Dokploy uses Traefik as its built-in reverse proxy and handles all domain routing and SSL certificate management automatically. When you add a domain to an application or Compose service, Dokploy writes the corresponding Traefik router and service configuration in real time — no manual YAML editing or container restarts required. Let’s Encrypt certificates are provisioned and renewed automatically for any domain pointed at your server.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Nettalco/dokploy/llms.txt
Use this file to discover all available pages before exploring further.
How Domains Work
Every application and Compose stack deployed by Dokploy is registered as a Traefik service on the internal Docker network. Traefik watches for configuration changes in its dynamic configuration directory, picks up new router rules immediately, and routes incoming HTTP/HTTPS requests to the correct container. The flow for a new domain:- You add a domain in the Dokploy dashboard.
- Dokploy writes a Traefik dynamic configuration file for the router, service, and (if HTTPS) the TLS resolver.
- Traefik detects the new file and activates the route within seconds.
- If Let’s Encrypt is selected, Traefik contacts the ACME endpoint, completes the HTTP-01 challenge, and stores the certificate automatically.
DNS must be propagated before Let’s Encrypt can issue a certificate. Point your domain’s A record (or CNAME) to your server’s IP address and allow up to 24–48 hours for global propagation, though most records resolve within minutes.
Adding a Domain to an Application
Open the application
Navigate to the project and click on the application or Compose stack you want to expose.
Add a domain
Click Add Domain and fill in the following fields:
| Field | Description |
|---|---|
| Host | The fully-qualified domain name, e.g. app.example.com |
| HTTPS | Enable to use TLS; Traefik will request a certificate |
| Port | The port your container listens on (default: 3000) |
| Path | Optional path prefix for sub-path routing (default: /) |
| Certificate Type | letsencrypt for automatic ACME certs, custom for an uploaded certificate, or none for HTTP only |
| Service Name | (Compose only) The compose service to route traffic to |
HTTPS and Certificate Types
Dokploy supports three certificate modes, controlled by thecertificateType field on each domain:
- Let's Encrypt (letsencrypt)
- Custom Certificate (custom)
- No Certificate (none)
The default and recommended option for public-facing domains. Traefik automatically requests, installs, and renews certificates from Let’s Encrypt using the HTTP-01 ACME challenge.Requirements:
- Port 80 must be publicly reachable on the server (for the ACME challenge).
- The domain’s DNS A record must point to the server’s IP.
Domain Validation
Before saving a domain, you can check whether DNS has propagated using the Validate Domain feature. Dokploy resolves the provided hostname and compares the returned IP address against the server’s configured IP.Domain validation is advisory — you can still save a domain before DNS propagates. The Traefik route will be created immediately; Let’s Encrypt will succeed once DNS resolves correctly.
Auto-Generated Domains
For quick testing without a real domain, Dokploy can generate a temporary.traefik.me subdomain. These domains use a wildcard DNS entry (*.traefik.me) that resolves to any IP address, so no DNS configuration is needed on your side.
Click Generate Domain on any application’s Domains tab to get a domain in the format <random>.<server-ip>.traefik.me. The canGenerateTraefikMeDomains check confirms that your server IP is configured before showing the option.
.traefik.me domains are intended for development and testing only. They do not offer HTTPS via Let’s Encrypt because the IP-based wildcard DNS cannot be used for ACME validation. Use a real domain for production deployments.Dashboard Domain
By default the Dokploy dashboard is served on port3000. You can assign a custom domain to the dashboard itself so it is accessible at https://dokploy.example.com:
- Navigate to Settings → Server.
- Under Dashboard Domain, enter your desired hostname.
- Click Save (
settings.assignDomainServer).
Certificates Management
The dedicated Certificates panel (under Settings → Certificates) lets you manage custom TLS certificates independently of individual domains:- Upload a certificate with its private key.
- Update an existing certificate (e.g. after manual renewal).
- Delete certificates that are no longer in use.
Security Headers and Redirects
HTTP → HTTPS Redirect
When HTTPS is enabled on a domain, Dokploy automatically configures a Traefik middleware that permanently redirects all HTTP traffic (http://) to HTTPS (https://). No additional configuration is required.