Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Nettalco/dokploy/llms.txt

Use this file to discover all available pages before exploring further.

Self-hosting Dokploy gives you complete control over your deployment infrastructure. Your application data, build logs, database contents, and Traefik configuration all live on a server you own — in the region you choose, under the data-residency rules you need. There are no per-seat fees, no usage quotas enforced by a vendor, and no dependency on an external platform’s availability. The only ongoing cost is the VPS bill.

System Requirements

ResourceMinimumRecommended
CPU1 core2+ cores
RAM2 GB4 GB
Disk20 GB30 GB+
Dockerauto-installedauto-installed
Supported operating systems:
  • Ubuntu 20.04 LTS
  • Ubuntu 22.04 LTS
  • Debian 11 (Bullseye)
  • Debian 12 (Bookworm)
  • Fedora 32+
  • CentOS 8+
The install script installs Docker Engine automatically if it is not already present. You do not need to pre-install Docker before running the install script.

Required Ports

The following ports must be open in your server’s firewall and, if applicable, in your cloud provider’s security-group rules:
PortProtocolServiceRequired
80TCPHTTP — Traefik ingress for all deployed appsYes
443TCPHTTPS — Traefik ingress + Let’s Encrypt TLSYes
3000TCPDokploy web dashboardYes (see Security section)
2377TCPDocker Swarm manager APIOptional (multi-node only)
7946TCP/UDPDocker Swarm inter-node communicationOptional (multi-node only)
Ports 2377 and 7946 are only required when you add additional worker nodes to a Docker Swarm cluster. For a single-server installation they can remain closed.

Installation

Run the following command on your server as root or with sudo:
curl -sSL https://dokploy.com/install.sh | bash
The install script performs these steps in order:
  1. Installs Docker Engine using Docker’s official install script, if not already present.
  2. Initialises Docker Swarm on the current node as a manager, enabling multi-node scaling when you are ready.
  3. Creates Docker volumes for PostgreSQL and Redis data persistence.
  4. Writes default Traefik configuration to /etc/dokploy/traefik/, including the main traefik.yml and a dynamic/ directory that Dokploy updates at runtime.
  5. Starts the Dokploy stack as Docker services: the Dokploy application, PostgreSQL, Redis, and Traefik.
  6. Prints the dashboard URL (http://your-server-ip:3000) when all services are healthy.

Post-Installation

Initial Admin Account

On first visit to http://your-server-ip:3000 you will be prompted to create the initial administrator account. This account has full access to all projects and settings. Store the credentials securely.

Resetting a Lost Password

If you lose your password, you can reset it from the server. The CONTRIBUTING guide documents the following command for development environments:
pnpm run reset-password
For a production deployment, refer to the Dokploy documentation or the Discord community for the current recommended procedure.

Changing the Dashboard Port

The dashboard listens on port 3000 by default. You can change this by updating the PORT environment variable in the Dokploy service configuration before restarting the stack.

Updating Dokploy

Dokploy includes a built-in update mechanism. No manual docker pull or shell commands are needed:
  1. Open the dashboard and navigate to Settings → Update.
  2. Dokploy will check for the latest release, pull the new image, and perform a rolling restart automatically.
  3. Database migrations are applied on startup — downtime is typically less than thirty seconds.
Subscribe to the GitHub releases feed or join the Discord server to be notified when new versions are published.

Data Persistence

All persistent data is stored in Docker-managed volumes and on the host filesystem under /etc/dokploy/:
PathContents
/etc/dokploy/Root directory for all Dokploy configuration
/etc/dokploy/traefik/Traefik static configuration (traefik.yml)
/etc/dokploy/traefik/dynamic/Dynamic Traefik configuration (auto-updated by Dokploy)
/etc/dokploy/traefik/dynamic/certificates/TLS certificate files issued by Let’s Encrypt
/etc/dokploy/applications/Build context and source cache for deployed applications
/etc/dokploy/compose/Docker Compose project files
/etc/dokploy/logs/Deployment and server logs
/etc/dokploy/ssh/SSH keys for remote server connections
/etc/dokploy/monitoring/Monitoring data
/etc/dokploy/registry/Registry configuration
/etc/dokploy/schedules/Scheduled task configuration
/etc/dokploy/volume-backups/Volume backup files
Docker volume: dokploy-postgres-dataPostgreSQL database files (Dokploy’s own metadata)
Docker volume: dokploy-redis-dataRedis persistence files
Back up both the Docker volumes and the /etc/dokploy/ directory to protect against data loss.

Security Recommendations

Firewall Configuration

After completing the initial setup, restrict access to port 3000 to trusted IP addresses only:
# Allow your management IP only (replace with your actual IP)
ufw allow from YOUR_IP_ADDRESS to any port 3000

# Or block public access entirely once you have set up a dashboard domain
ufw deny 3000
Once you have configured a custom domain and SSL certificate for the Dokploy dashboard itself (via Settings → Domain), Traefik will serve the dashboard over HTTPS on port 443 and you can close port 3000 on the firewall entirely.

SSH Hardening

Disable password-based SSH authentication and use SSH keys only:
# In /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin prohibit-password
# Restart SSH after editing the config
systemctl restart sshd

Additional Recommendations

  • Keep the host OS and Docker Engine up to date with security patches.
  • Enable automatic security updates (unattended-upgrades on Debian/Ubuntu).
  • Use a non-root system user for day-to-day SSH access; Dokploy itself requires root during installation to manage Docker.
  • Review the list of exposed ports regularly and close anything that is no longer needed.
The Dokploy install script and all Docker services run as root by default. This is required for Docker Swarm management and Traefik configuration. Ensure your server is not shared with untrusted users, and follow the firewall and SSH hardening steps above before exposing the server to the public internet.

Dokploy Cloud

If you would rather not manage server maintenance, updates, or backups yourself, Dokploy Cloud is the fully managed alternative. It runs the same software as the self-hosted version, so you get identical features without the operational overhead.

Build docs developers (and LLMs) love