class="o">=</span><span class="n">l1_ratio</span><span class="p">,</span> <span class="n">random_state</span><span class="o">=</span><span class="mi">42</span><span class="p">)</span> <span class="n">model</span><span class="p">.</span><span class="nf">fit</span><span class="p">(</span><span class="n">X_train</span><span class="p">,</span> <span class="n">y_train</span><span class="p">)</span> <span class="n">y_pred</span> <span class="o">=</span> <span class="n">model</span><span class="p">.</span><span class="nf">predict</span><span class="p">(</span><span class="n">X_test</span><span class="p">)</span> <span class="n">rmse</span> <span class="o">=</span> <span class="n">np</span><span class="p">.</span><span class="nf">sqrt</span><span class="p">(</span><span class="nf">mean_squared_error</span><span class="p">(</span><span class="n">y_test</span><span class="p">,</span> <span class="n">y_pred</span><span class="p">))</span> <span class="n">r2</span> <span class="o">=</span> <span class="nf">r2_score</span><span class="p">(</span><span class="n">y_test</span><span class="p">,</span> <span class="n">y_pred</span><span class="p">)</span> <span class="n">mlflow</span><span class="p">.</span><span class="nf">log_metric</span><span class="p">(</span><span class="sh">"</span><span class="s">rmse</span><span class="sh">"</span><span class="p">,</span> <span class="n">rmse</span><span class="p">)</span> <span class="n">mlflow</span><span class="p">.</span><span class="nf">log_metric</span><span class="p">(</span><span class="sh">"</span><span class="s">r2</span><span class="sh">"</span><span class="p">,</span> <span class="n">r2</span><span class="p">)</span> <span class="n">mlflow</span><span class="p">.</span><span class="n">sklearn</span><span class="p">.</span><span class="nf">log_model</span><span class="p">(</span><span class="n">model</span><span class="p">,</span> <span class="sh">"</span><span class="s">model</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>4. Export credentials and run the script:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">export </span><span class="nv">MLFLOW_TRACKING_USERNAME</span><span class="o">=</span>admin <span class="gp">$</span><span class="w"> </span><span class="nb">export </span><span class="nv">MLFLOW_TRACKING_PASSWORD</span><span class="o">=</span>ADMIN_PASSWORD <span class="gp">$</span><span class="w"> </span><span class="nb">export </span><span class="nv">AWS_ACCESS_KEY_ID</span><span class="o">=</span>YOUR_ACCESS_KEY <span class="gp">$</span><span class="w"> </span><span class="nb">export </span><span class="nv">AWS_SECRET_ACCESS_KEY</span><span class="o">=</span>YOUR_SECRET_KEY <span class="gp">$</span><span class="w"> </span><span class="nb">export </span><span class="nv">MLFLOW_S3_ENDPOINT_URL</span><span class="o">=</span>https://YOUR_OBJECT_STORAGE_ENDPOINT <span class="gp">$</span><span class="w"> </span>python3 mlflow_demo.py </code></pre> </div> <p>Refresh the MLflow UI — the run appears under <code>official_demo_experiment</code> with logged parameters, metrics, and the persisted model artifact.</p> <h2> Next Steps </h2> <p>MLflow is running with PostgreSQL persistence and S3 artifacts. From here you can:</p> <ul> <li>Register top runs in the <strong>Model Registry</strong> for staged promotion</li> <li>Wire <code>mlflow.autolog()</code> into your training code for hands-off tracking</li> <li>Add team users and per-experiment permissions in the basic-auth database</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-mlflow-open-source-machine-learning-experiment-tracking" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> mlops docker devops ai Sanskriti Harmukh Tue, 23 Jun 2026 18:38:59 +0000 https://dev.to/vultr/deploying-localai-self-hosted-ai-model-management-platform-on-ubuntu-2404-fo3 https://dev.to/vultr/deploying-localai-self-hosted-ai-model-management-platform-on-ubuntu-2404-fo3 <p>LocalAI is an open-source platform for running Large Language Models locally with an OpenAI-compatible API, so you can swap it in behind existing OpenAI client code without paying per-token or sending data off-server. This guide deploys LocalAI using Docker Compose with Traefik handling automatic HTTPS, persistent model and cache directories, and a working chat-completion test. By the end, you'll have LocalAI serving an OpenAI-compatible API securely at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directories:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/localai/<span class="o">{</span>models,cache<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/localai </code></pre> </div> <p><code>models/</code> holds downloaded model files; <code>cache/</code> persists between restarts.</p> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">localai.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Add your user to the Docker group:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker <span class="nv">$USER</span> <span class="gp">$</span><span class="w"> </span>newgrp docker </code></pre> </div> <p><strong>2. