> You only access Dokploy through https, removing a whole class of attacks
Words such as the above on the blog post send shivers through my spine each time I read them.
They are, for example, a common sight on websites description of their security. "we use https so everything is ok" says the fluffy website description, carefully omitting to mention any of the stuff that really matters. Instead they just stop abruptly at the mention of the magical https. Shrug.
Or another classic example is all those people who think a dumb pass-through nginx/caddy https proxy infront of their backend suddenly makes the backend secure !
Coming back to this specific wording, I'm not sure what "whole class of attacks" they are expecting to suddenly thwart just because they are running over https ? I would suggest its a bit of a bold statement, to put it kindly.
I assume they are referring to the low-hanging-fruit like MITM etc, but as everyone knows that's not really where the real security concerns are in 2025 ...
indigodaddy 8 hours ago [-]
Weird though that their installation page says to navigate to http://IP:3000 (specifically noting http and not https). Perhaps part of the setup will create a cert for your chosen domain and then from then on have you use https://domain:3000 ?
anal_reactor 10 hours ago [-]
Not to mention situations where I specifically don't want security. Like:
> your password must be at least 20 characters long, contain mixed-case letters, digits, five kanji, and at least one byte that isn't a valid UTF-8 codepoint
> but I'm setting up a small VM on my private PC to run a script that scrapes porn
I'm glad there's options but once I got one working I feel like I'd be stuck so feedback beforehand from those who've tried multiple is escpecially valuable, especially the monetization aspect for sustainability.
Dokploy ergonomics I found just a bit lacking, and switched to Coolify instead. I daresay the feature that swayed me was force “pull latest images” button on coolify (convenient way to update any app), that was weirdly not available on Dokploy.
What’s missing in both, and would liked to hear from hn, is docker-native backup solutions, for backing up select docker volumes. Currently I’m using some tricks with duplicati, but I wonder if there’s anything better.
Also this is the first I’ve heard of coreOS, the author says nothing about it, though it’s in the title. I wonder why someone choose it over Debian.
niux 8 hours ago [-]
I actually use Dokploy in production, you have to literally press just one button to redeploy using the latest version of your app, straight from the repo.
more_corn 1 hours ago [-]
Or no button auto deploy from main.
stavros 9 hours ago [-]
I really love a workflow where the host OS is as stock as possible (I just run Debian) and everything else runs in Docker.
A while ago I created Harbormaster[1] a very simple and opinionated single-host container Orchestrator, and run everything on there. It just needs a Compose file, and that's it. Harbormaster takes care of the pulling from git repos/updating, restarting containers, etc, as well as provides a centralised config file for what's running on a machine. It's ideal for me.
I tried it a few months ago. It had some rough edges that made me move away (to Debian and then most recently NixOS), but I might swing back the way of Bluefin at some point.
stavros 8 hours ago [-]
That looks very interesting, but yes, as you say, it's for a workstation.
indigodaddy 9 hours ago [-]
I'm about to take a look. My first thought would be can it also manage the proxy config (with Caddy being my ideal choice) ?
stavros 8 hours ago [-]
Yes, I run Caddy in a container with host networking, just like any other app. Harbormaster won't do anything magical with it, but that's a plus for me (much simpler to understand).
lagrange77 2 hours ago [-]
Does any of you use one of these (Dokploy, CapRover, Dokku, Coolify) like Netlify, as advertised by some?
For me, the core feature of Netlify is building and deploying static websites quickly, with minimal configuration and triggered by git commits.
Does any of these really resemble that experience (except for the CDN Netlify uses, of course)?
pachevjoseph 2 hours ago [-]
I use Coolify for my own personal static site and it’s just like that. Git pushes redeploy my site and I get a discord notification once’s it’s done. The only manual thing I did was use a cloudlfare tunnel So it’s available to the public, since I am using my homelab to host Coolify.
I host maybe 8 different side projects on Coolify like this. Most don’t even have a Dockerfile in the repo. I use the standard nix packs option, and builds, rolling deployments etc are auto handled.
czhu12 3 hours ago [-]
We developed https://canine.sh for work which was heavily inspired by dokploy. The idea was to have a dokploy like container scheduler against a Kubernetes backup for ease of scalability / recovery and multi-node setup.
This seems like an unfair comparison for Dokku. I haven’t used the rest, but I have used Dokploy and Dokku. Dokku has had every single feature I could want or need, even accounting for weird edge cases. It just doesn’t have a UI.
