Merge branch 'main' into feat/pin-docker-version
1
.gitignore
vendored
@@ -6,6 +6,7 @@ node_modules
|
||||
.pnp.js
|
||||
.docker
|
||||
|
||||
|
||||
# Local env files
|
||||
.env
|
||||
.env.local
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM node:20.9-alpine AS base
|
||||
FROM node:24.4-alpine AS base
|
||||
ENV PNPM_HOME="/pnpm"
|
||||
ENV PATH="$PNPM_HOME:$PATH"
|
||||
RUN corepack enable
|
||||
@@ -14,13 +14,11 @@ RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --filter=./apps/d
|
||||
# Generate OpenAPI documentation from apps/docs/public/openapi.json
|
||||
RUN pnpm --filter=./apps/docs run build:docs
|
||||
|
||||
# Deploy only the dokploy app
|
||||
# Generate templates
|
||||
RUN pnpm --filter=./apps/docs run generate-templates
|
||||
|
||||
ENV NODE_ENV=production
|
||||
RUN pnpm --filter=./apps/docs run build
|
||||
RUN pnpm --filter=./apps/docs --prod deploy /prod/docs
|
||||
|
||||
RUN cp -R /usr/src/app/apps/docs/.next /prod/docs/.next
|
||||
|
||||
FROM base AS dokploy
|
||||
WORKDIR /app
|
||||
@@ -28,11 +26,11 @@ WORKDIR /app
|
||||
# Set production
|
||||
ENV NODE_ENV=production
|
||||
|
||||
# Copy only the necessary files
|
||||
COPY --from=build /prod/docs/.next ./.next
|
||||
COPY --from=build /prod/docs/public ./public
|
||||
COPY --from=build /prod/docs/package.json ./package.json
|
||||
COPY --from=build /prod/docs/node_modules ./node_modules
|
||||
# Copy standalone output (includes all traced dependencies)
|
||||
COPY --from=build /usr/src/app/apps/docs/.next/standalone ./
|
||||
# Copy static assets and public files
|
||||
COPY --from=build /usr/src/app/apps/docs/.next/static ./apps/docs/.next/static
|
||||
COPY --from=build /usr/src/app/apps/docs/public ./apps/docs/public
|
||||
|
||||
EXPOSE 3000
|
||||
CMD HOSTNAME=0.0.0.0 && pnpm start
|
||||
CMD HOSTNAME=0.0.0.0 node apps/docs/server.js
|
||||
|
||||
@@ -1,13 +1,12 @@
|
||||
FROM node:20.9-alpine AS base
|
||||
FROM node:24.4-alpine AS base
|
||||
ENV PNPM_HOME="/pnpm"
|
||||
ENV PATH="$PNPM_HOME:$PATH"
|
||||
RUN corepack enable
|
||||
RUN npm install -g pnpm@10.22.0
|
||||
|
||||
FROM base AS build
|
||||
COPY . /usr/src/app
|
||||
WORKDIR /usr/src/app
|
||||
|
||||
|
||||
# Install dependencies
|
||||
RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --filter=./apps/website --frozen-lockfile
|
||||
|
||||
@@ -15,7 +14,7 @@ RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --filter=./apps/w
|
||||
|
||||
ENV NODE_ENV=production
|
||||
RUN pnpm --filter=./apps/website run build
|
||||
RUN pnpm --filter=./apps/website --prod deploy /prod/website
|
||||
RUN pnpm --filter=./apps/website --prod deploy --legacy /prod/website
|
||||
|
||||
RUN cp -R /usr/src/app/apps/website/.next /prod/website/.next
|
||||
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
import { getPageImage, source } from "@/lib/source";
|
||||
import { CopyMarkdownButton } from "@/components/copy-markdown-button";
|
||||
import { getPageImage, getLLMText, source } from "@/lib/source";
|
||||
import { getMDXComponents } from "@/mdx-components";
|
||||
import {
|
||||
DocsBody,
|
||||
@@ -16,10 +17,14 @@ export default async function Page(props: PageProps<"/docs/[[...slug]]">) {
|
||||
if (!page) notFound();
|
||||
|
||||
const MDX = page.data.body;
|
||||
const markdown = await getLLMText(page);
|
||||
|
||||
return (
|
||||
<DocsPage toc={page.data.toc} full={page.data.full}>
|
||||
<DocsTitle>{page.data.title}</DocsTitle>
|
||||
<div className="flex items-center justify-between">
|
||||
<DocsTitle>{page.data.title}</DocsTitle>
|
||||
<CopyMarkdownButton markdown={markdown} />
|
||||
</div>
|
||||
<DocsDescription>{page.data.description}</DocsDescription>
|
||||
<DocsBody>
|
||||
<MDX
|
||||
|
||||
@@ -2,9 +2,22 @@ import { getLLMText, source } from "@/lib/source";
|
||||
|
||||
export const revalidate = false;
|
||||
|
||||
const baseUrl = "https://docs.dokploy.com";
|
||||
|
||||
export async function GET() {
|
||||
const scan = source.getPages().map(getLLMText);
|
||||
const pages = source
|
||||
.getPages()
|
||||
.filter((page) => !page.url.startsWith("/docs/api/"));
|
||||
|
||||
const scan = pages.map(getLLMText);
|
||||
const scanned = await Promise.all(scan);
|
||||
|
||||
return new Response(scanned.join("\n\n"));
|
||||
const content = [
|
||||
...scanned,
|
||||
"# API Reference",
|
||||
"",
|
||||
`For the complete API reference, see the OpenAPI specification: ${baseUrl}/openapi.json`,
|
||||
];
|
||||
|
||||
return new Response(content.join("\n\n"));
|
||||
}
|
||||
|
||||
35
apps/docs/app/llms.txt/route.ts
Normal file
@@ -0,0 +1,35 @@
|
||||
import { source } from "@/lib/source";
|
||||
|
||||
export const revalidate = false;
|
||||
|
||||
const baseUrl = "https://docs.dokploy.com";
|
||||
|
||||
export function GET() {
|
||||
const pages = source.getPages();
|
||||
const docsPages = pages.filter(
|
||||
(page) => !page.url.startsWith("/docs/api/"),
|
||||
);
|
||||
|
||||
const lines = [
|
||||
"# Dokploy Documentation",
|
||||
"",
|
||||
"> Dokploy is an open-source, self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications, databases, and services.",
|
||||
"",
|
||||
"## Docs",
|
||||
"",
|
||||
...docsPages.map(
|
||||
(page) =>
|
||||
`- [${page.data.title}](${baseUrl}${page.url})${page.data.description ? `: ${page.data.description}` : ""}`,
|
||||
),
|
||||
"",
|
||||
"## API Reference",
|
||||
"",
|
||||
`- [OpenAPI Specification](${baseUrl}/openapi.json): Complete API reference in OpenAPI format`,
|
||||
"",
|
||||
"## Full Documentation",
|
||||
"",
|
||||
`- [llms-full.txt](${baseUrl}/llms-full.txt): All documentation pages as plain text`,
|
||||
];
|
||||
|
||||
return new Response(lines.join("\n"));
|
||||
}
|
||||
11
apps/docs/app/robots.ts
Normal file
@@ -0,0 +1,11 @@
|
||||
import type { MetadataRoute } from "next";
|
||||
|
||||
export default function robots(): MetadataRoute.Robots {
|
||||
return {
|
||||
rules: {
|
||||
userAgent: "*",
|
||||
allow: "/",
|
||||
},
|
||||
sitemap: "https://docs.dokploy.com/sitemap.xml",
|
||||
};
|
||||
}
|
||||
23
apps/docs/app/sitemap.ts
Normal file
@@ -0,0 +1,23 @@
|
||||
import { source } from "@/lib/source";
|
||||
import type { MetadataRoute } from "next";
|
||||
|
||||
const baseUrl = "https://docs.dokploy.com";
|
||||
|
||||
export default function sitemap(): MetadataRoute.Sitemap {
|
||||
const pages = source.getPages().map((page) => ({
|
||||
url: `${baseUrl}${page.url}`,
|
||||
lastModified: new Date(),
|
||||
changeFrequency: "weekly" as const,
|
||||
priority: 0.7,
|
||||
}));
|
||||
|
||||
return [
|
||||
{
|
||||
url: baseUrl,
|
||||
lastModified: new Date(),
|
||||
changeFrequency: "monthly",
|
||||
priority: 1,
|
||||
},
|
||||
...pages,
|
||||
];
|
||||
}
|
||||
@@ -46,6 +46,7 @@ export default function CustomSearchDialog(props: SharedProps) {
|
||||
<TagsListItem value="core">Core</TagsListItem>
|
||||
<TagsListItem value="cli">CLI</TagsListItem>
|
||||
<TagsListItem value="api">API</TagsListItem>
|
||||
<TagsListItem value="templates">Templates</TagsListItem>
|
||||
</TagsList>
|
||||
</SearchDialogFooter>
|
||||
</SearchDialogContent>
|
||||
|
||||
30
apps/docs/components/copy-markdown-button.tsx
Normal file
@@ -0,0 +1,30 @@
|
||||
"use client";
|
||||
|
||||
import { useCopyButton } from "fumadocs-ui/utils/use-copy-button";
|
||||
import { Check, Copy } from "lucide-react";
|
||||
|
||||
export function CopyMarkdownButton({ markdown }: { markdown: string }) {
|
||||
const [checked, onClick] = useCopyButton(() => {
|
||||
navigator.clipboard.writeText(markdown);
|
||||
});
|
||||
|
||||
return (
|
||||
<button
|
||||
type="button"
|
||||
className="inline-flex items-center gap-1.5 rounded-md border bg-fd-secondary px-3 py-1.5 text-xs font-medium text-fd-secondary-foreground transition-colors hover:bg-fd-accent hover:text-fd-accent-foreground"
|
||||
onClick={onClick}
|
||||
>
|
||||
{checked ? (
|
||||
<>
|
||||
<Check className="size-3.5" />
|
||||
Copied!