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DOCKER_API_VERSION</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.44"</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">./letsencrypt:/letsencrypt</span> <span class="na">localai</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">localai/localai:latest-aio-cpu</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">localai</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./models:/models:cached</span> <span class="pi">-</span> <span class="s">./cache:/cache:cached</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">curl"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-f"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">http://localhost:8080/readyz"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">1m</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">20s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.localai.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.localai.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.localai.tls=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.localai.tls.certresolver=le"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.localai.loadbalancer.server.port=8080"</span> </code></pre> </div> <p>Swap <code>localai/localai:latest-aio-cpu</code> for a GPU variant (<code>latest-aio-gpu-nvidia-cuda-12</code>) if the host has an NVIDIA GPU.</p> <p><strong>3. Set the models directory permissions and start the stack:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">sudo chmod</span> <span class="nt">-R</span> 755 ~/localai/models <span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> <span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <h2> Verify the API </h2> <p><strong>1. Check readiness:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-i</span> https://localai.example.com/readyz </code></pre> </div> <p>A <code>200 OK</code> confirms Traefik is routing to LocalAI.</p> <p><strong>2. List the available models:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl https://localai.example.com/v1/models </code></pre> </div> <p><strong>3. Run a chat completion:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>curl <span class="nt">-X</span> POST https://localai.example.com/v1/chat/completions <span class="se">\</span> <span class="go"> -H "Content-Type: application/json" \ -d '{ "model": "gpt-4", "messages": [ {"role": "user", "content": "Explain what LocalAI does in one sentence."} ], "max_tokens": 60 }' </span></code></pre> </div> <p>LocalAI returns a response in the OpenAI completion shape.</p> <h2> Access the Dashboard </h2> <p>Open <code>https://localai.example.com</code> in a browser to browse the model gallery, install new models, and run inference from the UI.</p> <h2> Next Steps </h2> <p>LocalAI is running and served securely over HTTPS. From here you can:</p> <ul> <li>Install additional models from the gallery for domain-specific tasks</li> <li>Point any OpenAI SDK at the LocalAI base URL by changing <code>OPENAI_API_BASE</code> </li> <li>Run a GPU variant for image generation, embeddings, and faster LLM inference</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-localai-self-hosted-ai-model-management-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> ai docker devops selfhosted Sanskriti Harmukh Tue, 23 Jun 2026 18:38:22 +0000 https://dev.to/vultr/deploying-librechat-open-source-ai-chat-platform-on-ubuntu-2404-36ff https://dev.to/vultr/deploying-librechat-open-source-ai-chat-platform-on-ubuntu-2404-36ff <p>LibreChat is an open-source, ChatGPT-style web UI that supports OpenAI, Anthropic, Azure OpenAI, Gemini, OpenRouter, local OpenAI-compatible endpoints, and more — with MongoDB-backed conversation history and Meilisearch-powered search. This guide deploys LibreChat using its official Compose manifest plus a Traefik override for automatic HTTPS. By the end, you'll have LibreChat running with a registration page and multi-provider chat at your domain over HTTPS.</p> <h2> Clone LibreChat and Prepare the Environment </h2> <p><strong>1. Clone the LibreChat repository and check out a stable tag:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>git clone https://github.com/danny-avila/LibreChat.git <span class="gp">$</span><span class="w"> </span><span class="nb">cd </span>LibreChat <span class="gp">$</span><span class="w"> </span>git checkout tags/v0.8.3 </code></pre> </div> <p><strong>2. Find the Meilisearch data directory name pinned by this release:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">grep</span> <span class="nt">-o</span> <span class="s1">'meili_data_v[0-9.]