> You only access Dokploy through https, removing a whole class of attacks
Words such as the above on the blog post send shivers through my spine each time I read them.
They are, for example, a common sight on websites description of their security. "we use https so everything is ok" says the fluffy website description, carefully omitting to mention any of the stuff that really matters. Instead they just stop abruptly at the mention of the magical https. Shrug.
Or another classic example is all those people who think a dumb pass-through nginx/caddy https proxy infront of their backend suddenly makes the backend secure !
Coming back to this specific wording, I'm not sure what "whole class of attacks" they are expecting to suddenly thwart just because they are running over https ? I would suggest its a bit of a bold statement, to put it kindly.
I assume they are referring to the low-hanging-fruit like MITM etc, but as everyone knows that's not really where the real security concerns are in 2025 ...
Weird though that their installation page says to navigate to http://IP:3000 (specifically noting http and not https). Perhaps part of the setup will create a cert for your chosen domain and then from then on have you use https://domain:3000 ?
Not to mention situations where I specifically don't want security. Like:
> your password must be at least 20 characters long, contain mixed-case letters, digits, five kanji, and at least one byte that isn't a valid UTF-8 codepoint
> but I'm setting up a small VM on my private PC to run a script that scrapes porn
Recently I managed to register an account with a password that the login page rejects. I had to hack the frontend script just to log in. And it's my insurance company.
Dokploy ergonomics I found just a bit lacking, and switched to Coolify instead. I daresay the feature that swayed me was force “pull latest images” button on coolify (convenient way to update any app), that was weirdly not available on Dokploy.
What’s missing in both, and would liked to hear from hn, is docker-native backup solutions, for backing up select docker volumes. Currently I’m using some tricks with duplicati, but I wonder if there’s anything better.
Also this is the first I’ve heard of coreOS, the author says nothing about it, though it’s in the title. I wonder why someone choose it over Debian.
I actually use Dokploy in production, you have to literally press just one button to redeploy using the latest version of your app, straight from the repo.
I really love a workflow where the host OS is as stock as possible (I just run Debian) and everything else runs in Docker.
A while ago I created Harbormaster[1] a very simple and opinionated single-host container Orchestrator, and run everything on there. It just needs a Compose file, and that's it. Harbormaster takes care of the pulling from git repos/updating, restarting containers, etc, as well as provides a centralised config file for what's running on a machine. It's ideal for me.
I tried it a few months ago. It had some rough edges that made me move away (to Debian and then most recently NixOS), but I might swing back the way of Bluefin at some point.
I was running k3s locally for all home infra stuff because I too enjoy containers (and some of the things that Kubernetes provides.) Recently I found NixOS and am greatly enjoying that. The container dance gets tiring after a while and having a declarative system is extremely powerful.
Yes, I run Caddy in a container with host networking, just like any other app. Harbormaster won't do anything magical with it, but that's a plus for me (much simpler to understand).
I'm glad there's options but once I got one working I feel like I'd be stuck so feedback beforehand from those who've tried multiple is escpecially valuable, especially the monetization aspect for sustainability.
This seems like an unfair comparison for Dokku. I haven’t used the rest, but I have used Dokploy and Dokku. Dokku has had every single feature I could want or need, even accounting for weird edge cases. It just doesn’t have a UI.
With Dokploy, on the other hand, I found the UI difficult to navigate, which would be fine if the documentation was good but it was lacking.
But for many of the features their comparison claims Dokku doesn’t have, it actually does: database support, scheduled jobs, docker compose support. It has some form of monitoring. Overall Dokku has been a pretty robust solution for me and anything it might be missing, like in monitoring for instance, I can just add at the system level.
To be clear, I’m not anti-Dokploy and I think the more these tools improve the better. Just wanted to share my experience in defense of Dokku. Being able to spin up your apps on a cheap VPS is incredibly empowering over having to pay 10x more for managed services like Heroku or Render.
I've been using Dokploy and it is lovely. Solid and stable for the last 12 months running production apps. First time in ages I got the Heroku vibe again.
