Self-Hosting Guide: Deploy Coolify as Your Own PaaS
Coolify is your own Vercel, Netlify, and Heroku — an open source PaaS with a beautiful web UI. Deploy any app from Git, provision databases with one click, get automatic SSL, and manage multiple servers. All self-hosted.
Requirements
- VPS with 2 GB RAM minimum (4 GB recommended)
- Ubuntu 22.04+ or Debian 12+
- Root access
- Domain name (e.g.,
coolify.yourdomain.com) - 30+ GB disk
Step 1: One-Line Install
curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash
This installs Docker, Docker Compose, and Coolify. Takes ~2 minutes.
Step 2: Access Dashboard
- Open
http://your-server-ip:8000 - Create your admin account
- Add your SSH key (for server management)
Step 3: Configure Domain
In Settings → Configuration:
- Set instance URL to
https://coolify.yourdomain.com
DNS: Add an A record: coolify.yourdomain.com → your server IP
Coolify automatically provisions SSL for all domains.
Step 4: Deploy Your First App
From GitHub:
- Projects → New Project → New Resource → Public Repository (or connect GitHub)
- Enter repository URL
- Coolify auto-detects the framework:
| Framework | Auto-Detection |
|---|---|
| Next.js | ✅ Nixpacks |
| Nuxt | ✅ Nixpacks |
| SvelteKit | ✅ Nixpacks |
| Remix | ✅ Nixpacks |
| Astro | ✅ Nixpacks |
| Django | ✅ Nixpacks |
| Rails | ✅ Nixpacks |
| Go | ✅ Nixpacks |
| Rust | ✅ Nixpacks |
| Static | ✅ Nginx |
| Dockerfile | ✅ Docker |
| Docker Compose | ✅ Docker Compose |
- Set your domain (e.g.,
myapp.yourdomain.com) - Configure environment variables
- Click Deploy
DNS for each app: Add A records for each domain pointing to your Coolify server.
Step 5: Provision Databases
One-click databases:
| Database | Command |
|---|---|
| PostgreSQL | New Resource → Database → PostgreSQL |
| MySQL | New Resource → Database → MySQL |
| MariaDB | New Resource → Database → MariaDB |
| MongoDB | New Resource → Database → MongoDB |
| Redis | New Resource → Database → Redis |
| ClickHouse | New Resource → Database → ClickHouse |
Each database gets:
- Auto-generated credentials
- Internal network connectivity to your apps
- Backup configuration
- Connection string ready to paste
Step 6: Deploy One-Click Services
Coolify has 100+ one-click services:
| Service | What It Is |
|---|---|
| Plausible | Privacy analytics |
| Uptime Kuma | Monitoring |
| Mattermost | Team chat |
| n8n | Workflow automation |
| Gitea | Git hosting |
| MinIO | Object storage |
| Listmonk | Newsletter |
| Ghost | Blog |
| WordPress | CMS |
| Supabase | Backend |
To deploy: New Resource → Service → Select from list → Configure → Deploy
Step 7: Connect Multiple Servers
Coolify can manage apps across multiple servers:
- Servers → Add Server
- Enter server IP and SSH key
- Coolify installs Docker on the remote server
- Deploy apps to any connected server
Use cases:
- Separate production and staging servers
- Geographic distribution
- Dedicated database server
- Resource isolation
Step 8: Configure CI/CD
Automatic deployments on push:
- Connect your GitHub/GitLab account
- Enable Auto Deploy on your app
- Every push to your branch triggers a rebuild
Webhook deploys:
- Copy the webhook URL from your app settings
- Add it to your CI pipeline:
curl -X POST "https://coolify.yourdomain.com/api/v1/deploy?uuid=YOUR_APP_UUID&force=true" \
-H "Authorization: Bearer YOUR_API_TOKEN"
Preview deployments:
- Enable Preview Deployments in app settings
- Each PR gets its own deployment URL
- Auto-deleted when PR is merged/closed
Step 9: Monitoring and Logs
- Real-time logs: Click any app → Logs tab
- Resource usage: Dashboard shows CPU, RAM, disk per app
- Notifications: Settings → Notifications → Discord/Slack/Email
Production Hardening
Backups:
# Coolify stores config in /data/coolify
# Backup the entire directory
tar czf /backups/coolify-$(date +%Y%m%d).tar.gz /data/coolify
# Database backups are configured per-database in the UI
Updates:
# Coolify auto-updates (configured in Settings)
# Or manually:
curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash
Security:
- Set up 2FA for admin account
- Restrict dashboard access by IP (firewall)
- Use SSH keys only (disable password auth)
- Keep Docker and Coolify updated
SSL:
- Automatic via Let's Encrypt
- Wildcard certificates supported
- Custom certificates can be uploaded
Resource Usage
| Apps | RAM | CPU | Disk |
|---|---|---|---|
| 1-5 | 2 GB | 2 cores | 30 GB |
| 5-15 | 4 GB | 4 cores | 60 GB |
| 15-30 | 8 GB | 8 cores | 120 GB |
Note: These are for Coolify itself. Each app uses additional resources.
