TickYouOff
Back
🐳

Self-Hosting Apps with Docker Compose

Hard 20 items · 2 hours
testuser's avatar
testuser Published 1 month ago

A practical checklist for setting up a self-hosted Docker Compose environment on your own server. Ideal for hobbyists and sysadmins who want secure, maintainable deployments with automatic updates and backups.

Progress
0 / 20
  1. Choose server hardware based on app needs — Select CPU, RAM, storage type (SSD/NVMe) and network capacity for expected load.
  2. Pick and install a server OS (Ubuntu/Debian) — Use a minimal server install and enable SSH during setup.
  3. Update OS and enable automatic security updates — Run package updates and enable unattended upgrades for security patches.
  4. Install Docker and Docker Compose — Use official install guides or package manager to install the latest stable versions.
  5. Create a non-root Docker user and configure sudo — Add a dedicated user to the docker group and limit root use.
  6. Set up a basic firewall and allow SSH, HTTP, HTTPS — Use ufw or nftables; only open necessary ports and block unused ones.
  7. Secure SSH (use keys, disable root login, limit access) — Disable password auth, consider changing the SSH port and use fail2ban.
  8. Create project directories and standardize layout — Define a consistent folder structure for compose files and volumes.
  9. Create app directories for each service — Make a folder per app (compose, volumes, configs) for clarity.
  10. Store environment files and add them to .gitignore — Keep .env files out of VCS and avoid committing secrets.
  11. Set directory permissions so the docker user owns files — Use chown/chmod to restrict access to sensitive files.
  12. Manage secrets with .env or Docker secrets — Use .env for single-host setups; use Docker secrets for swarm or extra safety.
  13. Install and configure a reverse proxy (Nginx Proxy Manager or Traefik) — Route domain traffic, handle virtual hosts, and integrate with Let's Encrypt.
  14. Obtain and auto-renew SSL certificates via Let's Encrypt — Enable ACME renewal in your reverse proxy to keep certs current.
  15. Configure logging and basic monitoring — Collect container logs and monitor resource use; consider Portainer or Prometheus.
  16. Set up automated image updates with Watchtower (test first) — Auto-update containers but test updates in a staging environment first.
  17. Configure offsite backups for volumes and configs — Use rclone, rsync, or cloud provider snapshots to store copies offsite.
  18. Test backups by performing a restore drill — Restore at least one service to validate your backup process.
  19. Run container security scans and update base images regularly — Scan images for vulnerabilities and rebuild images on patched bases.
  20. Version-control compose files and document deployment steps — Store configs in a private git repo and write run/restore/playbook notes.
Sign in to save
📝 My Notes