With Dokploy, on the other hand, I found the UI difficult to navigate, which would be fine if the documentation was good but it was lacking.
But for many of the features their comparison claims Dokku doesn’t have, it actually does: database support, scheduled jobs, docker compose support. It has some form of monitoring. Overall Dokku has been a pretty robust solution for me and anything it might be missing, like in monitoring for instance, I can just add at the system level.
To be clear, I’m not anti-Dokploy and I think the more these tools improve the better. Just wanted to share my experience in defense of Dokku. Being able to spin up your apps on a cheap VPS is incredibly empowering over having to pay 10x more for managed services like Heroku or Render.
fariszr 6 hours ago [-]
The problem for me with dokploy is how do you manage in-config secrets for deployed apps.
There are many apps which have secrets in their configs that can't be imported from env variables.
The only solution is to have these files locally on the server and then use an external bind mount.
I solved this in my docker-compose-gitops-action by just inserting secrets before copying the files to the server.
you can't do that with dokploy even with this dokploy action so it's triggers a pull from the source repo only.
Also the preview feature on dokploy is almost useless because there is no variable to get the preview URL dynamically.
indigodaddy 15 minutes ago [-]
Seems like a glaring omission. EDIT found this in the docs would it work for you? EDIT-2 I re-read your post and saw you had actually said secrets that can't be derived from env vars, ah well :)
I've been using Dokploy and it is lovely. Solid and stable for the last 12 months running production apps. First time in ages I got the Heroku vibe again.
written-beyond 13 hours ago [-]
This is exactly how I felt too. I was using portainer before, but the polish on Dokploy is insane.
risico 11 hours ago [-]
Exactly, I do not have any other experience but with Heroku but I was taken aback how easy was to setup and since then just deploy and almost everything work as expected.
I also love their template gallery of pre-existing projects, managed to setup auxiliary stuff like Plausible and Ghost which I wouldn't have done if it wasn't for the one-click install.
gear54rus 11 hours ago [-]
On the contrary, to me it seemed bare-bones.
Breaks when you use anything but bash as root user shell. Breaks if you have images in private registries with swarm. Breaks if you wanna restrict the API key access to just one project (the key can access all projects lol).
It's a great piece of software, I use it myself. But calling it polished in any way is a bit of a stretch.
Nextjs website deployed here to avoid crazy Vercel and netlify pricing. Uptime kuma and Umami deployed in 2 minutes.
Be sure to check disk space. Activate the Docker auto-clean option.
indigodaddy 8 hours ago [-]
If KASM workspaces docker image will work in Dokploy, then I'm down. (It kind of does it's own docker in docker thing, so it's not just another simple docker image)
I found just plain docker swarm better, or if you like gui’s then portainer is very good
more_corn 1 hours ago [-]
I’m new to dokploy. I love the simplicity and speed, but in the last week it has done some really weird things. Like one deployment lacked some critical files. I redeployed and they came back, but that sort of inconsistency in a deployment system is alarming.
indigodaddy 8 hours ago [-]
Does dokploy support arm64? It wasn't entirely clear last time I looked (didn't really mention arch'es)
shintoist 5 hours ago [-]
Yup, been running it on Hetzner arm64 for a while. No issues
indigodaddy 5 hours ago [-]
Ah nice thanks for the feedback
ochronus 12 hours ago [-]
Does it support wildcard domains for the running apps? I couldn't find it clearly stated in the docs
gear54rus 11 hours ago [-]
It has good flexibility. If it won't support them through UI, you can manually define labels for Traefik to pick up in the app config.
ochronus 6 hours ago [-]
Thanks! So basically just like Coolify - both undocumented, sadly
indigodaddy 6 minutes ago [-]
What do you mean exactly by wildcard domains in the context of setting up an app in Dokploy, et al, etc? Can you explain your use case and how you did or didn't get it working in Dokploy? Right now I'm trying to figure out which of these to use and your feedback would help me. Thanks!
dewey 11 hours ago [-]
Another very similar one is https://dokku.com, have been using it for years and I like that it's a very thin layer on top of Docker. So even if you uninstall it everything keeps running and you can just manage it manually.
oulipo 8 hours ago [-]
Dokploy is really cool! Running it since a few months
[1] https://isitreallyfoss.com/projects/dokploy/
[2] https://github.com/Dokploy/dokploy/discussions/3
Words such as the above on the blog post send shivers through my spine each time I read them.