*'</span> docker-compose.yml | <span class="nb">head</span> <span class="nt">-1</span> </code></pre> </div> <p><strong>3. Create the required data directories (replace <code>meili_data_v1.35.1</code> if the previous command printed a different name):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> data-node images logs meili_data_v1.35.1 uploads <span class="gp">$</span><span class="w"> </span><span class="nb">sudo chown</span> <span class="nt">-R</span> 1000:1000 meili_data_v1.35.1 </code></pre> </div> <p><strong>4. Copy the env template and uncomment the UID/GID lines:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">cp</span> .env.example .env <span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">UID</span><span class="p">=</span><span class="s">1000</span> <span class="py">GID</span><span class="p">=</span><span class="s">1000</span> </code></pre> </div> <h2> Override the Compose Stack with Traefik </h2> <p><strong>1. Create a Compose override that adds Traefik and wires the API to it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.override.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">api</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.librechat.rule=Host(`librechat.example.com`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.librechat.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.librechat.tls.certresolver=leresolver"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.librechat.loadbalancer.server.port=3080"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./librechat.yaml:/app/librechat.yaml</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6.10</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.permanent=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.leresolver.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.leresolver.acme.email=admin@example.com"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json"</span> </code></pre> </div> <p><strong>2. Create an empty LibreChat configuration file (mounted by the override):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">touch </span>librechat.yaml </code></pre> </div> <h2> Start the Stack </h2> <p><strong>1. Bring everything up:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p>Compose starts the LibreChat API, MongoDB, Meilisearch, and Traefik. Traefik requests a TLS certificate from Let's Encrypt over the HTTP-01 challenge and routes HTTPS to LibreChat on port 3080.</p> <p><strong>2. Verify the containers are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps </code></pre> </div> <p><strong>3. Tail the logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose logs <span class="nt">--tail</span><span class="o">=</span>50 </code></pre> </div> <p>You should see MongoDB initialize, Meilisearch start, Traefik register the route, and the LibreChat API listening on port 3080.</p> <h2> Register and Sign In </h2> <p><strong>1. Open the registration page in a browser:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://librechat.example.com/register </code></pre> </div> <p><strong>2. Fill in your name, username, email, and password and click **Continue</strong>.**</p> <p><strong>3. Sign in with the new credentials</strong> — the dashboard loads with the model selector and conversation interface.</p> <p>To enable Google / GitHub / Discord / OpenID Connect sign-up, set <code>ALLOW_SOCIAL_LOGIN=true</code> and <code>ALLOW_SOCIAL_REGISTRATION=true</code> in <code>.env</code> and restart the stack.</p> <h2> Next Steps </h2> <p>LibreChat is running and served securely over HTTPS. From here you can:</p> <ul> <li>Plug in API keys for OpenAI, Anthropic, Azure, Gemini, or OpenRouter in <code>.env</code> </li> <li>Point LibreChat at a local OpenAI-compatible endpoint (Ollama, LocalAI) via <code>librechat.yaml</code> </li> <li>Enable file uploads, RAG, and image generation through the dashboard settings</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-librechat-open-source-ai-chat-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> ai docker devops selfhosted Sanskriti Harmukh Tue, 16 Jun 2026 20:57:20 +0000 https://dev.to/vultr/deploying-label-studio-open-source-data-labeling-platform-on-ubuntu-2404-5bd0 https://dev.to/vultr/deploying-label-studio-open-source-data-labeling-platform-on-ubuntu-2404-5bd0 <p>Label Studio is an open-source data labeling platform that supports annotation across text, images, audio, video, and time series, with collaborative workflows and ML-model integrations. This guide deploys Label Studio using Docker Compose with Traefik handling automatic HTTPS and persistent volumes for projects and labels. By the end, you'll have Label Studio serving an annotation workspace securely at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directory:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> ~/labelstudio <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/labelstudio </code></pre> </div> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">DOMAIN</span><span class="p">=</span><span class="s">labelstudio.