VPS Recommendations
| Provider | Spec (10 apps) | Price |
|---|---|---|
| Hetzner | 4 vCPU, 8 GB RAM | €8/month |
| DigitalOcean | 4 vCPU, 8 GB RAM | $48/month |
| Linode | 4 vCPU, 8 GB RAM | $48/month |
vs Vercel Pro ($20/user/month): A $8/month Hetzner server replaces $100+/month in PaaS costs for a 5-person team.
Why Self-Host Coolify
PaaS platforms have become expensive at scale. Vercel's Pro plan is $20/user/month — a 5-person engineering team pays $1,200/year, and that's before usage-based charges for bandwidth and build minutes. Heroku, after eliminating its free tier, starts at $5/month for a single dyno — a small production stack with a web process, worker, and Redis addon easily reaches $50–100/month. Render and Railway have similar economics: reasonable for a solo developer, but costs compound for teams with multiple services.
Coolify replaces all of these with a one-time infrastructure investment. A Hetzner CX31 (€6.49/month, 2 vCPU, 4 GB RAM) runs Coolify plus 5–8 small applications. A CX41 (€12.49/month, 4 vCPU, 8 GB RAM) handles 15–20 applications with databases. Compare that to $100–200/month on managed PaaS for equivalent services. The annual savings for a 5-person team easily exceed $1,000–2,000.
The Nixpacks advantage: Coolify uses Nixpacks for auto-detected build environments — the same system that Railway uses. Drop in a Next.js, Django, Rails, Go, or Rust repository and Coolify figures out the build without Dockerfiles. This removes the DevOps knowledge barrier for developers who know frameworks but not containerization.
Multi-server management: The most compelling Coolify feature for growing teams is its ability to manage multiple servers from a single interface. You can have a production server, a staging server, and a dedicated database server — all controlled from one Coolify dashboard. Vercel and Netlify don't give you this kind of infrastructure visibility and control at any price point.
When NOT to self-host Coolify: Coolify is excellent for applications that fit the standard deployment model (containers, Git-based deploys). It's not a substitute for Kubernetes orchestration at very high scale. If you need auto-scaling based on traffic (not just per-service resource limits), Coolify's current version doesn't support that natively. Also consider that Vercel and Netlify provide global CDN edge networks out of the box — self-hosted deployments run from a single server location unless you add a CDN layer manually.
Prerequisites (Expanded)
VPS with 2 GB RAM minimum (4 GB recommended): Coolify itself consumes around 500 MB–1 GB of RAM. The remainder goes to the apps you deploy. With 2 GB total, you can run Coolify and 2–3 lightweight applications. For any real production use with databases and multiple apps, start with 4 GB and plan to scale up.
Ubuntu 22.04+ or Debian 12+: Coolify's install script explicitly targets these distributions. It configures Docker, sets up systemd services, and manages the Coolify stack — these steps are tested specifically on Ubuntu and Debian. Running on CentOS or other distributions is possible but unsupported and may require manual troubleshooting.
Root access: The Coolify installer runs as root to set up Docker, configure networking, and install system dependencies. If you only have a non-root user, run the install with sudo. After installation, Coolify's ongoing operation doesn't require root, but the initial setup does.
30+ GB disk: This is the most frequently underestimated requirement. Docker images accumulate: each application you deploy pulls a base image (Node.js, Python, Go, etc.) plus your build layers. Docker doesn't clean up old images automatically, so a busy Coolify server can fill 30 GB within a few months without regular cleanup. Start with 50–80 GB and set up Docker pruning as a scheduled task.
