Self-hosting Dokploy gives you complete control over your deployment infrastructure. Your application data, build logs, database contents, and Traefik configuration all live on a server you own — in the region you choose, under the data-residency rules you need. There are no per-seat fees, no usage quotas enforced by a vendor, and no dependency on an external platform’s availability. The only ongoing cost is the VPS bill.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Nettalco/dokploy/llms.txt
Use this file to discover all available pages before exploring further.
System Requirements
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 1 core | 2+ cores |
| RAM | 2 GB | 4 GB |
| Disk | 20 GB | 30 GB+ |
| Docker | auto-installed | auto-installed |
- Ubuntu 20.04 LTS
- Ubuntu 22.04 LTS
- Debian 11 (Bullseye)
- Debian 12 (Bookworm)
- Fedora 32+
- CentOS 8+
The install script installs Docker Engine automatically if it is not already present. You do not need to pre-install Docker before running the install script.
Required Ports
The following ports must be open in your server’s firewall and, if applicable, in your cloud provider’s security-group rules:| Port | Protocol | Service | Required |
|---|---|---|---|
80 | TCP | HTTP — Traefik ingress for all deployed apps | Yes |
443 | TCP | HTTPS — Traefik ingress + Let’s Encrypt TLS | Yes |
3000 | TCP | Dokploy web dashboard | Yes (see Security section) |
2377 | TCP | Docker Swarm manager API | Optional (multi-node only) |
7946 | TCP/UDP | Docker Swarm inter-node communication | Optional (multi-node only) |
Ports
2377 and 7946 are only required when you add additional worker nodes to a Docker Swarm cluster. For a single-server installation they can remain closed.Installation
Run the following command on your server as root or withsudo:
- Installs Docker Engine using Docker’s official install script, if not already present.
- Initialises Docker Swarm on the current node as a manager, enabling multi-node scaling when you are ready.
- Creates Docker volumes for PostgreSQL and Redis data persistence.
- Writes default Traefik configuration to
/etc/dokploy/traefik/, including the maintraefik.ymland adynamic/directory that Dokploy updates at runtime. - Starts the Dokploy stack as Docker services: the Dokploy application, PostgreSQL, Redis, and Traefik.
- Prints the dashboard URL (
http://your-server-ip:3000) when all services are healthy.
Post-Installation
Initial Admin Account
On first visit tohttp://your-server-ip:3000 you will be prompted to create the initial administrator account. This account has full access to all projects and settings. Store the credentials securely.
Resetting a Lost Password
If you lose your password, you can reset it from the server. The CONTRIBUTING guide documents the following command for development environments:Changing the Dashboard Port
The dashboard listens on port3000 by default. You can change this by updating the PORT environment variable in the Dokploy service configuration before restarting the stack.
Updating Dokploy
Dokploy includes a built-in update mechanism. No manualdocker pull or shell commands are needed:
- Open the dashboard and navigate to Settings → Update.
- Dokploy will check for the latest release, pull the new image, and perform a rolling restart automatically.
- Database migrations are applied on startup — downtime is typically less than thirty seconds.
Data Persistence
All persistent data is stored in Docker-managed volumes and on the host filesystem under/etc/dokploy/:
| Path | Contents |
|---|---|
/etc/dokploy/ | Root directory for all Dokploy configuration |
/etc/dokploy/traefik/ | Traefik static configuration (traefik.yml) |
/etc/dokploy/traefik/dynamic/ | Dynamic Traefik configuration (auto-updated by Dokploy) |
/etc/dokploy/traefik/dynamic/certificates/ | TLS certificate files issued by Let’s Encrypt |
/etc/dokploy/applications/ | Build context and source cache for deployed applications |
/etc/dokploy/compose/ | Docker Compose project files |
/etc/dokploy/logs/ | Deployment and server logs |
/etc/dokploy/ssh/ | SSH keys for remote server connections |
/etc/dokploy/monitoring/ | Monitoring data |
/etc/dokploy/registry/ | Registry configuration |
/etc/dokploy/schedules/ | Scheduled task configuration |
/etc/dokploy/volume-backups/ | Volume backup files |
Docker volume: dokploy-postgres-data | PostgreSQL database files (Dokploy’s own metadata) |
Docker volume: dokploy-redis-data | Redis persistence files |
/etc/dokploy/ directory to protect against data loss.
Security Recommendations
Firewall Configuration
After completing the initial setup, restrict access to port3000 to trusted IP addresses only:
SSH Hardening
Disable password-based SSH authentication and use SSH keys only:Additional Recommendations
- Keep the host OS and Docker Engine up to date with security patches.
- Enable automatic security updates (
unattended-upgradeson Debian/Ubuntu). - Use a non-root system user for day-to-day SSH access; Dokploy itself requires root during installation to manage Docker.
- Review the list of exposed ports regularly and close anything that is no longer needed.