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">./letsencrypt:/letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/var/run/docker.sock:/var/run/docker.sock:ro"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">labelstudio</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">heartexlabs/label-studio:1.23.0</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">labelstudio</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8080"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">DJANGO_ALLOWED_HOSTS=${DOMAIN}</span> <span class="pi">-</span> <span class="s">CSRF_TRUSTED_ORIGINS=https://${DOMAIN}</span> <span class="pi">-</span> <span class="s">USE_X_FORWARDED_HOST=true</span> <span class="pi">-</span> <span class="s">SECURE_PROXY_SSL_HEADER=HTTP_X_FORWARDED_PROTO,https</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data:/label-studio/data</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.labelstudio.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.labelstudio.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.labelstudio.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.labelstudio.loadbalancer.server.port=8080"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> </code></pre> </div> <p><strong>2. Create the data directory with group write access:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir </span>data <span class="gp">$</span><span class="w"> </span><span class="nb">sudo chown</span> :0 data </code></pre> </div> <p><strong>3. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>4. Verify the services and view logs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Create the Admin and a Sample Project </h2> <p><strong>1.</strong> Open <code>https://labelstudio.example.com</code> and click <strong>Sign Up</strong> to create the first administrator.</p> <p><strong>2.</strong> From the dashboard, click <strong>Create Project</strong> and set:</p> <ul> <li> <strong>Project Name:</strong> <code>Sentiment Analysis</code> </li> <li> <strong>Labeling Template:</strong> <strong>Text Classification</strong> </li> </ul> <p><strong>3.</strong> Click <strong>Save</strong>, then <strong>Import</strong> and paste the sample data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="nl">"text"</span><span class="p">:</span><span class="w"> </span><span class="s2">"This product is amazing."</span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="nl">"text"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Worst experience ever."</span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <p><strong>4.</strong> Annotate each task, click <strong>Submit</strong>, and confirm the Data Manager shows them as <strong>Completed</strong>.</p> <h2> Next Steps </h2> <p>Label Studio is running and served securely over HTTPS. From here you can:</p> <ul> <li>Configure ML backends (PyTorch, scikit-learn) for active learning loops</li> <li>Invite collaborators with role-based permissions per project</li> <li>Export annotated datasets in COCO, YOLO, JSON, or CSV for downstream training</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-label-studio-open-source-data-labeling-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> ai docker devops datascience Sanskriti Harmukh Tue, 16 Jun 2026 20:55:36 +0000 https://dev.to/vultr/deploying-kestra-open-source-workflow-orchestration-platform-on-ubuntu-2404-4nei https://dev.to/vultr/deploying-kestra-open-source-workflow-orchestration-platform-on-ubuntu-2404-4nei <p>Kestra is an open-source workflow orchestration platform that runs YAML-defined pipelines on schedules, triggers, or events, with a web UI for managing executions, logs, and metadata. This guide deploys Kestra using Docker Compose with a PostgreSQL backend and Traefik handling automatic HTTPS. By the end, you'll have Kestra running a sample workflow with a SUCCESS execution at your domain.</p> <h2> Set Up the Directory Structure </h2> <p><strong>1. Create the project directories:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/kestra/data/<span class="o">{</span>postgres,kestra,traefik<span class="o">}</span> <span class="gp">$</span><span class="w"> </span><span class="nb">cd</span> ~/kestra </code></pre> </div> <p><code>postgres/</code> holds the database, <code>kestra/</code> holds execution artifacts, <code>traefik/</code> holds Let's Encrypt certificates.</p> <p><strong>2. Create the environment file:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano .env </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">POSTGRES_DB</span><span class="p">=</span><span class="s">kestra</span> <span class="py">POSTGRES_USER</span><span class="p">=</span><span class="s">kestra</span> <span class="py">POSTGRES_PASSWORD</span><span class="p">=</span><span class="s">STRONG-PASSWORD</span> <span class="py">DOMAIN</span><span class="p">=</span><span class="s">kestra.example.com</span> <span class="py">LETSENCRYPT_EMAIL</span><span class="p">=</span><span class="s">admin@example.com</span> </code></pre> </div> <h2> Deploy with Docker Compose </h2> <p><strong>1. Create the Compose manifest:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>nano docker-compose.