How I set up Coolify for hosting/managing my projects
Coolify is a self-hosted alternative to Vercel/Netlify and similar solutions. So it essentially handles managing and hosting your websites and services using Docker.
You can read more about it here. There are also plenty of great videos for Coolify on YouTube.
I set mine up in a Virtual Private Server (VPS) on a cloud provider and the first things I did were the basic security setup of:
- Updating all the Linux packages
- Setting up SSH keys and locking it down so you need a valid SSH key to connect over SSH
- Creating a new user with admin rights and disabling the root user, and using that to login.
- Blocking all ports except ports: 22 (SSH), 80 (HTTP) and 443 (HTTPS)
Then I proceeded to install Coolify using their instructions and started installing a VPN as the first service, so I can lock down the backend to require the VPN to gain access (only accessible on the “localhost”). I opted for Wireguard with WG Easy, as I just needed something basic for at most a couple of users - but if you have a larger setup something like Netbird would be more appropriate.
After that was all up and working and I had a couple of devices with the Wireguard set up, I also removed port 22 from the firewall and then added the UDP port that Wireguard needs to connect - so now I’d need SSH keys and the VPN active to connect directly.
Then I moved on to installing all the other services more meant to manage my projects, and the base setup includes:
- PostgreSQL
- Redis
- MinIO S3
- Gitlab, my git server of choice that doubles as my authentication layer for all the other services using OpenID Connect, when applicabl
- Planka, a self-hosted Trello of sorts so I can keep track of what I’m working on in any given project.
- Outline, a self-hosted Notion of sorts that I use as the Knowledge Base for anything related the projects.
And in Cloudflare I set up a WAF rule on my domain, so that any subdomain that starts with a specific string, for example internal-
for internal-outline.example.com
- then that page is only accessible for Cloudflare IP addresses and the IP address of the VPS (thus requiring an active VPN connection to access it).
I’m pretty happy with it so far and it’s been running great. The only thing that can be a bit cumbersome might be the docker compose files, as some require a bit of set up to get everything working across several dockers. I don’t run my containers with their own dedicated databases for example, instead I connect them to my PostgresSQL docker instance so they all share the same one. To save on compute resources.
After all that was set up I essentially made sure I had backups of everything, and turned on backups for my VPS that hosts all of this at my cloud provider - so should anything go bad I can always roll back to an earlier version to restore it.
Docker Compose Files
Below are the links to my Docker Compose Files used for the above services should you be interested:
(COMING SOON)
One thing that could be improved with the above is to include a - depends on
pointed at the Redis/PostgreSQL database containers, as there is a risk that a service starts up before one of the databases are online…