They are, for example, a common sight on websites description of their security. "we use https so everything is ok" says the fluffy website description, carefully omitting to mention any of the stuff that really matters. Instead they just stop abruptly at the mention of the magical https. Shrug.
Or another classic example is all those people who think a dumb pass-through nginx/caddy https proxy infront of their backend suddenly makes the backend secure !
Coming back to this specific wording, I'm not sure what "whole class of attacks" they are expecting to suddenly thwart just because they are running over https ? I would suggest its a bit of a bold statement, to put it kindly.
I assume they are referring to the low-hanging-fruit like MITM etc, but as everyone knows that's not really where the real security concerns are in 2025 ...
> your password must be at least 20 characters long, contain mixed-case letters, digits, five kanji, and at least one byte that isn't a valid UTF-8 codepoint
> but I'm setting up a small VM on my private PC to run a script that scrapes porn
> DID I FUCKING STUTTER
> ok ok I'm sorry calm down
coolify, dokku, dockploy, swiftwave; and K8s-based: cozystack, kubero, plural
related: https://news.ycombinator.com/item?id=41358020 (+271 comments; 2024) Dokku: My favorite personal serverless platform
I'm glad there's options but once I got one working I feel like I'd be stuck so feedback beforehand from those who've tried multiple is escpecially valuable, especially the monetization aspect for sustainability.
What’s missing in both, and would liked to hear from hn, is docker-native backup solutions, for backing up select docker volumes. Currently I’m using some tricks with duplicati, but I wonder if there’s anything better.
Also this is the first I’ve heard of coreOS, the author says nothing about it, though it’s in the title. I wonder why someone choose it over Debian.
A while ago I created Harbormaster[1] a very simple and opinionated single-host container Orchestrator, and run everything on there. It just needs a Compose file, and that's it. Harbormaster takes care of the pulling from git repos/updating, restarting containers, etc, as well as provides a centralised config file for what's running on a machine. It's ideal for me.
[1] https://harbormaster.readthedocs.io/en/latest/
I feel like you should love something like https://projectbluefin.io/ then?
I tried it a few months ago. It had some rough edges that made me move away (to Debian and then most recently NixOS), but I might swing back the way of Bluefin at some point.
For me, the core feature of Netlify is building and deploying static websites quickly, with minimal configuration and triggered by git commits.
Does any of these really resemble that experience (except for the CDN Netlify uses, of course)?
I host maybe 8 different side projects on Coolify like this. Most don’t even have a Dockerfile in the repo. I use the standard nix packs option, and builds, rolling deployments etc are auto handled.
Dokploy vs. CapRover, Dokku, Coolify
With Dokploy, on the other hand, I found the UI difficult to navigate, which would be fine if the documentation was good but it was lacking.
But for many of the features their comparison claims Dokku doesn’t have, it actually does: database support, scheduled jobs, docker compose support. It has some form of monitoring. Overall Dokku has been a pretty robust solution for me and anything it might be missing, like in monitoring for instance, I can just add at the system level.
To be clear, I’m not anti-Dokploy and I think the more these tools improve the better. Just wanted to share my experience in defense of Dokku. Being able to spin up your apps on a cheap VPS is incredibly empowering over having to pay 10x more for managed services like Heroku or Render.
The only solution is to have these files locally on the server and then use an external bind mount.
I solved this in my docker-compose-gitops-action by just inserting secrets before copying the files to the server.
https://fariszr.com/docker-compose-gitops-github/
you can't do that with dokploy even with this dokploy action so it's triggers a pull from the source repo only.
Also the preview feature on dokploy is almost useless because there is no variable to get the preview URL dynamically.
https://docs.dokploy.com/docs/core/variables
I also love their template gallery of pre-existing projects, managed to setup auxiliary stuff like Plausible and Ghost which I wouldn't have done if it wasn't for the one-click install.
Breaks when you use anything but bash as root user shell. Breaks if you have images in private registries with swarm. Breaks if you wanna restrict the API key access to just one project (the key can access all projects lol).
It's a great piece of software, I use it myself. But calling it polished in any way is a bit of a stretch.
Nextjs website deployed here to avoid crazy Vercel and netlify pricing. Uptime kuma and Umami deployed in 2 minutes.
Be sure to check disk space. Activate the Docker auto-clean option.
https://hub.docker.com/r/linuxserver/kasm