|
||||
</>
|
||||
) : (
|
||||
<>
|
||||
<Copy className="size-3.5" />
|
||||
Copy as Markdown
|
||||
</>
|
||||
)}
|
||||
</button>
|
||||
);
|
||||
}
|
||||
@@ -78,6 +78,15 @@ _openapi:
|
||||
- depth: 2
|
||||
title: Notification test Lark Connection
|
||||
url: '#notification-test-lark-connection'
|
||||
- depth: 2
|
||||
title: Notification create Pushover
|
||||
url: '#notification-create-pushover'
|
||||
- depth: 2
|
||||
title: Notification update Pushover
|
||||
url: '#notification-update-pushover'
|
||||
- depth: 2
|
||||
title: Notification test Pushover Connection
|
||||
url: '#notification-test-pushover-connection'
|
||||
- depth: 2
|
||||
title: Notification get Email Providers
|
||||
url: '#notification-get-email-providers'
|
||||
@@ -133,9 +142,15 @@ _openapi:
|
||||
id: notification-update-lark
|
||||
- content: Notification test Lark Connection
|
||||
id: notification-test-lark-connection
|
||||
- content: Notification create Pushover
|
||||
id: notification-create-pushover
|
||||
- content: Notification update Pushover
|
||||
id: notification-update-pushover
|
||||
- content: Notification test Pushover Connection
|
||||
id: notification-test-pushover-connection
|
||||
- content: Notification get Email Providers
|
||||
id: notification-get-email-providers
|
||||
contents: []
|
||||
---
|
||||
|
||||
<APIPage document={"./public/openapi.json"} operations={[{"method":"post","path":"/notification.createSlack"},{"method":"post","path":"/notification.updateSlack"},{"method":"post","path":"/notification.testSlackConnection"},{"method":"post","path":"/notification.createTelegram"},{"method":"post","path":"/notification.updateTelegram"},{"method":"post","path":"/notification.testTelegramConnection"},{"method":"post","path":"/notification.createDiscord"},{"method":"post","path":"/notification.updateDiscord"},{"method":"post","path":"/notification.testDiscordConnection"},{"method":"post","path":"/notification.createEmail"},{"method":"post","path":"/notification.updateEmail"},{"method":"post","path":"/notification.testEmailConnection"},{"method":"post","path":"/notification.remove"},{"method":"get","path":"/notification.one"},{"method":"get","path":"/notification.all"},{"method":"post","path":"/notification.receiveNotification"},{"method":"post","path":"/notification.createGotify"},{"method":"post","path":"/notification.updateGotify"},{"method":"post","path":"/notification.testGotifyConnection"},{"method":"post","path":"/notification.createNtfy"},{"method":"post","path":"/notification.updateNtfy"},{"method":"post","path":"/notification.testNtfyConnection"},{"method":"post","path":"/notification.createLark"},{"method":"post","path":"/notification.updateLark"},{"method":"post","path":"/notification.testLarkConnection"},{"method":"get","path":"/notification.getEmailProviders"}]} hasHead={true} />
|
||||
<APIPage document={"./public/openapi.json"} operations={[{"method":"post","path":"/notification.createSlack"},{"method":"post","path":"/notification.updateSlack"},{"method":"post","path":"/notification.testSlackConnection"},{"method":"post","path":"/notification.createTelegram"},{"method":"post","path":"/notification.updateTelegram"},{"method":"post","path":"/notification.testTelegramConnection"},{"method":"post","path":"/notification.createDiscord"},{"method":"post","path":"/notification.updateDiscord"},{"method":"post","path":"/notification.testDiscordConnection"},{"method":"post","path":"/notification.createEmail"},{"method":"post","path":"/notification.updateEmail"},{"method":"post","path":"/notification.testEmailConnection"},{"method":"post","path":"/notification.remove"},{"method":"get","path":"/notification.one"},{"method":"get","path":"/notification.all"},{"method":"post","path":"/notification.receiveNotification"},{"method":"post","path":"/notification.createGotify"},{"method":"post","path":"/notification.updateGotify"},{"method":"post","path":"/notification.testGotifyConnection"},{"method":"post","path":"/notification.createNtfy"},{"method":"post","path":"/notification.updateNtfy"},{"method":"post","path":"/notification.testNtfyConnection"},{"method":"post","path":"/notification.createLark"},{"method":"post","path":"/notification.updateLark"},{"method":"post","path":"/notification.testLarkConnection"},{"method":"post","path":"/notification.createPushover"},{"method":"post","path":"/notification.updatePushover"},{"method":"post","path":"/notification.testPushoverConnection"},{"method":"get","path":"/notification.getEmailProviders"}]} hasHead={true} />
|
||||
@@ -21,6 +21,9 @@ _openapi:
|
||||
- depth: 2
|
||||
title: Registry test Registry
|
||||
url: '#registry-test-registry'
|
||||
- depth: 2
|
||||
title: Registry test Registry By Id
|
||||
url: '#registry-test-registry-by-id'
|
||||
structuredData:
|
||||
headings:
|
||||
- content: Registry create
|
||||
@@ -35,9 +38,11 @@ _openapi:
|
||||
id: registry-one
|
||||
- content: Registry test Registry
|
||||
id: registry-test-registry
|
||||
- content: Registry test Registry By Id
|
||||
id: registry-test-registry-by-id
|
||||
contents: []
|
||||
---
|
||||
|
||||
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
|
||||
|
||||
<APIPage document={"./public/openapi.json"} webhooks={[]} operations={[{"path":"/registry.create","method":"post"},{"path":"/registry.remove","method":"post"},{"path":"/registry.update","method":"post"},{"path":"/registry.all","method":"get"},{"path":"/registry.one","method":"get"},{"path":"/registry.testRegistry","method":"post"}]} showTitle={true} />
|
||||
<APIPage document={"./public/openapi.json"} webhooks={[]} operations={[{"path":"/registry.create","method":"post"},{"path":"/registry.remove","method":"post"},{"path":"/registry.update","method":"post"},{"path":"/registry.all","method":"get"},{"path":"/registry.one","method":"get"},{"path":"/registry.testRegistry","method":"post"},{"path":"/registry.testRegistryById","method":"post"}]} showTitle={true} />
|
||||
@@ -3,6 +3,9 @@ title: Settings
|
||||
full: true
|
||||
_openapi:
|
||||
toc:
|
||||
- depth: 2
|
||||
title: Settings get Web Server Settings
|
||||
url: '#settings-get-web-server-settings'
|
||||
- depth: 2
|
||||
title: Settings reload Server
|
||||
url: '#settings-reload-server'
|
||||
@@ -93,6 +96,9 @@ _openapi:
|
||||
- depth: 2
|
||||
title: Settings get Ip
|
||||
url: '#settings-get-ip'
|
||||
- depth: 2
|
||||
title: Settings update Server Ip
|
||||
url: '#settings-update-server-ip'
|
||||
- depth: 2
|
||||
title: Settings get Open Api Document
|
||||
url: '#settings-get-open-api-document'
|
||||
@@ -143,6 +149,8 @@ _openapi:
|
||||
url: '#settings-get-dokploy-cloud-ips'
|
||||
structuredData:
|
||||
headings:
|
||||
- content: Settings get Web Server Settings
|
||||
id: settings-get-web-server-settings
|
||||
- content: Settings reload Server
|
||||
id: settings-reload-server
|
||||
- content: Settings clean Redis
|
||||
@@ -203,6 +211,8 @@ _openapi:
|
||||
id: settings-read-traefik-file
|
||||
- content: Settings get Ip
|
||||
id: settings-get-ip
|
||||
- content: Settings update Server Ip
|
||||
id: settings-update-server-ip
|
||||
- content: Settings get Open Api Document
|
||||
id: settings-get-open-api-document
|
||||
- content: Settings read Traefik Env
|
||||
@@ -240,4 +250,4 @@ _openapi:
|
||||
|
||||
{/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */}
|
||||
|
||||
<APIPage document={"./public/openapi.json"} webhooks={[]} operations={[{"path":"/settings.reloadServer","method":"post"},{"path":"/settings.cleanRedis","method":"post"},{"path":"/settings.reloadRedis","method":"post"},{"path":"/settings.reloadTraefik","method":"post"},{"path":"/settings.toggleDashboard","method":"post"},{"path":"/settings.cleanUnusedImages","method":"post"},{"path":"/settings.cleanUnusedVolumes","method":"post"},{"path":"/settings.cleanStoppedContainers","method":"post"},{"path":"/settings.cleanDockerBuilder","method":"post"},{"path":"/settings.cleanDockerPrune","method":"post"},{"path":"/settings.cleanAll","method":"post"},{"path":"/settings.cleanMonitoring","method":"post"},{"path":"/settings.saveSSHPrivateKey","method":"post"},{"path":"/settings.assignDomainServer","method":"post"},{"path":"/settings.cleanSSHPrivateKey","method":"post"},{"path":"/settings.updateDockerCleanup","method":"post"},{"path":"/settings.readTraefikConfig","method":"get"},{"path":"/settings.updateTraefikConfig","method":"post"},{"path":"/settings.readWebServerTraefikConfig","method":"get"},{"path":"/settings.updateWebServerTraefikConfig","method":"post"},{"path":"/settings.readMiddlewareTraefikConfig","method":"get"},{"path":"/settings.updateMiddlewareTraefikConfig","method":"post"},{"path":"/settings.getUpdateData","method":"post"},{"path":"/settings.updateServer","method":"post"},{"path":"/settings.getDokployVersion","method":"get"},{"path":"/settings.getReleaseTag","method":"get"},{"path":"/settings.readDirectories","method":"get"},{"path":"/settings.updateTraefikFile","method":"post"},{"path":"/settings.readTraefikFile","method":"get"},{"path":"/settings.getIp","method":"get"},{"path":"/settings.getOpenApiDocument","method":"get"},{"path":"/settings.readTraefikEnv","method":"get"},{"path":"/settings.writeTraefikEnv","method":"post"},{"path":"/settings.haveTraefikDashboardPortEnabled","method":"get"},{"path":"/settings.haveActivateRequests","method":"get"},{"path":"/settings.toggleRequests","method":"post"},{"path":"/settings.isCloud","method":"get"},{"path":"/settings.isUserSubscribed","method":"get"},{"path":"/settings.health","method":"get"},{"path":"/settings.setupGPU","method":"post"},{"path":"/settings.checkGPUStatus","method":"get"},{"path":"/settings.updateTraefikPorts","method":"post"},{"path":"/settings.getTraefikPorts","method":"get"},{"path":"/settings.updateLogCleanup","method":"post"},{"path":"/settings.getLogCleanupStatus","method":"get"},{"path":"/settings.getDokployCloudIps","method":"get"}]} showTitle={true} />
|
||||
<APIPage document={"./public/openapi.json"} webhooks={[]} operations={[{"path":"/settings.getWebServerSettings","method":"get"},{"path":"/settings.reloadServer","method":"post"},{"path":"/settings.cleanRedis","method":"post"},{"path":"/settings.reloadRedis","method":"post"},{"path":"/settings.reloadTraefik","method":"post"},{"path":"/settings.toggleDashboard","method":"post"},{"path":"/settings.cleanUnusedImages","method":"post"},{"path":"/settings.cleanUnusedVolumes","method":"post"},{"path":"/settings.cleanStoppedContainers","method":"post"},{"path":"/settings.cleanDockerBuilder","method":"post"},{"path":"/settings.cleanDockerPrune","method":"post"},{"path":"/settings.cleanAll","method":"post"},{"path":"/settings.cleanMonitoring","method":"post"},{"path":"/settings.saveSSHPrivateKey","method":"post"},{"path":"/settings.assignDomainServer","method":"post"},{"path":"/settings.cleanSSHPrivateKey","method":"post"},{"path":"/settings.updateDockerCleanup","method":"post"},{"path":"/settings.readTraefikConfig","method":"get"},{"path":"/settings.updateTraefikConfig","method":"post"},{"path":"/settings.readWebServerTraefikConfig","method":"get"},{"path":"/settings.updateWebServerTraefikConfig","method":"post"},{"path":"/settings.readMiddlewareTraefikConfig","method":"get"},{"path":"/settings.updateMiddlewareTraefikConfig","method":"post"},{"path":"/settings.getUpdateData","method":"post"},{"path":"/settings.updateServer","method":"post"},{"path":"/settings.getDokployVersion","method":"get"},{"path":"/settings.getReleaseTag","method":"get"},{"path":"/settings.readDirectories","method":"get"},{"path":"/settings.updateTraefikFile","method":"post"},{"path":"/settings.readTraefikFile","method":"get"},{"path":"/settings.getIp","method":"get"},{"path":"/settings.updateServerIp","method":"post"},{"path":"/settings.getOpenApiDocument","method":"get"},{"path":"/settings.readTraefikEnv","method":"get"},{"path":"/settings.writeTraefikEnv","method":"post"},{"path":"/settings.haveTraefikDashboardPortEnabled","method":"get"},{"path":"/settings.haveActivateRequests","method":"get"},{"path":"/settings.toggleRequests","method":"post"},{"path":"/settings.isCloud","method":"get"},{"path":"/settings.isUserSubscribed","method":"get"},{"path":"/settings.health","method":"get"},{"path":"/settings.setupGPU","method":"post"},{"path":"/settings.checkGPUStatus","method":"get"},{"path":"/settings.updateTraefikPorts","method":"post"},{"path":"/settings.getTraefikPorts","method":"get"},{"path":"/settings.updateLogCleanup","method":"post"},{"path":"/settings.getLogCleanupStatus","method":"get"},{"path":"/settings.getDokployCloudIps","method":"get"}]} showTitle={true} />
|
||||
@@ -24,6 +24,6 @@ Dokploy when you create an access token automatically will generate a config.jso
|
||||
|
||||
## Commands
|
||||
|
||||
1. `dokploy authenticate` - Authenticate with the Dokploy CLI.