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">traefik</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">traefik:v3.6</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--providers.docker.exposedbydefault=false"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.address=:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.websecure.address=:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.to=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--entrypoints.web.http.redirections.entrypoint.scheme=https"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.tlschallenge=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/run/docker.sock:/var/run/docker.sock:ro</span> <span class="pi">-</span> <span class="s">./data/traefik:/letsencrypt</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:15</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">${POSTGRES_DB}</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">${POSTGRES_USER}</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">${POSTGRES_PASSWORD}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data/postgres:/var/lib/postgresql/data</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD-SHELL"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">${POSTGRES_USER}"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">kestra</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">kestra/kestra:v1.3.6</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">command</span><span class="pi">:</span> <span class="s">server standalone</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">KESTRA_CONFIGURATION</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">datasources:</span> <span class="s">postgres:</span> <span class="s">url: jdbc:postgresql://postgres:5432/${POSTGRES_DB}</span> <span class="s">driverClassName: org.postgresql.Driver</span> <span class="s">username: ${POSTGRES_USER}</span> <span class="s">password: ${POSTGRES_PASSWORD}</span> <span class="s">kestra:</span> <span class="s">repository:</span> <span class="s">type: postgres</span> <span class="s">storage:</span> <span class="s">type: local</span> <span class="s">local:</span> <span class="s">basePath: /app/storage</span> <span class="s">queue:</span> <span class="s">type: postgres</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data/kestra:/app/storage</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.enable=true"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kestra.rule=Host(`${DOMAIN}`)"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kestra.entrypoints=websecure"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.routers.kestra.tls.certresolver=letsencrypt"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.services.kestra.loadbalancer.server.port=8080"</span> </code></pre> </div> <p><strong>2. Start the services:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <p><strong>3. Verify the services are running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">$</span><span class="w"> </span>docker compose ps <span class="gp">$</span><span class="w"> </span>docker compose logs </code></pre> </div> <h2> Create the Admin Account </h2> <ol> <li>Open <code>https://kestra.example.com</code>.</li> <li>On the <strong>Create an admin user</strong> page, fill in email and a password with ≥8 characters, ≥1 uppercase, ≥1 number.</li> <li>Click <strong>Create admin user</strong>, then <strong>Start Kestra UI</strong>.</li> </ol> <h2> Create and Run a Sample Workflow </h2> <p><strong>1. Click **Flows → Create</strong> in the sidebar, then paste:**<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">id</span><span class="pi">:</span> <span class="s">hello_world</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">demo</span> <span class="na">tasks</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">id</span><span class="pi">:</span> <span class="s">log_message</span> <span class="na">type</span><span class="pi">:</span> <span class="s">io.kestra.core.tasks.log.Log</span> <span class="na">message</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Hello</span><span class="nv"> </span><span class="s">from</span><span class="nv"> </span><span class="s">Kestra!"</span> </code></pre> </div> <p><strong>2. Click **Save</strong>, then <strong>Execute</strong> in the top right.**</p> <p><strong>3. Open **Executions</strong> and select the run** — the status should read <code>SUCCESS</code>.</p> <h2> Next Steps </h2> <p>Kestra is running and served securely over HTTPS. From here you can:</p> <ul> <li>Add schedules, webhook triggers, and event-based triggers to your flows</li> <li>Install plugins for AWS, GCP, Kubernetes, dbt, and Python tasks</li> <li>Wire RBAC for multi-team usage and store secrets via the secret manager</li> </ul> <p>For the full guide with additional tips, visit the original article on <strong><a href="https://docs.vultr.com/how-to-deploy-kestra-open-source-workflow-orchestration-platform" rel="noopener noreferrer">Vultr Docs</a></strong>.</p> automation docker devops selfhosted