Install Coolify on Hetzner

Add Server

Create a project / Add server

Pick

• location
• ubuntu
• size (4CPU, 16GB, 160GB)

Add a public key

Cloud init

#cloud-config
users:
  - name: maccalsa
    ssh_authorized_keys:
      - "ssh-ed25519 ***2"
    sudo: ALL=(ALL:ALL) ALL
    groups: sudo
    shell: /bin/bash
chpasswd:
  expire: true
  users:
    - name: maccalsa
      password: changeme
      type: text
runcmd:
  - sed -i '/PermitRootLogin/d' /etc/ssh/ssh_config
  - echo "PermitRootLogin without-password" >> /etc/ssh/ssh_config
  - sed -i '/PubkeyAuthentication/d' /etc/ssh/ssh_config
  - echo "PubkeyAuthentication yes" >> /etc/ssh/ssh_config
  - sed -i '/PasswordAuthentication/d' /etc/ssh/ssh_config
  - echo "PasswordAuthentication no" >> /etc/ssh/ssh_config
  - systemctl restart ssh
  - echo "\$nrconf{kernelhints} = -1;" > /etc/needrestart/conf.d/99disable-prompt.conf
  - apt update
  - apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages
  - reboot

Server name

Coolify

login

ssh root@IPADDRESS

apt update
apt upgrade

Install Coolify

curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash

Register an account

• http://IPADDRESS:8000
• We will change the password later

Set up server

• localhost
• Create Project (DOn’t create project)

Lock down server

Update VPS user password

ssh user@IPADDRESS

change password

ssh user@IPADDRESS

to become root

sudo su

Setup domain

Go to Coolify “Settings”

• set https://coolify.DOMAIN
• Disable DNS validation
• Unckeck auto update coolify

Go to Coolify “Serevrs”

• select localhost
• change wildcard domain to https://DOMAIN

Select Proxy Tab

• NOTE if you vhange from traffic, to caddy, you will lose all proxy, make sure you are using coolify on the IP and PORT 8000
• switch proxy, select caddy
• select Dynamic Configuration you want to see caddy File: coolify.caddy, make sure the domain is listed
• restart proxy
• test that https://coolify.DOMAIN works

Lock down server

• Back to hetzner
• Select Firewall / Create Firewall
• Add 22 / 80 / 443
• Apply firewall
• You should not be able to access anything from port 8000 any more

Change Coolify User password

• Change password
• Save
• Enable 2fa
• try it out

Deploy

• Nixpkgs : (Coolify will try and determine how to build your app)
• Dockerfile : If repo has a dockerfile it will use that to build app
• docker compise ; …
• static : …

A static site from public git

• new project (banana)
• select production (for now)
• add resource
• add public repo
• enter the github repo
• check repo
• in buildpacks select “static”
• continue
• set the domain prefix to banana
• save, chekc that the caddy rules (lablels) have been updated

Deploy a private repository

• Select Source from Coolify menu
• add a github app

Deploy a t3 app (Which needs a db)

• Create a project
• Create Postgres
• give it a better name
• save and deploy

Create a dockerfile (to create prisma, run studio)

• clone, push prisma changes, run virtual studio

FROM node
 
WORKDIR /app
 
RUN git clone https://github.com/w3cj/t3-example.git .
 
RUN npm install
 
RUN npx prisma db push
 
CMD npx prisma studio

• update the url for studio web
• set env variables
  • DATABASE_URL=***
  • Set build vatiable (needed for the docker image build)
• set exposed port to 5555 (The studio port)
• Stop this container when not being used, your database is open

Create a dockerfile (to create prisma, run studio) PRIVATE Repo

• select keys and tokens from Coolify
• add a new key
• generate key
• change keys name
• save
• take the public key and go to github
• Github
  • Settings
  • Deploy Keys
  • Add key / Paste public

Modify docker file note the \n
\n new line \ command continues on the next line

FROM node
 
RUN mkdir  ~/.ssh
 
RUN echo "-----BEGIN OPENSSH PRIVATE KEY-----\n\
your\n\
private\n\
key\n\
goes\n\
here\n\
-----END OPENSSH PRIVATE KEY-----" > ~/.ssh/id_ed25519
 
RUN chmod 600 ~/.ssh/id_ed25519
 
RUN ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
 
WORKDIR /app
 
RUN git clone git@github.com:w3cj/t3-example.git .
 
RUN npm install
 
RUN npx prisma db push
 
CMD npx prisma studio

Deploy t3-app

• Setup github auth app (Developer settings)
• Set all env variables

DATABASE_URL=DBURL
GITHUB_CLIENT_ID=CLIENT
GITHUB_CLIENT_SECRET=SECRET
NEXTAUTH_SECRET=openssh rand -base64 32
NEXTAUTH_URL=DOMAIN

• Deploy the app

VPS Glances

version: '3'
 
services:
  monitoring:
    image: nicolargo/glances:latest
    restart: always
    ## See all processes not jsut this containers
    pid: host
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      ## show info about vps
      - /etc/os-release:/etc/os-release:ro
    environment:
      - "GLANCES_OPT=-w"

Setup Minio

• Install Minio Stack
• Update URLS