|
||||
1. `dokploy auth -u <host> -t <token>` - Authenticate with the Dokploy CLI.
|
||||
2. `dokploy verify` - Verify if the access token is valid.
|
||||
|
||||
|
||||
@@ -7,8 +7,10 @@
|
||||
"discord",
|
||||
"lark",
|
||||
"email",
|
||||
"resend",
|
||||
"gotify",
|
||||
"ntfy",
|
||||
"pushover",
|
||||
"webhook"
|
||||
]
|
||||
}
|
||||
|
||||
@@ -27,7 +27,9 @@ Dokploy supports the following notification providers:
|
||||
3. **Discord**: Discord is generally used for communication between users in a chat or voice channel.
|
||||
4. **Lark**: Lark is a collaboration platform that provides messaging and team communication features.
|
||||
5. **Email**: Email is a popular method for sending messages to a group of recipients.
|
||||
6. **Gotify**: Gotify is a self-hosted push notification service.
|
||||
7. **Ntfy**: Ntfy is a simple HTTP-based pub-sub notification service.
|
||||
8. **Webhook**: Webhook is a generic webhook notification service.
|
||||
6. **Resend**: Resend is a modern email API for developers to send transactional emails.
|
||||
7. **Gotify**: Gotify is a self-hosted push notification service.
|
||||
8. **Ntfy**: Ntfy is a simple HTTP-based pub-sub notification service.
|
||||
8. **Pushover**: Pushover is a service for sending real-time notifications to Android, iOS, and desktop devices.
|
||||
9. **Webhook**: Webhook is a generic webhook notification service.
|
||||
|
||||
|
||||
27
apps/docs/content/docs/core/(Notifications)/pushover.mdx
Normal file
@@ -0,0 +1,27 @@
|
||||
---
|
||||
title: Pushover
|
||||
description: 'Configure Pushover notifications for your applications.'
|
||||
---
|
||||
|
||||
Pushover notifications are a great way to stay up to date with important events in your Dokploy panel. You can choose to receive notifications for specific events or all events.
|
||||
|
||||
## Pushover Notifications
|
||||
|
||||
To start receiving Pushover notifications, you need to fill the form with the following details:
|
||||
|
||||
- **Name**: Enter any name you want.
|
||||
- **User Key**: Enter your Pushover user key. eg. `ub3de9kl2q...`
|
||||
- **API Token**: Enter your Pushover application API token. eg. `a3d9k2q7m4...`
|
||||
- **Priority**: Enter the priority of the notification (-2 to 2, default: 0).
|
||||
- `-2`: Lowest priority (no sound/vibration)
|
||||
- `-1`: Low priority (no sound/vibration)
|
||||
- `0`: Normal priority (default)
|
||||
- `1`: High priority (bypasses quiet hours)
|
||||
- `2`: Emergency priority (requires acknowledgment)
|
||||
|
||||
For emergency priority (2), you must also provide:
|
||||
|
||||
- **Retry**: How often (in seconds) Pushover will retry the notification. Minimum 30 seconds.
|
||||
- **Expire**: How long (in seconds) to keep retrying. Maximum 10800 seconds (3 hours).
|
||||
|
||||
To setup the Pushover notifications, you can read the [Pushover Documentation](https://pushover.net/api).
|
||||
27
apps/docs/content/docs/core/(Notifications)/resend.mdx
Normal file
@@ -0,0 +1,27 @@
|
||||
---
|
||||
title: Resend
|
||||
description: 'Configure Resend notifications for your applications.'
|
||||
---
|
||||
|
||||
Resend notifications are a great way to stay up to date with important events in your Dokploy panel. You can choose to receive notifications for specific events or all events.
|
||||
|
||||
## Resend Notifications
|
||||
|
||||
For start receiving Resend notifications, you need to fill the form with the following details:
|
||||
|
||||
- **Name**: Enter any name you want.
|
||||
- **API Key**: Enter your Resend API key.
|
||||
- **From Address**: Enter the email address that will be used as the sender. This must be from a verified domain in your Resend account.
|
||||
- **To Address**: Enter the email address(es) that will receive the notifications. You can add multiple addresses.
|
||||
|
||||
To Setup Resend notifications, follow these steps:
|
||||
|
||||
1. Go to [Resend](https://resend.com) and create an account if you don't have one.
|
||||
2. Navigate to [API Keys](https://resend.com/api-keys) and create a new API key.
|
||||
3. Add and verify your domain at [Domains](https://resend.com/domains) to be able to send emails from your own domain.
|
||||
4. Go to Dokploy `Notifications` and select `Resend` as the notification provider.
|
||||
5. Enter your API key, from address (using your verified domain), and recipient email addresses.
|
||||
6. Click on `Test` to make sure everything is working.
|
||||
7. Click on `Create` to save the notification.
|
||||
|
||||
For more information, you can read the [Resend Documentation](https://resend.com/docs).
|
||||
@@ -0,0 +1,27 @@
|
||||
---
|
||||
title: Google Cloud Storage
|
||||
description: 'Configure Google Cloud Storage buckets for backup storage. This includes setting up access keys, secret keys, bucket names, regions, and endpoints.'
|
||||
---
|
||||
import { Callout } from 'fumadocs-ui/components/callout';
|
||||
|
||||
|
||||
Google Cloud Storage provides a simple and cost-effective way to store and retrieve data. It is a cloud-based service that allows you to store and retrieve data from anywhere in the world. This is a great option for storing backups, as it is easy to set up and manage.
|
||||
|
||||
1. Navigate to the Cloud Storage console and create a new bucket with preferred name.
|
||||
2. Navigate to the IAM & Admin and create a new service account. Assign a role `Storage Admin` to the service account.
|
||||
3. Return to Cloud Storage again, and click `Settings` on the left navigation menu.
|
||||
4. Click `Interoperability` tab. This is where you will create Amazon S3-compatible ID and access keys.
|
||||
5. Copy the value in `Storage URI`. You will need this for the Endpoint value in Dokploy.
|
||||
6. Under `Service account HMAC`, click `Create a key for a service account`. Select the service account you created earlier and click `Create`. You will get an Access Key and a Secret Key.
|
||||
|
||||
Now copy the following variables:
|
||||
|
||||
| (from) Cloud Storage | (to) Dokploy | Example value |
|
||||
|---------------------|---------------------|---------------------------------------------------------------------|
|
||||
| `Access Key` | `Access Key ID` | `f3811c6d27415a9s6cv943b6743ad784` |
|
||||
| `Secret` | `Secret Access Key` | `aa55ee40b4049e93b7252bf698408cc22a3c2856d2530s7c1cb7670e318f15e58` |
|
||||
| `Location` | `Region` | `us-central1, etc` it will depend on the region you are using. |
|
||||
| `Endpoint` | `Endpoint` | `https://storage.googleapis.com`. The value in `Storage URI`. |
|
||||
| `Bucket Name` | `Bucket` | `dokploy-backups` use the name of the bucket you created. |
|
||||
|
||||
Test the connection and you should see a success message.
|
||||
@@ -53,3 +53,11 @@ You can also grant permissions to specific users for accessing particular projec
|
||||
#### Project Permissions
|
||||
|
||||
Based on your projects and services, you can assign permissions to specific users to give them access to particular projects or services. You can also select specific environments within projects, allowing you to grant granular access control at the environment level.
|
||||
|
||||
## Enterprise: Custom Roles & Additional Permissions
|
||||
|
||||
With an **Enterprise** license, you can go beyond the default roles and create **Custom Roles** with granular permissions. This gives you full control over what each team member can do — covering areas like deployments, environment variables, servers, certificates, backups, monitoring, audit logs, and more.
|
||||
|
||||
Enterprise permissions include over 25 permission categories with fine-grained actions (Read, Create, Update, Delete, Deploy, Cancel, Restore, Write) across all resources.
|
||||
|
||||
[Learn more about Custom Roles →](/docs/core/enterprise/custom-roles)
|
||||
|
||||
81
apps/docs/content/docs/core/ai.mdx
Normal file
@@ -0,0 +1,81 @@
|
||||
---
|
||||
title: AI Assistant
|
||||
description: "Use AI to generate Docker Compose templates in Dokploy."
|
||||
---
|
||||
|
||||
import { Callout } from 'fumadocs-ui/components/callout';
|
||||
|
||||
Dokploy integrates with AI providers to let you generate Docker Compose templates from natural language. Describe what you want to deploy, and the AI generates the configuration for you.
|
||||
|
||||
<Callout type="info">
|
||||
Dokploy does not include its own AI model. You need to connect an external provider (like OpenAI, Anthropic, or any OpenAI-compatible API) with your own API key.
