Back
🐳
Self-Hosting Apps with Docker Compose
Hard
20 items
·
2 hours
testuser
Published 1 month ago
A practical checklist for setting up a self-hosted Docker Compose environment on your own server. Ideal for hobbyists and sysadmins who want secure, maintainable deployments with automatic updates and backups.
Progress
0 / 20
- Choose server hardware based on app needs — Select CPU, RAM, storage type (SSD/NVMe) and network capacity for expected load.
- Pick and install a server OS (Ubuntu/Debian) — Use a minimal server install and enable SSH during setup.
- Update OS and enable automatic security updates — Run package updates and enable unattended upgrades for security patches.
- Install Docker and Docker Compose — Use official install guides or package manager to install the latest stable versions.
- Create a non-root Docker user and configure sudo — Add a dedicated user to the docker group and limit root use.
- Set up a basic firewall and allow SSH, HTTP, HTTPS — Use ufw or nftables; only open necessary ports and block unused ones.
- Secure SSH (use keys, disable root login, limit access) — Disable password auth, consider changing the SSH port and use fail2ban.
- Create project directories and standardize layout — Define a consistent folder structure for compose files and volumes.
- Create app directories for each service — Make a folder per app (compose, volumes, configs) for clarity.
- Store environment files and add them to .gitignore — Keep .env files out of VCS and avoid committing secrets.
- Set directory permissions so the docker user owns files — Use chown/chmod to restrict access to sensitive files.
- Manage secrets with .env or Docker secrets — Use .env for single-host setups; use Docker secrets for swarm or extra safety.
- Install and configure a reverse proxy (Nginx Proxy Manager or Traefik) — Route domain traffic, handle virtual hosts, and integrate with Let's Encrypt.
- Obtain and auto-renew SSL certificates via Let's Encrypt — Enable ACME renewal in your reverse proxy to keep certs current.
- Configure logging and basic monitoring — Collect container logs and monitor resource use; consider Portainer or Prometheus.
- Set up automated image updates with Watchtower (test first) — Auto-update containers but test updates in a staging environment first.
- Configure offsite backups for volumes and configs — Use rclone, rsync, or cloud provider snapshots to store copies offsite.
- Test backups by performing a restore drill — Restore at least one service to validate your backup process.
- Run container security scans and update base images regularly — Scan images for vulnerabilities and rebuild images on patched bases.
- Version-control compose files and document deployment steps — Store configs in a private git repo and write run/restore/playbook notes.
Your Stats
🏆
0
Completed
📅
—
Last Done
⏱️
—
Last Time
Completion Rate
Items checked per run
⚡
—
Fastest Run
🔥
0
Streak
🚫
—
Most Skipped Step
🔄
0
Resets
📝 My Notes