VPS 3: Coolify

Posted on January 30, 2025  •  5 minutes  • 932 words  • Other languages:  Español

• What is Coolify? (and why choose it?)
  • Key Features
  • Why Coolify Over Alternatives?
• Install Coolify
• Initial setup
  • Access the dashboard
  • Choosing your server type
• Configure HTTPS and domains
  • DNS records setup
  • Coolify instance domain
  • Wildcard domain for apps
• Server Proxy Configuration
  • Switch to Caddy Proxy
  • Redirect www to your canonical domain
• Create a firewall
  • Create the rules
  • Verify the configuration
• Enable Two-Factor Authentication (2FA)
  • Why Enable 2FA?
  • Set Up 2FA in Coolify
• Next lecture

This is the third part of my VPS blog series .

Some screenshots shown here are from Coolify Crash Course | Self Host 101 | Secure Set up .

What is Coolify? (and why choose it?)

Coolify is an open-source, self-hostable platform-as-a-service (PaaS) that lets you deploy and manage web apps, databases, and services directly on your own server. Think of it as a self-hosted Heroku alternative—but without vendor lock-in or surprise bills.

Key Features

• One-Click Deployments: Launch apps from Git repositories, Docker images, or pre-built templates.
• Full Ownership: Host everything on your VPS, with no third-party dependencies.
• Multi-Server Support: Manage apps across multiple servers from a single dashboard.
• Automated HTTPS: Built-in Let’s Encrypt integration for free SSL certificates.
• Docker-Native: Works seamlessly with Docker containers.

Why Coolify Over Alternatives?

• Simplicity vs. Control: Tools like Heroku or Render simplify deployments but limit customization. Coolify gives you ease while retaining full server control.
• Cost-Effective: Unlike paid platforms, Coolify is 100% free and open-source. You pay only for where you run it (your VPS).
• Avoid Kubernetes complexity: For small-to-medium projects, Kubernetes (k8s) is overkill. Coolify offers lightweight orchestration without the steep learning curve.

Install Coolify

First, log in to your VPS as the root user and run the official Coolify installation script :

curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash

This script installs all dependencies and starts Coolify automatically. Once complete, you’ll see a confirmation that Coolify is running at http://<your-server-ip>:8000.

Initial setup

Access the dashboard

Open your browser and navigate to http://<your-server-ip>:8000. You’ll see the Coolify setup screen:

• Enter a name, email and password.
• Click Register.

Choosing your server type

After logging in, you’ll be prompted to set up your server:

• Localhost: This refers to the same VPS where Coolify is installed. Ideal for testing or lightweight workloads, but not recommended for production (high server load could crash the Coolify dashboard).
• Remote Server: Use this if you want Coolify to manage a separate VPS (better for production resilience).

For this blog series, we’ll use Localhost for simplicity.

Configure HTTPS and domains

DNS records setup

To secure Coolify with HTTPS and assign a domain: Create two DNS A records for your domain (e.g., apps.yourdomain.com):

• Wildcard subdomain: * → <your-server-ip>
• Apex domain: @ → <your-server-ip>

This allows any subdomain (e.g., coolify.apps.yourdomain.com) to resolve to your server.

Coolify instance domain

In Coolify’s Settings → Configuration, set:

1. Instance Domain: https://coolify.apps.yourdomain.com (replace with your domain).
2. Uncheck Validate DNS, as it may not work properly in some cases.
3. Uncheck “Auto Update Enabled” (manual updates are recommended).
4. Save changes.

Wildcard domain for apps

1. Navigate to Servers → Localhost → Configuration.
2. Under Wildcard Domain, enter your root domain (e.g., https://apps.yourdomain.com).
3. Save to enable automatic subdomain routing for future apps.

Server Proxy Configuration

Ensure your VPS still allows connection through ports 80/443 before this step! Switching proxy will temporarily disable access over HTTPS.

• So far we haven’t setup any firewall rules, so we should be good to go.

Switch to Caddy Proxy

By default, Coolify uses Traefik . It is a totally valid option, but in this VPS series we’ll switch to Caddy cause of its simpler configuration:

1. Go to Servers → Localhost → Proxy.
2. Stop the current proxy.
3. Switch Proxy and select Caddy.
4. Restart the proxy.

Visit https://coolify.apps.yourdomain.com. If the login page loads, your setup was successful!

Redirect www to your canonical domain

Enforce consistency by redirecting www to your canonical domain.

1. Go to Servers → Localhost → Proxy -> Dynamic Configurations.
2. Click Add Configuration and name it (e.g., www_redirect.caddy).
3. Paste this configuration (replace coolify.apps.yourdomain with your domain):

   www.coolify.apps.yourdomain {
       redir https://coolify.apps.yourdomain{uri} permanent
   }
   

4. Restart the proxy.

Test by visiting www.your-coolify-domain.com. It should redirect seamlessly.

Create a firewall

Now that Coolify is accessible via HTTPS, it’s critical to lock down unnecessary ports to minimize attack vectors.

Create the rules

1. Access Your VPS Firewall Dashboard: Most VPS providers have a built-in firewall tool.
2. Allow Critical Ports by creating rules to permit traffic for:
   • SSH (Port 22): Mandatory for server access. (If you’ve changed your SSH port, use that instead).
   • HTTP (Port 80).
   • HTTPS (Port 443).
3. Deny All Other Ports. By default, firewalls block all traffic not explicitly allowed.
4. Apply the firewall.

Verify the configuration

1. Test Blocked Ports: Try accessing Coolify via its old HTTP port (e.g., http://<your-server-ip>:8000). The connection should fail, confirming the firewall is active.
2. Confirm HTTPS Access: Visit https://coolify.yourdomain.com. The dashboard should load normally, proving traffic is now funneled exclusively through secure ports.

Enable Two-Factor Authentication (2FA)

Now that your Coolify instance is secured behind HTTPS and a firewall, let’s add a critical layer of account protection: two-factor authentication (2FA).

Why Enable 2FA?

• Brute-Force Protection: Without 2FA, attackers could guess weak passwords through repeated login attempts.
• Defense in Depth: Even if your password is compromised, 2FA blocks unauthorized access.
• Critical for Public-Facing Dashboards: Essential for any service exposed to the internet.

Set Up 2FA in Coolify

1. Access Security Settings: In Profile → Two-factor Authentication.
2. Enable 2FA: Scan the QR code with an authenticator app.
3. Save Recovery Codes: Coolify will generate one-time recovery codes. Store these securely.
4. Confirm Setup: Enter a 2FA code from your authenticator app to finalize activation.

Next lecture

VPS 4: Deploying a real time stats dashboard