|
||||
</Callout>
|
||||
|
||||
## Setting up an AI provider
|
||||
|
||||
1. Go to **Settings**.
|
||||
2. Navigate to the **AI** section.
|
||||
3. Click **Add AI Provider**.
|
||||
4. Fill in the configuration:
|
||||
|
||||
| Field | Description |
|
||||
|-------|-------------|
|
||||
| **Name** | A label for this provider (e.g., "OpenAI", "Claude", "Local LLM") |
|
||||
| **API URL** | The API endpoint (e.g., `https://api.openai.com/v1` for OpenAI) |
|
||||
| **API Key** | Your API key for authentication |
|
||||
| **Model** | The model to use (e.g., `gpt-4o`, `claude-sonnet-4-20250514`) |
|
||||
|
||||
5. Click **Save**.
|
||||
|
||||
You can configure multiple providers and switch between them.
|
||||
|
||||
### Compatible providers
|
||||
|
||||
Any provider that exposes an **OpenAI-compatible API** works with Dokploy. Some examples:
|
||||
|
||||
| Provider | API URL | Models |
|
||||
|----------|---------|--------|
|
||||
| **OpenAI** | `https://api.openai.com/v1` | gpt-4o, gpt-4o-mini, o1, etc. |
|
||||
| **Anthropic** | `https://api.anthropic.com/v1` | claude-sonnet-4-20250514, claude-haiku-4-5-20251001, etc. |
|
||||
| **Ollama** (local) | `http://localhost:11434/v1` | llama3, mistral, codellama, etc. |
|
||||
| **OpenRouter** | `https://openrouter.ai/api/v1` | Multiple providers through one API |
|
||||
| **Azure OpenAI** | `https://{resource}.openai.azure.com/openai` | gpt-4o, gpt-4, etc. |
|
||||
|
||||
## Generating Docker Compose templates
|
||||
|
||||
Once you have a provider configured, you can use AI to generate Docker Compose templates when creating a new Compose service.
|
||||
|
||||
### How it works
|
||||
|
||||
1. Create a new **Docker Compose** service.
|
||||
2. Click the **AI Generate** button.
|
||||
3. Describe what you want to deploy in natural language.
|
||||
4. The AI generates a complete `docker-compose.yml` with:
|
||||
- Service definitions
|
||||
- Environment variables with sensible defaults
|
||||
- Volumes and networks
|
||||
- Any additional config needed
|
||||
5. Review and edit the generated configuration as needed.
|
||||
6. Deploy.
|
||||
|
||||
### Example prompts
|
||||
|
||||
- "A WordPress site with MySQL and Redis for caching"
|
||||
- "Grafana with Prometheus for monitoring"
|
||||
- "A Node.js API with MongoDB and Redis"
|
||||
- "Plausible Analytics with PostgreSQL and ClickHouse"
|
||||
- "Gitea with a PostgreSQL database"
|
||||
|
||||
<Callout>
|
||||
Always review the generated configuration before deploying. The AI provides a starting point — you may need to adjust environment variables, resource limits, or volumes for your specific use case.
|
||||
</Callout>
|
||||
|
||||
## Managing providers
|
||||
|
||||
You can manage your AI providers from **Settings → AI**:
|
||||
|
||||
- **Add** multiple providers for different use cases
|
||||
- **Edit** existing provider configurations
|
||||
- **Delete** providers you no longer need
|
||||
- **View available models** for each provider
|
||||
- **Enable/Disable** providers without deleting them
|
||||
@@ -6,7 +6,7 @@ description: Learn how to deploy your application in production in Dokploy.
|
||||
import { Callout } from 'fumadocs-ui/components/callout';
|
||||
|
||||
By default, dokploy offer multiple [Builds Types](/docs/core/applications/build-type) to deploy your application, the most common is `nixpacks` and `heroku buildpacks`
|
||||
however this also comes with problems, first is the resources that are required to build your application which some times can lead to timeout on your server or even freezeing your server
|
||||
however this also comes with problems, first is the resources that are required to build your application which some times can lead to timeout on your server or even freezing your server
|
||||
and all your application will be down for this reasson, this is mainly problem from `Docker` since the comsumption of resources such as RAM, CPU is very high to build an application.
|
||||
|
||||
|
||||
@@ -36,11 +36,11 @@ The repo have everything you need, however you can follow the same idea for your
|
||||
</Callout>
|
||||
|
||||
|
||||
3. The repository already have a Dockerfile, so we will use that, in the case your application is different create your own Dockerfile is required for this guide.
|
||||
4. We will use `Dockerhub` as an example, but you can use any container registry that you want.
|
||||
5. Make sure to create the repository in the `Dockerhub` , `namespace` is your username and `repository` is `example`.
|
||||
6. Create a new Github Actions workflow in `.github/workflows/deploy.yml`
|
||||
7. Add the following code to the workflow:
|
||||
2. The repository already have a Dockerfile, so we will use that, in the case your application is different create your own Dockerfile is required for this guide.
|
||||
3. We will use `Dockerhub` as an example, but you can use any container registry that you want.
|
||||
4. Make sure to create the repository in the `Dockerhub` , `namespace` is your username and `repository` is `example`.
|
||||
5. Create a new Github Actions workflow in `.github/workflows/deploy.yml`
|
||||
6. Add the following code to the workflow:
|
||||
|
||||
```yaml
|
||||
name: Build Docker images
|
||||
@@ -74,7 +74,7 @@ jobs:
|
||||
namespace/example:latest
|
||||
platforms: linux/amd64
|
||||
```
|
||||
8. Create your own Dockerfile, in this case we will use the `Dockerfile` from the repository.
|
||||
7. Create your own Dockerfile, in this case we will use the `Dockerfile` from the repository.
|
||||
|
||||
```properties
|
||||
FROM node:18-alpine AS base
|
||||
@@ -103,14 +103,14 @@ EXPOSE 3000
|
||||
CMD ["pnpm", "start"]
|
||||
```
|
||||
|
||||
9. Now when you make a commit to your repository, the workflow will be triggered and the application will build and push to `Dockerhub`.
|
||||
10. Now let's create application in Dokploy.
|
||||
11. In `Source Type` select `Docker`
|
||||
12. In the docker image field enter `namespace/example:latest`
|
||||
13. Click on `Save`.
|
||||
14. Click on `Deploy`.
|
||||
15. Go to `Domains` and click `Dices` icon to generate a domain and the port set to `3000`.
|
||||
16. Now you can access your application.
|
||||
8. Now when you make a commit to your repository, the workflow will be triggered and the application will build and push to `Dockerhub`.
|
||||
9. Now let's create application in Dokploy.
|
||||
10. In `Source Type` select `Docker`
|
||||
11. In the docker image field enter `namespace/example:latest`
|
||||
12. Click on `Save`.
|
||||
13. Click on `Deploy`.
|
||||
14. Go to `Domains` and click `Dices` icon to generate a domain and the port set to `3000`.
|
||||
15. Now you can access your application.
|
||||
|
||||
### Auto deploy
|
||||
|
||||
@@ -153,14 +153,12 @@ jobs:
|
||||
uses: dokploy/dokploy-action@v1
|
||||
run: |
|
||||
curl -X 'POST' \
|
||||
'https://<your-dokploy-domain>/api/trpc/application.deploy' \
|
||||
'https://<your-dokploy-domain>/api/application.deploy' \
|
||||
-H 'accept: application/json' \
|
||||
-H 'x-api-key: YOUR-GENERATED-API-KEY' \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{
|
||||
"json":{
|
||||
"applicationId": "YOUR-APPLICATION-ID"
|
||||
}
|
||||
"applicationId": "YOUR-APPLICATION-ID"
|
||||
}'
|
||||
```
|
||||
|
||||
|
||||
@@ -31,6 +31,10 @@ preview-${appName}-${uniqueId}.traefik.me
|
||||
|
||||
To make this work, you need to point your wildcard DNS record (*) to your server's IP address.
|
||||
|
||||
<Callout type="info">
|
||||
**Hint:** If you need to reference the generated domain in the preview deployment's environment variables, you can do so utilising `${{DOKPLOY_DEPLOY_URL}}`. See [variables documentation](/docs/core/variables#service-level-variables) for more information.
|
||||
</Callout>
|
||||
|
||||
## How It Works
|
||||
|
||||
Once enabled, preview deployments are automatically created whenever a pull request is opened against your target branch (configured in your provider settings).
|
||||
@@ -60,6 +64,7 @@ In this section, you can:
|
||||
- Check build and deployment logs
|
||||
- Monitor deployment updates
|
||||
- Update domain configuration
|
||||
- Manually rebuild preview deployments
|
||||
|
||||
### Automatic Updates
|
||||
|
||||
@@ -70,6 +75,16 @@ The preview deployment will automatically:
|
||||
|
||||
This continuous preview system allows teams to review and test changes in isolation before merging to production.
|
||||
|
||||
### Manual Rebuilds
|
||||
|
||||
You can manually rebuild a preview deployment without downloading new code from the repository. This is useful when you need to:
|
||||
|
||||
- Rebuild with updated environment variables or build settings
|
||||
- Retry a failed build without making code changes
|
||||
- Apply configuration changes that require a rebuild
|
||||
|
||||
To rebuild a preview deployment, click the **Rebuild** button (hammer icon) next to the deployment and confirm the action. The rebuild will use the existing code and only re-run the build process.
|
||||
|
||||
<Callout type="info">
|
||||
If you have security or redirects created in your application, it will inherit the same configuration for the preview deployment.
|
||||
</Callout>
|
||||
|
||||
@@ -33,9 +33,9 @@ This method uses Docker Swarm's built-in rollback feature, which automatically r
|
||||
|
||||
### Steps to Configure Automatic Rollback
|
||||
|
||||
Let's suppose we have a NodeJS application that has a health check route `/api/health` that returns a 200 status code and running in the port 3000.
|
||||
Let's suppose we have a NodeJS application that has a health check route `/health` that returns a 200 status code and running in the port 3000.
|
||||
|
||||
1. In your application is necessary to have a `Path` or `Health Route` to be able to achieve zero downtime deployments eg. in the case of a NodeJS app you can have a route `/api/health` that returns a 200 status code.
|
||||
1. In your application is necessary to have a `Path` or `Health Route` to be able to achieve zero downtime deployments eg. in the case of a NodeJS app you can have a route `/health` that returns a 200 status code.
|
||||
2. Go to `Advanced` Tab and go to Cluster Settings and enter to `Swarm Settings`
|
||||
3. There are a couple options that you can use, in this case we will focus on `Health Check` and `Update Config`.
|
||||
4. Paste this code in the health check field:
|
||||
@@ -47,7 +47,7 @@ Make sure the API Route exists in your application
|
||||
"CMD",
|
||||
"curl",
|
||||
"-f",
|
||||
"http://localhost:3000/api/health"
|
||||
"http://localhost:3000/health"
|
||||
],
|
||||
"Interval": 30000000000,
|
||||
"Timeout": 10000000000,
|
||||
|
||||
@@ -12,9 +12,9 @@ but Dokploy allows you to configure zero downtime deployments.
|
||||
|
||||
## Steps to configure Zero Downtime Deployments
|
||||
|
||||
Let's suppose we have a NodeJS application that has a health check route `/api/health` that returns a 200 status code and running in the port 3000.