Exactly, I do not have any other experience but with Heroku but I was taken aback how easy was to setup and since then just deploy and almost everything work as expected.
I also love their template gallery of pre-existing projects, managed to setup auxiliary stuff like Plausible and Ghost which I wouldn't have done if it wasn't for the one-click install.
Breaks when you use anything but bash as root user shell. Breaks if you have images in private registries with swarm. Breaks if you wanna restrict the API key access to just one project (the key can access all projects lol).
It's a great piece of software, I use it myself. But calling it polished in any way is a bit of a stretch.
There isn't another project that integrates a reverse proxy with their docker management UI. You either need to go the docker compose way of adding labels for a reverse proxy to pick up from or use another proxy management UI.
I tried coolify couldn't get it running properly on the same VPS I got Dokploy to just work on the first try.
I use Coolify for my own personal static site and it’s just like that. Git pushes redeploy my site and I get a discord notification once’s it’s done. The only manual thing I did was use a cloudlfare tunnel So it’s available to the public, since I am using my homelab to host Coolify.
I host maybe 8 different side projects on Coolify like this. Most don’t even have a Dockerfile in the repo. I use the standard nix packs option, and builds, rolling deployments etc are auto handled.
We developed https://canine.sh for work which was heavily inspired by dokploy. The idea was to have a dokploy like container scheduler against a Kubernetes backup for ease of scalability / recovery and multi-node setup.
I love the Dokploy promise but I’ve come across some glaring bugs and inconsistencies that have made living with it difficult. I’ve had to consult its source code because if it’s lack of documentation in a few instances.
Support, even for paying customers, is lacking, too.
Definitely cheering its development on, though, because the promise is wonderful.
The problem for me with dokploy is how do you manage in-config secrets for deployed apps.
There are many apps which have secrets in their configs that can't be imported from env variables.
The only solution is to have these files locally on the server and then use an external bind mount.
I solved this in my docker-compose-gitops-action by just inserting secrets before copying the files to the server.
Seems like a glaring omission. EDIT found this in the docs would it work for you? EDIT-2 I re-read your post and saw you had actually said secrets that can't be derived from env vars, ah well :)
If KASM workspaces docker image will work in Dokploy, then I'm down. (It kind of does it's own docker in docker thing, so it's not just another simple docker image)
What do you mean exactly by wildcard domains in the context of setting up an app in Dokploy, et al, etc? Can you explain your use case and how you did or didn't get it working in Dokploy? Right now I'm trying to figure out which of these to use and your feedback would help me. Thanks!
Another very similar one is https://dokku.com, have been using it for years and I like that it's a very thin layer on top of Docker. So even if you uninstall it everything keeps running and you can just manage it manually.
I’m new to dokploy. I love the simplicity and speed, but in the last week it has done some really weird things. Like one deployment lacked some critical files. I redeployed and they came back, but that sort of inconsistency in a deployment system is alarming.
[1] https://isitreallyfoss.com/projects/dokploy/
[2] https://github.com/Dokploy/dokploy/discussions/3
Intellectual Property law is a real thing. Writing code doesn't make you an expert at writing license agreements.
Words such as the above on the blog post send shivers through my spine each time I read them.
They are, for example, a common sight on websites description of their security. "we use https so everything is ok" says the fluffy website description, carefully omitting to mention any of the stuff that really matters. Instead they just stop abruptly at the mention of the magical https. Shrug.
Or another classic example is all those people who think a dumb pass-through nginx/caddy https proxy infront of their backend suddenly makes the backend secure !
Coming back to this specific wording, I'm not sure what "whole class of attacks" they are expecting to suddenly thwart just because they are running over https ? I would suggest its a bit of a bold statement, to put it kindly.
I assume they are referring to the low-hanging-fruit like MITM etc, but as everyone knows that's not really where the real security concerns are in 2025 ...
