Introduction
Dokploy is a self-hosted deployment platform that simplifies containerized application management using Docker Swarm. In this comprehensive tutorial, I'll show you how to install Dokploy on an Ubuntu server, configure security with firewalls, deploy your first Node.js application, and follow production best practices.
Diagram created with https://savnet.co
What You'll Need
Before starting, make sure you have:
- An Ubuntu 24.04 LTS server (minimum 2 GB RAM for testing)
- SSH access with configured keys
- A domain or subdomain (optional but recommended for HTTPS)
- Basic terminal and Docker knowledge
Step 1: Prepare Your Ubuntu Server
If you already have an Ubuntu 24.04 LTS server with SSH access, you can skip this step. If you need to create one, follow these recommendations:
- Choose a cloud or VPS provider that offers Ubuntu 24.04 LTS
- Select a plan with at least 2 GB of RAM for testing
- Configure SSH key access instead of password (more secure)
- Consider enabling backups and monitoring for production
- Note the public IP of your server
If your provider has an integrated firewall (like DigitalOcean Cloud Firewall, AWS Security Groups, etc.), configure the necessary rules from the control panel.
Step 2: Initial Server Configuration
Connect to the server via SSH:
ssh root@YOUR_PUBLIC_IP
Update system and install utilities
apt update && apt upgrade -y
apt install -y curl wget git ufw ca-certificates gnupg lsb-release
Create administrator user (recommended)
adduser deploy
usermod -aG sudo deploy
rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy
Now you can connect with the new user:
ssh deploy@YOUR_PUBLIC_IP
Step 3: Configure Firewall with UFW
Dokploy needs specific ports open. Configure UFW properly:
# Allow SSH first to avoid locking ourselves out
sudo ufw allow OpenSSH
# Open ports needed for Dokploy and applications
sudo ufw allow 80/tcp # HTTP for Traefik
sudo ufw allow 443/tcp # HTTPS for Traefik
sudo ufw allow 443/udp # HTTPS UDP for Traefik
sudo ufw allow 3000/tcp # Dokploy panel (temporary only)
# Enable firewall
sudo ufw enable
sudo ufw status numbered
Important: Docker can bypass UFW rules because it manipulates iptables directly. If your cloud provider offers an integrated firewall (like DigitalOcean Cloud Firewall, AWS Security Groups, etc.), we recommend configuring it as an additional security layer.
Configure the same firewall rules in your provider's panel:
- 22/TCP from your IP or trusted range (SSH)
- 80/TCP from Anywhere (HTTP)
- 443/TCP from Anywhere (HTTPS)
- 443/UDP from Anywhere (HTTPS UDP)
- 3000/TCP temporarily from your IP only (for initial setup)
assets/dropplet-firewall.png
Step 4: Install Dokploy
The official Dokploy installation is straightforward with their script:
curl -sSL https://dokploy.com/install.sh | sudo sh
This script automatically:
- Installs Docker if not present
- Initializes Docker Swarm
- Creates the overlay network
dokploy-network - Deploys Postgres, Redis, and Dokploy services
- Launches Traefik as reverse proxy
- Publishes the panel on port 3000
Step 5: Verify the Installation
Check that everything is working:
# View Docker Swarm services
docker service ls
# View running containers
docker ps
# Verify ports are listening
ss -lntup | grep -E '(:80|:443|:3000)'
Now open your browser and access the Dokploy panel:
http://YOUR_PUBLIC_IP:3000
Complete the initial setup wizard by creating your administrator account.
Step 6: Configure Domain and HTTPS (optional but recommended)
To access your applications with your own domain and HTTPS:
- In your DNS provider's panel (Cloudflare, DigitalOcean, AWS Route53, etc.), add your domain if you haven't already.
- Create DNS records:
-
A record for
@pointing to your server IP -
A record for
wwwpointing to your server IP - Or a subdomain like
dokploy.yourdomain.com
-
A record for
Wait for DNS propagation (may take a few minutes).