|
||||
Let's suppose we have a NodeJS application that has a health check route `/health` that returns a 200 status code and running in the port 3000.
|
||||
|
||||
1. In your application is necessary to have a `Path` or `Health Route` to be able to achieve zero downtime deployments eg. in the case of a NodeJS app you can have a route `/api/health` that returns a 200 status code.
|
||||
1. In your application is necessary to have a `Path` or `Health Route` to be able to achieve zero downtime deployments eg. in the case of a NodeJS app you can have a route `/health` that returns a 200 status code.
|
||||
2. Go to `Advanced` Tab and go to Cluster Settings and enter to `Swarm Settings`
|
||||
3. There are a couple options that you can use, in this case we will focus on `Health Check`.
|
||||
4. Paste this code in the health check field:
|
||||
@@ -26,7 +26,7 @@ Make sure the API Route exists in your application
|
||||
"CMD",
|
||||
"curl",
|
||||
"-f",
|
||||
"http://localhost:3000/api/health"
|
||||
"http://localhost:3000/health"
|
||||
],
|
||||
"Interval": 30000000000,
|
||||
"Timeout": 10000000000,
|
||||
|
||||
@@ -3,18 +3,85 @@ title: Dokploy Cloud
|
||||
description: "Deploy your apps to multiple servers remotely without worrying about the underlying infrastructure."
|
||||
---
|
||||
|
||||
import { Callout } from 'fumadocs-ui/components/callout';
|
||||
|
||||
Dokploy Cloud allows you to deploy your apps to a cloud provider of your choice. This means that you can deploy your apps to any cloud provider, such as AWS, GCP, Azure, or DigitalOcean, without having to worry about the underlying infrastructure.
|
||||
Dokploy Cloud is the managed version of Dokploy. Instead of installing and maintaining Dokploy on your own server, the **control plane** (UI, database, and management layer) is hosted by us — you just connect your own servers and deploy.
|
||||
|
||||
## How it works
|
||||
|
||||
By default when you install Dokploy in a Self Hosted version, if you deploy all your applications by default they will be deployed on the same server where Dokploy UI is installed. This means that you will need to build and run your applications where Dokploy
|
||||
UI is installed, which can be a challenge if you don't have the resources to do so, also self hosted support for remote instances.
|
||||
With **Self-Hosted** Dokploy, everything runs on a single server: the UI, the database (PostgreSQL), Redis, Traefik, and your applications — all on the same machine. This works well for small setups, but as you scale, your management layer competes for resources with your actual workloads.
|
||||
|
||||
**Dokploy Cloud** separates these concerns:
|
||||
|
||||
Dokploy cloud starts from $4.50 per month per server, the next is 3.50$, and you can deploy as many applications you want to your remote server connected to a dokploy cloud, multi server feature is recommended for HA and scalability projects.
|
||||
```
|
||||
┌──────────────────────────────┐ ┌─────────────────────────┐
|
||||
│ Dokploy Cloud │ │ Your Server(s) │
|
||||
│ (managed by Dokploy) │ │ (any cloud provider) │
|
||||
│ │ │ │
|
||||
│ ┌────────────┐ │ │ ┌───────────────────┐ │
|
||||
│ │ Dashboard │─── deploy ──┼──────►│ │ Your apps │ │
|
||||
│ │ (UI) │ │ │ │ Your databases │ │
|
||||
│ ├────────────┤ │ │ │ Your compose │ │
|
||||
│ │ PostgreSQL │ │ │ │ Traefik (proxy) │ │
|
||||
│ ├────────────┤ │ │ └───────────────────┘ │
|
||||
│ │ Redis │ │ │ │
|
||||
│ └────────────┘ │ │ ┌───────────────────┐ │
|
||||
│ │ │ │ Monitoring agent │ │
|
||||
│ ┌────────────┐ │◄──────┤ │ (metrics → cloud) │ │
|
||||
│ │ Monitoring │ │ │ └───────────────────┘ │
|
||||
│ └────────────┘ │ │ │
|
||||
└──────────────────────────────┘ └─────────────────────────┘
|
||||
```
|
||||
|
||||
You can start by registering on the [Dokploy Cloud](https://app.dokploy.com) website and follow the steps to deploy your apps, see the [Pricing](https://dokploy.com#pricing) page for more information.
|
||||
- **Control plane** (Cloud): Dashboard, user management, deployment orchestration, monitoring dashboard, and notifications.
|
||||
- **Data plane** (Your servers): Your actual applications, databases, Traefik, and a lightweight monitoring agent.
|
||||
|
||||
Your code and data **never leave your servers**. Dokploy Cloud only manages the orchestration.
|
||||
|
||||
## Key benefits
|
||||
|
||||
| Benefit | Description |
|
||||
|---------|-------------|
|
||||
| **No management overhead** | No need to maintain the Dokploy instance itself — updates, backups, and uptime are handled for you |
|
||||
| **100% server resources for your apps** | The UI and management database don't compete with your workloads |
|
||||
| **Multi-server from day one** | Connect as many servers as you need from any provider (AWS, GCP, Azure, DigitalOcean, Hetzner, etc.) |
|
||||
| **Automatic updates** | Always on the latest version of Dokploy without manual upgrades |
|
||||
| **Support** | Direct support via email/chat (Startup) or priority SLA (Enterprise) |
|
||||
|
||||
## Getting started
|
||||
|
||||
1. Register on [Dokploy Cloud](https://app.dokploy.com).
|
||||
2. Add a server by providing the SSH connection details (IP, port, SSH key).
|
||||
3. Dokploy Cloud will set up the server automatically (Docker, Traefik, monitoring agent).
|
||||
4. Start deploying your applications, databases, and compose stacks.
|
||||
|
||||
<Callout type="info">
|
||||
You can connect servers from **any provider** — they just need to be reachable via SSH. You can even mix providers (e.g., Hetzner for production, DigitalOcean for staging).
|
||||
</Callout>
|
||||
|
||||
## Pricing
|
||||
|
||||
Dokploy Cloud offers several plans:
|
||||
|
||||
| Plan | Price | Servers included | Additional servers |
|
||||
|------|-------|------------------|--------------------|
|
||||
| **Hobby** | $4.50/month per server | 1 | $4.50/month each |
|
||||
| **Startup** | $15/month | 3 | $4.50/month each |
|
||||
| **Enterprise** | Custom | Custom | Contact sales |
|
||||
| **Agency** | Custom | Custom | Contact partner team |
|
||||
|
||||
All plans include **unlimited deployments, databases, and applications** per server. Annual billing saves 20%.
|
||||
|
||||
See the [Pricing](https://dokploy.com/pricing) page for full plan details and feature limits.
|
||||
|
||||
## When to use Cloud vs Self-Hosted
|
||||
|
||||
| Use Cloud when... | Use Self-Hosted when... |
|
||||
|-------------------|------------------------|
|
||||
| You don't want to maintain the Dokploy instance | You want full control over everything |
|
||||
| You need multi-server from the start | You have a single server and want to keep it simple |
|
||||
| You want built-in monitoring without extra config | You already have your own monitoring stack |
|
||||
| You prefer automatic updates | You want to control when updates happen |
|
||||
| You need HA for the management layer | Budget is the top priority |
|
||||
|
||||
For a full feature comparison, see [Cloud vs Self-Hosted Differences](/docs/core/differences).
|
||||
|
||||
@@ -3,10 +3,14 @@ title: Cluster
|
||||
description: 'Manage server cluster settings.'
|
||||
---
|
||||
|
||||
import { Callout } from "fumadocs-ui/components/callout";
|
||||
|
||||
When you deploy applications in dokploy, all of them run on the same node. If you wish to run an application on a different server, you can use the cluster feature.
|
||||
|
||||
The idea of using clusters is to allow each server to host a different application and, using Traefik along with the load balancer, redirect the traffic from the dokploy server to the servers you choose.
|
||||
|
||||
<ImageZoom src="/assets/docker-swarm.png" alt="Docker Swarm Diagram" width={1000} height={600} className="rounded-lg"/>
|
||||
|
||||
## Server Scaling Methods
|
||||
|
||||
There are two primary ways to scale your server:
|
||||
@@ -75,8 +79,12 @@ Workers have a single purpose, which is to run the containers, acting under the
|
||||
|
||||
You can click the 'Add Node' button, which will display the instructions you need to follow to add your servers as nodes and join them to the dokploy manager node.
|
||||
|
||||
<ImageZoom src="/assets/add-node.png" width={800} height={630} className="rounded-lg"/>
|
||||
<ImageZoom src="/assets/add-node.png" alt="Add Node" width={800} height={630} className="rounded-lg"/>
|
||||
|
||||
Once you follow the instructions, the workers or managers will appear in the table.
|
||||
|
||||
<ImageZoom src="/assets/nodes.png" width={800} height={630} className="rounded-lg"/>
|
||||
<ImageZoom src="/assets/nodes.png" alt="View Nodes" width={800} height={630} className="rounded-lg"/>
|
||||
|
||||
<Callout type="info">
|
||||
**Storage Cleanup Note**: Dokploy does not perform automatic cleanup of storage for workers or other associated nodes that are not the Dokploy server. For automatic cleanup, you can add your node as a remote server and configure cleanups, or create a schedule that performs that cleanup. Additionally, you don't need to perform setup when you only add the node as a remote server. For more information, see the [Remote Servers documentation](/docs/core/remote-servers).
|
||||
</Callout>
|
||||
|
||||
@@ -19,7 +19,7 @@ Comparison of the following deployment tools:
|
||||
| **Advanced User Permission Management** | ✅ | ❌ | ❌ | ❌ |
|
||||
| **Terminal Access Built In** | ✅ | ❌ | ❌ | ✅ |
|
||||
| **Database Support** | ✅ | ✅ | ❌ | ✅ |
|
||||
| **Monitoring** | ✅ | ✅ | ❌ | ❌ |
|
||||
| **Monitoring** | ✅ | ✅ | ❌ | ✅ |
|
||||
| **Backups** | ✅ | Available via Plugins | Available via Plugins | ✅ |
|
||||
| **Open Source** | ✅ | ✅ | ✅ | ✅ |
|
||||
| **Notifications** | ✅ | ❌ | ❌ | ✅ |
|
||||
|
||||
43
apps/docs/content/docs/core/concurrent-builds.mdx
Normal file
@@ -0,0 +1,43 @@
|
||||
---
|
||||
title: Concurrent Builds
|
||||
description: "Learn how Dokploy manages build/deployment concurrency per server and how to configure it."
|
||||
---
|
||||
|
||||
import { Callout } from "fumadocs-ui/components/callout";
|
||||
|
||||
Dokploy processes deployments through a queue that is scoped **per server**. Every server, including the Dokploy server itself, has its own independent concurrency setting that controls how many builds can run at the same time on it.