> your password must be at least 20 characters long, contain mixed-case letters, digits, five kanji, and at least one byte that isn't a valid UTF-8 codepoint
> but I'm setting up a small VM on my private PC to run a script that scrapes porn
> DID I FUCKING STUTTER
> ok ok I'm sorry calm down
What’s missing in both, and would liked to hear from hn, is docker-native backup solutions, for backing up select docker volumes. Currently I’m using some tricks with duplicati, but I wonder if there’s anything better.
Also this is the first I’ve heard of coreOS, the author says nothing about it, though it’s in the title. I wonder why someone choose it over Debian.
Only once in a while I get a weird gateway timeout error on some services since my server is behind a vpn and firewall.
But other than that it's a great setup.
A while ago I created Harbormaster[1] a very simple and opinionated single-host container Orchestrator, and run everything on there. It just needs a Compose file, and that's it. Harbormaster takes care of the pulling from git repos/updating, restarting containers, etc, as well as provides a centralised config file for what's running on a machine. It's ideal for me.
[1] https://harbormaster.readthedocs.io/en/latest/
I feel like you should love something like https://projectbluefin.io/ then?
I tried it a few months ago. It had some rough edges that made me move away (to Debian and then most recently NixOS), but I might swing back the way of Bluefin at some point.
coolify, dokku, dockploy, swiftwave; and K8s-based: cozystack, kubero, plural
related: https://news.ycombinator.com/item?id=41358020 (+271 comments; 2024) Dokku: My favorite personal serverless platform
I'm glad there's options but once I got one working I feel like I'd be stuck so feedback beforehand from those who've tried multiple is escpecially valuable, especially the monetization aspect for sustainability.
Dokploy vs. CapRover, Dokku, Coolify
With Dokploy, on the other hand, I found the UI difficult to navigate, which would be fine if the documentation was good but it was lacking.
But for many of the features their comparison claims Dokku doesn’t have, it actually does: database support, scheduled jobs, docker compose support. It has some form of monitoring. Overall Dokku has been a pretty robust solution for me and anything it might be missing, like in monitoring for instance, I can just add at the system level.
To be clear, I’m not anti-Dokploy and I think the more these tools improve the better. Just wanted to share my experience in defense of Dokku. Being able to spin up your apps on a cheap VPS is incredibly empowering over having to pay 10x more for managed services like Heroku or Render.
I also love their template gallery of pre-existing projects, managed to setup auxiliary stuff like Plausible and Ghost which I wouldn't have done if it wasn't for the one-click install.
Breaks when you use anything but bash as root user shell. Breaks if you have images in private registries with swarm. Breaks if you wanna restrict the API key access to just one project (the key can access all projects lol).
It's a great piece of software, I use it myself. But calling it polished in any way is a bit of a stretch.
I tried coolify couldn't get it running properly on the same VPS I got Dokploy to just work on the first try.
I tried SwiftWave and Coolify for that. They seem to support that if I understood you correctly.
For me, the core feature of Netlify is building and deploying static websites quickly, with minimal configuration and triggered by git commits.
Does any of these really resemble that experience (except for the CDN Netlify uses, of course)?
I host maybe 8 different side projects on Coolify like this. Most don’t even have a Dockerfile in the repo. I use the standard nix packs option, and builds, rolling deployments etc are auto handled.
Support, even for paying customers, is lacking, too.
Definitely cheering its development on, though, because the promise is wonderful.
The only solution is to have these files locally on the server and then use an external bind mount.
I solved this in my docker-compose-gitops-action by just inserting secrets before copying the files to the server.
https://fariszr.com/docker-compose-gitops-github/
you can't do that with dokploy even with this dokploy action so it's triggers a pull from the source repo only.
Also the preview feature on dokploy is almost useless because there is no variable to get the preview URL dynamically.
https://docs.dokploy.com/docs/core/variables
Just mount it at the same path on all hosts and then bind-mount it into the container and it will work no matter where the container is scheduled
Have to think about backup strategy yourself tho.
Nextjs website deployed here to avoid crazy Vercel and netlify pricing. Uptime kuma and Umami deployed in 2 minutes.
Be sure to check disk space. Activate the Docker auto-clean option.
https://hub.docker.com/r/linuxserver/kasm