When evaluating VPS options for Coolify, consider that the server's network bandwidth affects deployment speed — each new deploy pulls Docker images. Hetzner's bandwidth pricing and network speeds make it a strong choice. See the VPS comparison for self-hosters for a detailed breakdown of providers at the 4–8 GB RAM tier.
Production Security Hardening
Coolify has SSH access to every server it manages and can deploy arbitrary code. Securing it is not optional.
Firewall with UFW: Coolify's dashboard runs on port 8000 by default. After configuring your domain and HTTPS reverse proxy, restrict direct access to port 8000.
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Port 8000 only if you haven't set up the domain yet
# sudo ufw allow 8000/tcp
sudo ufw enable
Fail2ban for SSH: Coolify servers tend to be more powerful (more CPU/RAM) and thus more attractive for crypto mining attacks if compromised.
sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
Disable SSH password authentication: Coolify uses SSH key-based access to managed servers. Disable password auth on all Coolify-managed servers, not just the Coolify host.
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd
Keep application secrets in Coolify's environment variable manager: Never hardcode API keys, database passwords, or other secrets in your application's Git repository. Use Coolify's environment variable UI — secrets are stored encrypted and injected at deploy time. This is equivalent to Vercel's environment variables feature.
Enable 2FA on the Coolify admin account: Go to Profile → Security → Enable 2FA. The Coolify admin account has SSH access to all managed servers — it's your most privileged account.
Automatic security updates for the host OS:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
Regular Docker cleanup: Left unchecked, Docker accumulates dangling images and stopped containers.
# Weekly cleanup cron
echo "0 3 * * 0 docker system prune -f" | crontab -
Back up Coolify's configuration: The entire Coolify configuration lives in /data/coolify. This includes your server configurations, application definitions, environment variables, and SSL certificates. Back this up daily with off-site copies. See automated server backups with restic for an automated approach that handles directory backups with S3/B2 storage. For a complete security checklist, see the self-hosting security checklist.
Troubleshooting Common Issues
Coolify install script fails midway
The install script requires a clean Ubuntu/Debian server. Common failure causes are:
- Docker already installed in an incompatible version (remove with
apt remove docker docker-engine docker.io) - Insufficient disk space (check with
df -h) - The server can't reach the Coolify CDN (check DNS and firewall)
Re-run the install script after fixing the underlying issue — it's idempotent.
App deployment fails with "Nixpacks: no build plan found"
Nixpacks can't always auto-detect the framework. Look at the build logs in Coolify's dashboard (Project → App → Deployments → View logs). You can override the build command manually in the app's Build settings, or add a nixpacks.toml file to your repository root:
[phases.setup]
nixPkgs = ["nodejs-18_x"]
[phases.build]
cmds = ["npm ci", "npm run build"]
[start]
cmd = "npm start"
SSL certificate provisioning fails
Coolify uses Let's Encrypt for automatic SSL. Certificate provisioning fails when:
- The domain's A record doesn't point to your server IP yet (allow up to 10 minutes for DNS propagation)
- Port 80 is blocked by your firewall (Let's Encrypt uses HTTP-01 challenge)
- You've hit the Let's Encrypt rate limit (5 certificates per domain per week)
Check the Traefik proxy logs for the specific error:
docker logs coolify-proxy 2>&1 | grep -i cert
Deployed apps can't connect to provisioned databases
Apps and databases must be in the same network to communicate. In Coolify, this means they must be in the same Project and connected via Coolify's internal network. Check the app's Network settings and ensure the database connection is enabled. Connection strings use the database's container name, not localhost — copy the connection string from the database's details page rather than constructing it manually.
"Out of memory" kills during builds
Docker builds are memory-intensive, especially for JavaScript applications with large node_modules. If builds are dying silently, check dmesg | grep -i oom for OOM killer activity. Add a swap file to give builds more virtual memory:
sudo fallocate -l 4G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
Preview deployments aren't being cleaned up
Preview deployments accumulate Docker images and containers if not cleaned up after PR merges. Go to Settings → Applications → Preview Deployments and verify that auto-cleanup is enabled. You can also manually delete stale previews from the deployments list. Set up the docker system prune cron job described in the security section to handle orphaned resources.
See the best open source hosting PaaS platforms for a full comparison of Coolify, Dokku, CapRover, and other self-hosted deployment tools.
Compare PaaS platforms on OSSAlt — features, ease of use, and pricing side by side.
See open source alternatives to Coolify on OSSAlt.