|
||||
|
||||
## How the Queue Works
|
||||
|
||||
Each server (the local Dokploy server, and every remote/build server) has its own queue partition:
|
||||
|
||||
- Jobs are grouped by server, so builds on different servers never block each other.
|
||||
- Within a server's queue, up to **N** jobs can run in parallel, where **N** is that server's configured concurrency.
|
||||
- Multiple builds of the **same application or Docker Compose service** are always serialized (FIFO), even if concurrency is greater than 1. This prevents two builds of the same service from colliding (same source directory, same container name, etc).
|
||||
|
||||
This means increasing concurrency lets **different** applications on the same server build at the same time, it does not parallelize multiple deployments of the same app.
|
||||
|
||||
## Default Concurrency
|
||||
|
||||
By default, every server, the Dokploy server and any remote server, has a concurrency of **1**. This means builds on that server run one at a time.
|
||||
|
||||
## Limits by Plan
|
||||
|
||||
<Callout type="info">
|
||||
Concurrent builds are a self-hosted feature and are configured per server. They are not available on Dokploy Cloud.
|
||||
</Callout>
|
||||
|
||||
- **OSS (free)**: You can increase concurrency up to a maximum of **2** per server.
|
||||
- **Enterprise**: With a valid enterprise license, concurrency is **unlimited** and can be set to any value per server.
|
||||
|
||||
If you set a value higher than 2 without a valid enterprise license, Dokploy will reject the change until a valid license is applied. If a license expires, concurrency is automatically clamped back down to the OSS limits so deployments keep working without breaking anything.
|
||||
|
||||
## Configuring Concurrency
|
||||
|
||||
1. Go to **Dashboard → Settings → Deployments**.
|
||||
2. Under **Dokploy Server**, set the concurrency for the local server.
|
||||
3. Under **Remote Servers**, set the concurrency for each remote or build server individually.
|
||||
|
||||
<ImageZoom src="/assets/images/ui/concurrent-builds.png" alt="Per-server concurrency configuration under Settings > Deployments" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
Each server's concurrency is configured independently, so you can, for example, keep the Dokploy server at 1 while increasing concurrency on a dedicated [build server](/docs/core/remote-servers/build-server) with more resources.
|
||||
161
apps/docs/content/docs/core/differences.mdx
Normal file
@@ -0,0 +1,161 @@
|
||||
---
|
||||
title: Cloud vs Self-Hosted
|
||||
description: "Detailed comparison between Dokploy Cloud and the Self-Hosted version."
|
||||
---
|
||||
|
||||
import { Callout } from 'fumadocs-ui/components/callout';
|
||||
|
||||
Both versions of Dokploy share the same **deployment engine** — same Docker/Traefik integration, same API, same core features. The main difference is operational: **who manages the Dokploy instance itself**. On top of that, there are four editions with different limits and extras, summarized below.
|
||||
|
||||
## Editions at a glance
|
||||
|
||||
Dokploy comes in four editions: **Self-Hosted (OSS)**, **Cloud**, **Enterprise Self-Hosted**, and **Enterprise Cloud**.
|
||||
|
||||
| | Self-Hosted (OSS) | Cloud | Enterprise Self-Hosted | Enterprise Cloud |
|
||||
|---|:---:|:---:|:---:|:---:|
|
||||
| **Price** | Free | From $4.50/mo | License ([contact us](https://dokploy.com/contact)) | Custom |
|
||||
| **Control plane** | You manage it | Managed by Dokploy | You manage it | Managed by Dokploy |
|
||||
| **Updates** | Manual | Automatic | Manual | Automatic |
|
||||
| **Core deployments** (apps, databases, Compose, domains, SSL, templates) | ✅ | ✅ | ✅ | ✅ |
|
||||
| **Multi-server / remote servers** | ✅ | ✅ | ✅ | ✅ |
|
||||
| **Basic roles** (Owner, Admin, Member) | ✅ | ✅ | ✅ | ✅ |
|
||||
| **Custom roles** (granular permissions) | ❌ | Plan-dependent | ✅ | ✅ |
|
||||
| **SSO (OIDC / SAML)** | ❌ | ❌ | ✅ | ✅ |
|
||||
| **Application Authentication** (SSO gate for your apps) | ❌ | ❌ | ✅ | ✅ |
|
||||
| **Audit logs** | ❌ | ❌ | ✅ | ✅ |
|
||||
| **Whitelabeling** | ❌ | ❌ | ✅ | ❌ |
|
||||
| **Concurrent builds per server** | Up to 2 | Managed | Unlimited | Managed |
|
||||
| **Advanced monitoring dashboard** | Basic monitoring | ✅ | Basic monitoring | ✅ |
|
||||
| **Support** | Community (Discord) | Email & Chat | Priority | Priority with SLA |
|
||||
|
||||
<Callout type="info">
|
||||
The core deployment experience is identical in every edition — the differences are in team/enterprise capabilities (SSO, custom roles, audit logs, whitelabeling), build concurrency, and who operates the control plane.
|
||||
</Callout>
|
||||
|
||||
## Enterprise: Cloud vs Self-Hosted
|
||||
|
||||
There are **two ways to get Enterprise**, and they are not the same thing:
|
||||
|
||||
- **Enterprise Self-Hosted** — you run your own Dokploy instance and activate a [license key](/docs/core/enterprise/license-keys) issued by the Dokploy team. You keep full control of your infrastructure (including air-gapped setups) and unlock SSO, custom roles, audit logs, [Application Authentication](/docs/core/enterprise/sso/application-authentication), **whitelabeling**, and **unlimited concurrent builds** per server.
|
||||
- **Enterprise Cloud** — the Dokploy team manages the control plane for you with a custom plan. You get the same enterprise capabilities (SSO, custom roles, audit logs, Application Authentication) plus managed uptime, automatic updates, and priority support with SLA.
|
||||
|
||||
<Callout type="info">
|
||||
Both Enterprise flavors include **all upcoming Enterprise features**: every new Enterprise capability we release is automatically part of your license or plan, at no extra cost.
|
||||
</Callout>
|
||||
|
||||
Key differences between the two Enterprise flavors:
|
||||
|
||||
| | Enterprise Self-Hosted | Enterprise Cloud |
|
||||
|---|:---:|:---:|
|
||||
| **Activation** | License key on your instance | Cloud subscription |
|
||||
| **Control plane uptime & updates** | Your responsibility | Managed by Dokploy |
|
||||
| **Whitelabeling** | ✅ | ❌ (control plane is shared infrastructure) |
|
||||
| **Concurrent builds** | Unlimited, configured per server | Managed by the platform |
|
||||
| **Air-gapped / private networks** | ✅ | ❌ |
|
||||
| **Advanced monitoring dashboard** | Basic monitoring | ✅ |
|
||||
|
||||
## What's actually different
|
||||
|
||||
The differences come down to three things:
|
||||
|
||||
### 1. Managed uptime
|
||||
|
||||
With **Self-Hosted**, you are responsible for keeping the Dokploy instance running. If your server goes down, restarts, or runs out of disk — you need to fix it yourself.
|
||||
|
||||
With **Cloud**, the Dokploy team manages the uptime of the control plane (the UI, database, and management layer). Your applications still run on your own servers, but the management dashboard is maintained by us.
|
||||
|
||||
### 2. Automatic updates
|
||||
|
||||
With **Self-Hosted**, you update Dokploy manually when new versions are released.
|
||||
|
||||
With **Cloud**, updates are applied automatically — you're always on the latest version without doing anything.
|
||||
|
||||
### 3. Support
|
||||
|
||||
With **Self-Hosted**, support is community-based (Discord, GitHub issues).
|
||||
|
||||
With **Cloud**, you get direct support depending on your plan:
|
||||
|
||||
| Plan | Support level |
|
||||
|------|--------------|
|
||||
| **Hobby** | Community (Discord) |
|
||||
| **Startup** | Email & Chat |
|
||||
| **Enterprise** | Priority support with SLA |
|
||||
|
||||
## Architecture
|
||||
|
||||
Both versions use the same architecture. The only difference is **where** the control plane runs.
|
||||
|
||||
### Self-Hosted
|
||||
|
||||
The Dokploy UI, PostgreSQL, Redis, and your applications all run on the same server(s) that you manage.
|
||||
|
||||
```
|
||||
┌─────────────────────────────────┐
|
||||
│ Your Server (you manage) │
|
||||
│ │
|
||||
│ Dokploy UI + PostgreSQL + Redis│
|
||||
│ Traefik (reverse proxy) │
|
||||
│ ───────────────────────────── │
|
||||
│ Your Apps & Databases │
|
||||
└─────────────────────────────────┘
|
||||
```
|
||||
|
||||
### Cloud
|
||||
|
||||
The control plane runs on Dokploy's infrastructure. Your servers only run your workloads.
|
||||
|
||||
```
|
||||
┌─────────────────┐ ┌──────────────────────┐
|
||||
│ Dokploy Cloud │ SSH │ Your Server(s) │
|
||||
│ (managed by us) │────────►│ Apps + Databases │
|
||||
│ │ │ Traefik │
|
||||
│ UI, DB, Redis │ └──────────────────────┘
|
||||
└─────────────────┘
|
||||
```
|
||||
|
||||
<Callout type="info">
|
||||
Your **applications keep running independently** even if the Cloud control plane is temporarily unavailable. The control plane is only needed for management operations (deploys, config changes, monitoring dashboard, etc.).
|
||||
</Callout>
|
||||
|
||||
## When to choose what
|
||||
|
||||
| Choose Self-Hosted if... | Choose Cloud if... |
|
||||
|--------------------------|-------------------|
|
||||
| You want zero cost | You don't want to maintain Dokploy itself |
|
||||
| You want full control over everything | You want automatic updates |
|
||||
| You prefer air-gapped or private networks | You want managed uptime for the control plane |
|
||||
| You're comfortable managing servers | You want direct support (Startup/Enterprise) |
|
||||
|
||||
## Cloud Plans
|
||||
|
||||
If you choose Dokploy Cloud, there are several plans depending on your needs:
|
||||
|
||||
### Plan comparison
|
||||
|
||||
| | Hobby | Startup | Enterprise | Agency |
|
||||
|---|:---:|:---:|:---:|:---:|
|
||||
| **Price** | $4.50/mo per server | $15/mo (3 servers included) | Custom | Custom |
|
||||
| **Additional servers** | $4.50/mo each | $4.50/mo each | Custom | Custom |
|
||||
| **Organizations** | 1 | 3 | Custom | Custom |
|
||||
| **Users** | 1 | Unlimited | Unlimited | Unlimited |
|
||||
| **Environments** | 2 | Unlimited | Unlimited | Unlimited |
|
||||
| **Backups** | 1 per app/database | Unlimited | Unlimited | Unlimited |
|
||||
| **Scheduled jobs** | 1 | Unlimited | Unlimited | Unlimited |
|
||||
| **RBAC** | Basic (Owner, Admin, Member) | Basic (Admin/Developer roles) | Fine-grained + custom roles | Fine-grained + custom roles |
|
||||
| **2FA** | ❌ | ✅ | ✅ | ✅ |
|
||||
| **SSO / SAML** | ❌ | ❌ | ✅ | ✅ |
|
||||
| **Audit logs** | ❌ | ❌ | ✅ | ✅ |
|
||||
| **White labeling** | ❌ | ❌ | ✅ | ✅ |
|
||||
| **Support** | Community (Discord) | Email & Chat | Priority with SLA | Partner team |
|
||||
|
||||
<Callout type="info">
|
||||
Annual billing saves **20%** on all plans. See the [Pricing](https://dokploy.com/pricing) page for the latest details.
