Production-ready VPS setup. Docker, Traefik, SSL, monitoring, security. One script, done.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β VPS β
β β
ββββββββββββ βββββββββββ β βββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β β β β Traefik β β
β Internet βββββββΆβCloudflareββββββββΌβββΆβ - SSL termination (Cloudflare DNS challenge) β β
β β β DNS β β β - Rate limiting, security headers β β
ββββββββββββ βββββββββββ β β - Automatic service discovery β β
β ββββββββββββββββββββββββ¬βββββββββββββββββββββββββββ β
β β β
β βββββββββββββββΌββββββββββββββ β
β β β β β
β βΌ βΌ βΌ β
β βββββββββββββββ βββββββββββββ βββββββββββββ β
β β Nuxt β β Laravel β β Go β β
β β Next.js β β NestJS β β API β β
β β React β β β β β β
β βββββββββββββββ βββββββ¬ββββββ βββββββββββββ β
β β β
β βΌ β
β ββββββββββββββββββββββββββ β
β β MySQL β PostgreSQL β β
β β Redis β β β
β ββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Monitoring Stack β β
β β Prometheus β Grafana β Alertmanager β β
β β Loki β Promtail (logs) β β
β β Homer β Portainer β Uptime Kuma β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Security Layer β β
β β UFW β Fail2ban β CrowdSec β SSH Hardening β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
# Fresh Ubuntu 22.04+ VPS (as root)cd vps-starter/scripts/setup
sudo bash setup.sh deploy 2Installs Docker, UFW, Fail2ban, swap, aliases. Creates deploy user with 2GB swap.
Component
What it does
Docker + Compose
Container runtime
UFW
Firewall (22, 80, 443 only)
Fail2ban
Blocks brute force attacks
SSH Hardening
Key-only, no root login
Swap
Configurable (default 2GB)
Aliases
dps, dcup, dclogs...
Template
Stack
Nuxt
Nuxt 4, Vue 3
Next.js
Next 14+, React
React
Vite, nginx
Vue
Vite, nginx
Template
Stack
Laravel
PHP-FPM, nginx
NestJS
TypeScript
Go
Go 1.22
Template
Version
MySQL
8.0
PostgreSQL
16
Redis
7
Template
Purpose
Grafana + Prometheus
Metrics & dashboards
Loki + Promtail
Log aggregation
Homer
Dashboard
Portainer
Docker UI
Uptime Kuma
Uptime monitoring
Template
Purpose
Authelia
SSO and Multi-Factor Authentication
Vaultwarden
Self-hosted Bitwarden password manager
CrowdSec
Modern IPS with Traefik bouncer
Vault
Secret management (HashiCorp)
Template
Purpose
Tailscale
Zero Trust mesh VPN
Cloudflare Tunnel
Zero Trust access without open ports
Template
Purpose
Ollama
Local LLM runtime (CPU/GPU)
Open WebUI
ChatGPT-like interface for Ollama
n8n
AI workflow automation
Template
Purpose
Restic
Encrypted, deduplicated backups (S3/B2/local)
Template
Purpose
Gitea
Self-hosted Git server with CI/CD
Template
Purpose
Stirling PDF
Self-hosted PDF manipulation (50+ tools)
βββ scripts/
β βββ setup/ # Server setup (run once)
β βββ backup.sh # Volume backups
β βββ restore.sh # Restore backups
β βββ env-*.sh # Env management + GPG
β
βββ config/ # Server configs
β βββ fail2ban/
β βββ ssh/
β βββ docker/
β
βββ templates/ # Copy & deploy
β βββ traefik/
β βββ frontend/
β βββ backend/
β βββ databases/
β βββ monitoring/
β βββ security/
β βββ networking/
β βββ ai/
β βββ backup/
β βββ devops/
β βββ productivity/
β
βββ docs/ # Guides
After Setup (Server Layout) /home/deploy/
βββ apps/ # Your projects go here
βββ traefik/ # Reverse proxy
βββ shared/ # MySQL, Redis (shared)
βββ envs/ # .env files (chmod 600)
βββ backups/ # Encrypted backups
βββ scripts/ # Utilities
All templates include:
Memory/CPU limits
no-new-privileges security optionHealth checks
Read-only filesystem (where possible)
Non-root users
After setup, you get these shortcuts:
dps # docker ps (formatted)# docker compose up -d# docker compose down# docker compose logs -f# cleanup unused stuff# cd ~/apps See CONTRIBUTING.md
MIT