Restrict access to port 3000
For security, once Dokploy is configured, restrict access to port 3000:
- In your cloud provider's firewall, limit it to your IP only if you need administrative access
Step 7: Deploy Your First "Hello World" Application in Node.js
Let's create a simple Node.js application and deploy it to Dokploy.
7.1 Create the project locally
Create a folder for your project with the following files:
package.json:
{
"name": "hello-world-dokploy",
"version": "1.0.0",
"description": "Hello World application for Dokploy",
"main": "app.js",
"scripts": {
"start": "node app.js"
},
"dependencies": {
"express": "^4.18.2"
}
}
app.js:
const express = require('express');
const app = express();
const PORT = 3000;
app.get('/', (req, res) => {
res.json({
message: 'Hello World from Dokploy!',
timestamp: new Date().toISOString(),
environment: process.env.NODE_ENV
});
});
app.get('/health', (req, res) => {
res.status(200).send('OK');
});
app.listen(PORT, () => {
console.log(`Server running on port ${PORT}`);
});
Dockerfile:
FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install --omit=dev
COPY . .
EXPOSE 3000
USER node
CMD ["node", "app.js"]
docker-compose.yml (for reference):
version: '3.8'
services:
app:
build: .
environment:
- NODE_ENV=staging
restart: unless-stopped
7.2 Deploy to Dokploy
Deploy part 1
Deploy part 2
- In the Dokploy panel, click Create Project
- Give your project a name (e.g., "Tests")
- In the project panel, click Create Service and select Application
- Name your application: Hello World
- Then access your application and in the bottom section Build Type select Dockerfile and then Save.
- In the top section you have Provider. For this test we'll select the Drop type, however for real cases the best option is through git repository.
- Once Drop is selected, drag to the Zip file area the zip with the code we specified in point 7.1.
- Click the Deploy button
- Once deployment is complete, it will show the Deployments tab where you should see a green dot and Done indicating the process was successful. You can click View to verify the process.
- Now, to deploy our Hello World, go to the Domains tab.
- For this test we'll use a free Traefik domain by clicking on the dice icon, specify that the Container Port is 3000 and enable HTTPS with Let's Encrypt provider.
- Then click the Create button
- When finished, it will give us a URL where we can enter and see our web. Important: since we're using a test domain it will give security warnings. For production environments use your own domain.
7.3 Verify the deployment
Once deployment is complete, access your application:
https://tests-hello-world-puloud-d13d9c-167-172-as2dsaccc234-151.traefik.me/
You should see the JSON "Hello World" message.
Step 8: Production Best Practices
1. Don't build on production server
Dokploy recommends building Docker images in CI/CD (GitHub Actions, GitLab CI) and then deploying the pre-built image. This saves resources and reduces downtime risk.
2. Use health checks
Configure health checks in your applications (like the /health endpoint in our example) so Docker Swarm can monitor status.
3. Configure backups
- Configure regular server backups (if your provider offers this feature)
- Configure regular database backups
- Use
docker volumefor persistent data
4. Monitoring and logs
# View Dokploy logs
docker service logs dokploy --tail 100 -f
# View application logs
docker service logs hello-world_app --tail 100 -f
# View service status
docker service ps hello-world_app
Conclusion
Dokploy offers a robust, self-hosted solution for deploying applications on Docker Swarm. By implementing it on an Ubuntu server, you get a scalable, secure, and professional infrastructure at an accessible cost.
Need a cloud server? You can get an Ubuntu Droplet on DigitalOcean using our referral link and receive initial credits to try this tutorial.
Additional Resources
- Official Dokploy Documentation
- Dokploy Security Guide
- DigitalOcean Firewall Documentation
- Dokploy GitHub Repository
- Dokploy Discord Community
Enjoyed this tutorial? Share your experiences deploying applications with Dokploy in the comments or suggest topics for future articles.
Top comments (0)