|
||||
</Callout>
|
||||
|
||||
### Which plan do I need?
|
||||
|
||||
- **Hobby** — You're a solo developer deploying personal projects or small client sites on a single server.
|
||||
- **Startup** — You have a team, need multiple environments (production, staging, dev), and want unlimited backups and scheduled jobs.
|
||||
- **Enterprise** — You need SSO/SAML, audit logs, white labeling, custom roles with fine-grained permissions, and priority support with SLA.
|
||||
- **Agency** — You manage infrastructure for multiple clients and need a tailored partnership.
|
||||
@@ -85,6 +85,7 @@ networks:
|
||||
**Important Notes:**
|
||||
|
||||
- If you don't add any domains through the UI and don't use [Isolated Deployments](/docs/core/docker-compose/utilities#isolated-deployments), your application will be deployed exactly as you specified in your original Docker Compose file - no labels or network modifications will be added.
|
||||
- If you're not using [Isolated Deployments](/docs/core/docker-compose/utilities#isolated-deployments), Dokploy will add the `dokploy-network` to the service you selected, however you need to add `dokploy-network` to the other services to maintain connectivity.
|
||||
- The Preview Compose button is useful for verifying how Dokploy will modify your compose file before deployment.
|
||||
- All label generation and network configuration is handled automatically by Dokploy based on your domain settings.
|
||||
|
||||
|
||||
@@ -18,9 +18,32 @@ Dokploy provides two methods for creating Docker Compose configurations:
|
||||
|
||||
Configure the source of your code, the way your application is built, and also manage actions like deploying, updating, and deleting your application, and stopping it.
|
||||
|
||||
### Enviroment
|
||||
### Environment
|
||||
|
||||
A code editor within Dokploy allows you to specify environment variables for your Docker Compose file. By default, Dokploy creates a `.env` file in the specified Docker Compose file path.
|
||||
The code editor in Dokploy allows you to define environment variables for your Docker Compose deployment. By default, Dokploy saves these variables to a `.env` file in the same directory as your `docker-compose.yml`.
|
||||
|
||||
<Callout type="warning">
|
||||
Environment variables set in the UI are written to the `.env` file, but are **not automatically injected into containers**. You have two options:
|
||||
|
||||
**1. Inject all variables** — Use the `env_file` option in your `docker-compose.yml` to load every variable from the `.env` file into the container:
|
||||
|
||||
```yaml
|
||||
services:
|
||||
app:
|
||||
env_file:
|
||||
- .env
|
||||
```
|
||||
|
||||
**2. Use specific variables** — Reference only the variables you need using the standard `${VAR_NAME}` syntax in your `docker-compose.yml`:
|
||||
|
||||
```yaml
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- DATABASE_URL=${DATABASE_URL}
|
||||
- API_KEY=${API_KEY}
|
||||
```
|
||||
</Callout>
|
||||
|
||||
### Monitoring
|
||||
|
||||
@@ -43,6 +66,15 @@ We provide a webhook so that you can trigger your own deployments by pushing to
|
||||
This section provides advanced configuration options for experienced users. It includes tools for custom commands within the container and volumes.
|
||||
|
||||
- **Command**: Dokploy has a defined command to run the Docker Compose file, ensuring complete control through the UI. However, you can append flags or options to the command.
|
||||
|
||||
<Callout type="info" title="Using Private Registries with Docker Stack">
|
||||
If you're deploying with **Docker Stack** (Docker Swarm mode) using **replicas** and a **private registry**, you need to add the `--with-registry-auth` flag to ensure that registry credentials are properly distributed to all nodes in your swarm.
|
||||
|
||||
Without this flag, worker nodes may fail to pull images from private registries, resulting in authentication errors like "no such image" or "docker authentication failed".
|
||||
|
||||
This flag ensures that Docker shares the registry credentials with all swarm nodes during deployment, enabling them to authenticate and pull images from your private registry (GitHub Container Registry, Docker Hub private repos, etc.).
|
||||
</Callout>
|
||||
|
||||
- **Volumes**: To ensure data persistence across deployments, configure storage volumes for your application.
|
||||
|
||||
<ImageZoom
|
||||
|
||||
55
apps/docs/content/docs/core/enterprise/audit-logs.mdx
Normal file
@@ -0,0 +1,55 @@
|
||||
---
|
||||
title: Audit Logs
|
||||
description: Track all actions performed by members in your organization
|
||||
---
|
||||
|
||||
Audit Logs give Enterprise users complete visibility into every action performed within the organization. Every create, update, delete, login, logout, deployment, and configuration change is recorded — giving you a full trail for security, compliance, and debugging.
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-audit-logs.png" alt="Audit Logs with filterable table of all actions" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Overview
|
||||
|
||||
Audit Logs are available in **Settings → Audit Logs**. Each entry captures:
|
||||
|
||||
| Field | Description |
|
||||
| --- | --- |
|
||||
| **Timestamp** | When the action occurred. |
|
||||
| **User** | The email of the user who performed the action. |
|
||||
| **Action** | The type of action — `Created`, `Updated`, `Deleted`, `Deployed`, `Login`, `Logout`. |
|
||||
| **Resource** | The type of resource affected (e.g. `application`, `Custom Role`, `Settings`, `Session`, `Domain`). |
|
||||
| **Name** | The name or identifier of the resource. |
|
||||
| **Role** | The role of the user at the time of the action (e.g. `owner`, `developer`, `member`). |
|
||||
| **Metadata** | Additional context when available. |
|
||||
|
||||
## What is Logged
|
||||
|
||||
Audit Logs track every meaningful action in your organization:
|
||||
|
||||
- **Authentication** — User logins, logouts, and session events.
|
||||
- **User Management** — Creating, updating, or removing users and changing role assignments.
|
||||
- **Custom Roles** — Creating, updating, or deleting custom roles.
|
||||
- **Projects & Services** — Creating, updating, deploying, and deleting applications, databases, and compose stacks.
|
||||
- **Domains** — Adding or removing custom domains.
|
||||
- **Environment Variables** — Changes to service, project, and environment-level variables.
|
||||
- **Settings** — Updates to organization settings, whitelabel configuration, and version updates.
|
||||
- **Infrastructure** — Changes to servers, registries, certificates, SSH keys, and S3 destinations.
|
||||
- **Backups & Schedules** — Creating, updating, or deleting backups, volume backups, and scheduled jobs.
|
||||
- **Notifications** — Changes to notification providers.
|
||||
|
||||
## Filtering
|
||||
|
||||
You can filter audit log entries to quickly find what you're looking for:
|
||||
|
||||
- **By user** — Search for actions performed by a specific user.
|
||||
- **By name** — Search for actions on a specific resource name.
|
||||
- **By action** — Filter by action type (Created, Updated, Deleted, etc.).
|
||||
- **By resource** — Filter by resource type (application, Settings, Custom Role, etc.).
|
||||
|
||||
## Use Cases
|
||||
|
||||
- **Security investigations** — Identify who made a specific change and when.
|
||||
- **Compliance** — Maintain evidence of access control and change management for SOC 2, GDPR, and internal policies.
|
||||
- **Debugging** — Trace deployment failures or configuration issues back to the change that caused them.
|
||||
- **Team visibility** — Understand what actions team members are performing across the organization.
|
||||
|
||||
For questions about audit log retention or integration with external logging systems, [contact us](https://dokploy.com/contact).
|
||||
243
apps/docs/content/docs/core/enterprise/custom-roles.mdx
Normal file
@@ -0,0 +1,243 @@
|
||||
---
|
||||
title: Custom Roles
|
||||
description: Create custom roles with granular permissions for your organization members
|
||||
---
|
||||
|
||||
Custom Roles let Enterprise users go beyond the default **Owner**, **Admin**, and **Member** roles by creating tailored roles with fine-grained permissions. Assign exactly the access each team member needs — no more, no less.
|
||||
|
||||
<ImageZoom src="/assets/images/ui/create-custom-role.png" alt="Create Custom Role modal with permission presets and granular toggles" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Overview
|
||||
|
||||
In the free version, Dokploy provides three built-in roles: **Owner**, **Admin**, and **Member**. Members have a limited, fixed set of permissions. With Enterprise, you can create **custom roles** that combine any of the available permissions below, then assign those roles to users in your organization.
|
||||
|
||||
To manage custom roles, go to **Settings → Custom Roles**.
|
||||
|
||||
## Available Permissions
|
||||
|
||||
Custom roles are built by combining permissions from the following categories:
|
||||
|
||||
### Users
|
||||
|
||||
Manage organization members, invitations, and roles.
|
||||
|
||||
- **Read** — View the list of users and their roles.
|
||||
- **Create** — Invite new members to the organization.
|
||||
- **Update** — Edit user details and role assignments.
|
||||
- **Delete** — Remove members from the organization.
|
||||
|
||||
### Projects
|
||||
|
||||
Manage project creation and deletion.
|
||||
|
||||
- **Create** — Create new projects.
|
||||
- **Delete** — Delete existing projects.
|
||||
|
||||
### Services
|
||||
|
||||
Manage services (applications, databases, compose) within projects.
|
||||
|
||||
- **Create** — Create new services inside projects.
|
||||
- **Read** — View services and their configurations.
|
||||
- **Delete** — Remove services from projects.
|
||||
|
||||
### Environments
|
||||
|
||||
Manage environment creation, viewing, and deletion.
|
||||
|
||||
- **Create** — Create new environments within projects.
|
||||
- **Read** — View environments and their settings.
|
||||
- **Delete** — Remove environments.
|
||||
|
||||
### Docker
|
||||
|
||||
Access to Docker containers, images, and volumes management.
|
||||
|
||||
- **Read** — View Docker containers, images, and volumes.
|
||||
|
||||
### SSH Keys
|
||||
|
||||
Manage SSH key configurations for servers and repositories.
|
||||
|
||||
- **Read** — View existing SSH keys.
|
||||
- **Create** — Add new SSH keys.
|
||||
- **Delete** — Remove SSH keys.
|
||||
|
||||
### Git Providers
|
||||
|
||||
Access to Git providers (GitHub, GitLab, Bitbucket, Gitea).
|
||||
|
||||
- **Read** — View connected Git providers.
|
||||
- **Create** — Connect new Git providers.
|
||||
- **Delete** — Remove Git provider connections.
|
||||
|
||||
### Traefik Files
|
||||
|
||||
Access to the Traefik file system configuration.
|
||||
|
||||
- **Read** — View Traefik configuration files.
|
||||
- **Write** — Edit Traefik configuration files.
|
||||
|
||||
### API / CLI
|
||||
|
||||
Access to API keys and CLI usage.
|
||||
|
||||
- **Read** — View and use API keys and CLI.
|
||||
|
||||
### Volumes
|
||||
|
||||
Manage persistent volumes and mounts attached to services.
|
||||
|
||||
- **Read** — View volumes and their configurations.
|
||||
- **Create** — Create new volumes.
|
||||
- **Delete** — Remove volumes.
|
||||
|
||||
### Deployments
|
||||
|
||||
Trigger, view, and cancel service deployments.
|
||||
|
||||
- **Read** — View deployment history and status.
|
||||
- **Deploy** — Trigger new deployments.
|
||||
- **Cancel** — Cancel running deployments.
|
||||
|
||||
### Service Environment Variables
|
||||
|
||||
View and edit environment variables of services.
|
||||
|
||||
- **Read** — View service environment variables.
|
||||
- **Write** — Edit service environment variables.
|
||||
|
||||
### Project Shared Environment Variables
|
||||
|
||||
View and edit shared environment variables at the project level.
|
||||
|
||||
- **Read** — View project-level shared environment variables.
|
||||
- **Write** — Edit project-level shared environment variables.
|
||||
|
||||
### Environment Shared Environment Variables
|
||||
|
||||
View and edit shared environment variables at the environment level.
|
||||
|
||||
- **Read** — View environment-level shared environment variables.
|
||||
- **Write** — Edit environment-level shared environment variables.
|
||||
|
||||
### Servers
|
||||
|
||||
Manage remote servers and nodes.
|
||||
|
||||
- **Read** — View server details and status.
|
||||
- **Create** — Add new servers.
|
||||
- **Delete** — Remove servers.
|
||||
|
||||
### Registries
|
||||
|
||||
Manage Docker image registries.
|
||||
|
||||
- **Read** — View configured registries.
|
||||
- **Create** — Add new registries.
|
||||
- **Delete** — Remove registries.
|
||||
|
||||
### Certificates
|
||||
|
||||
Manage SSL/TLS certificates.
|
||||
|
||||
- **Read** — View certificates.
|
||||
- **Create** — Add new certificates.
|
||||
- **Delete** — Remove certificates.
|
||||
|
||||
### Backups
|
||||
|
||||
Manage database backups and restores.
|
||||
|
||||
- **Read** — View existing backups.
|
||||
- **Create** — Create new backups.
|
||||
- **Update** — Modify backup configurations.
|
||||
- **Delete** — Remove backups.
|
||||
- **Restore** — Restore from a backup.
|
||||
|
||||
### Volume Backups
|
||||
|
||||
Manage Docker volume backups and restores.
|
||||
|
||||
- **Read** — View volume backups.
|
||||
- **Create** — Create new volume backups.
|
||||
- **Update** — Modify volume backup configurations.
|
||||
- **Delete** — Remove volume backups.
|
||||
- **Restore** — Restore from a volume backup.
|
||||
|
||||
### Schedules
|
||||
|
||||
Manage scheduled jobs (commands, deployments, scripts).
|
||||
|
||||
- **Read** — View scheduled jobs.
|
||||
- **Create** — Create new scheduled jobs.
|
||||
- **Update** — Modify existing scheduled jobs.
|
||||
- **Delete** — Remove scheduled jobs.
|
||||
|
||||
### Domains
|
||||
|
||||
Manage custom domains assigned to services.
|
||||
|
||||
- **Read** — View configured domains.
|
||||
- **Create** — Add new domains.
|
||||
- **Delete** — Remove domains.
|
||||
|
||||
### S3 Destinations
|
||||
|
||||
Manage S3-compatible backup destinations (AWS, Cloudflare R2, etc.).
|
||||
|
||||
- **Read** — View configured S3 destinations.
|
||||
- **Create** — Add new S3 destinations.
|
||||
- **Delete** — Remove S3 destinations.
|
||||
|
||||
### Notifications
|
||||
|
||||
Manage notification providers (Slack, Discord, Telegram, etc.).
|
||||
|
||||
- **Read** — View notification providers.
|
||||
- **Create** — Add new notification providers.
|
||||
- **Update** — Modify notification configurations.
|
||||
- **Delete** — Remove notification providers.
|
||||
|
||||
### Logs
|
||||
|
||||
View service and deployment logs.
|
||||
|
||||
- **Read** — View logs.
|
||||
|
||||
### Monitoring
|
||||
|
||||
View server and service metrics (CPU, RAM, disk).
|
||||
|
||||
- **Read** — View monitoring metrics.
|
||||
|
||||
### Audit Logs
|
||||
|
||||
View the audit log of actions performed in the organization.
|
||||
|
||||
- **Read** — View audit log entries.
|
||||
|
||||
## Creating a Custom Role
|
||||
|
||||
1. Go to **Settings → Custom Roles**.
|
||||
2. Click **Create Role**.
|
||||
3. Enter a name for the role (e.g. `developer`, `viewer`, `deployer`).
|
||||
4. Select the permissions you want to assign to this role.
|
||||
5. Click **Save**.
|
||||
|
||||
## Assigning a Custom Role
|
||||
|
||||
1. Go to **Settings → Users**.
|
||||
2. Select the user you want to update.
|
||||
3. Change their role to the custom role you created.
|
||||
4. Click **Save**.
|
||||
|
||||
The user will immediately have access based on the permissions defined in their new role.
|
||||
|
||||
## Best Practices
|
||||
|
||||
- **Principle of least privilege** — Give each role only the permissions it needs. A developer who only deploys doesn't need access to manage users or certificates.
|
||||
- **Name roles clearly** — Use descriptive names like `deployer`, `viewer`, or `project-admin` so it's easy to understand what each role can do.
|
||||
- **Review roles regularly** — As your team and workflows evolve, revisit custom roles to ensure they still match your needs.
|
||||
|
||||
For help configuring custom roles, [contact us](https://dokploy.com/contact).
|
||||
34
apps/docs/content/docs/core/enterprise/index.mdx
Normal file
@@ -0,0 +1,34 @@
|
||||
---
|
||||
title: Introduction
|
||||
description: Enterprise features for SSO, application authentication, custom roles, audit logs, whitelabeling, and unlimited concurrent builds
|
||||
---
|
||||
|
||||
|
||||
## Two ways to get Enterprise
|
||||
|
||||
Enterprise comes in two flavors:
|
||||
|
||||
- **Enterprise Self-Hosted** — activate a [license key](/docs/core/enterprise/license-keys) on your own instance. Includes whitelabeling and unlimited [concurrent builds](/docs/core/concurrent-builds), and works in air-gapped environments.
|
||||
- **Enterprise Cloud** — a custom Dokploy Cloud plan with the control plane managed by us, automatic updates, and priority support with SLA.
|
||||
|
||||
Both include SSO, custom roles, audit logs, and Application Authentication. See the full [edition comparison](/docs/core/differences#editions-at-a-glance) for the differences.
|
||||
|
||||
## What's included
|
||||
|
||||
- **Single Sign-On (SSO)** — Integrate with Auth0, Keycloak, or other OIDC/SAML providers. [Read more →](/docs/core/enterprise/sso)
|
||||
- **Application Authentication (Forward Auth)** — Put an SSO login gate in front of your deployed applications, powered by oauth2-proxy and Traefik. [Read more →](/docs/core/enterprise/sso/application-authentication)
|
||||
- **Custom Roles** — Create custom roles with granular permissions beyond the default Owner, Admin, and Member roles. [Read more →](/docs/core/enterprise/custom-roles)
|
||||
- **Audit Logs** — Track every action performed by members in your organization for security and compliance. [Read more →](/docs/core/enterprise/audit-logs)
|
||||
- **Whitelabeling** — Rebrand the UI with your logo, colors, and domain (self-hosted only). [Read more →](/docs/core/enterprise/whitelabeling)
|
||||
- **Unlimited Concurrent Builds** — Remove the OSS limit of 2 concurrent builds per server and set any concurrency you need (self-hosted only). [Read more →](/docs/core/concurrent-builds)
|
||||
- **All upcoming Enterprise features** — every new Enterprise feature we ship is automatically included in your license or plan, at no extra cost.
|
||||
|
||||
More Enterprise features are on the way. [Contact us](https://dokploy.com/contact) if you want early access or have specific requirements.
|
||||
|
||||
## Contact us
|
||||
|
||||
For pricing and to enable Enterprise features on your instance, get in touch with our team:
|
||||
|
||||
**[Contact us →](https://dokploy.com/contact)**
|
||||
|
||||
We'll help you configure SSO, whitelabeling, custom roles, and audit logs for your organization.
|
||||
25
apps/docs/content/docs/core/enterprise/license-keys.mdx
Normal file
@@ -0,0 +1,25 @@
|
||||
---
|
||||
title: License Keys
|
||||
description: Activate and manage your Enterprise license
|
||||
---
|
||||
|
||||
To use Enterprise features (SSO, whitelabeling, audit logs, and more), you need a valid license issued by the Dokploy team.
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-license.png" alt="License settings" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
By default, all Dokploy instances run in the standard edition. If you are interested in switching to the Enterprise version, [contact us](https://dokploy.com/contact). Once you receive your license key, you can activate it in your instance.
|
||||
|
||||
## Activating your license
|
||||
|
||||
1. Go to **Settings** → **License** (or **Organization** → **License** in Enterprise).
|
||||
2. Enter your license key and click **Activate**.
|
||||
|
||||
Your instance will then have access to Enterprise features for the duration of the license.
|
||||
|
||||
## How validation works
|
||||
|
||||
- The license is validated **every day** against our servers to verify that it is still valid.
|
||||
- The **only data** used for validation is the **IP address** of your server. We check it against our license server to confirm that the key is valid and active for that server.
|
||||
- No other data is sent or stored for license validation.
|
||||
|
||||
If your server’s IP changes, or you have questions about your license, [contact us](https://dokploy.com/contact).
|
||||
@@ -0,0 +1,67 @@
|
||||
---
|
||||
title: Application Authentication (Forward Auth)
|
||||
description: Protect deployed applications behind an SSO login gate, powered by oauth2-proxy and Traefik forward-auth
|
||||
---
|
||||
|
||||
import { Callout } from "fumadocs-ui/components/callout";
|
||||
|
||||
Application Authentication puts a Single Sign-On login gate in front of your deployed applications. Once enabled on a domain, visitors must authenticate with your identity provider before Traefik forwards their request to your app.
|
||||
|
||||
<ImageZoom src="/assets/images/ui/application-authentication.png" alt="Application Authentication configuration under Settings > SSO" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
<Callout type="info">
|
||||
This is an **Enterprise** feature and requires a valid enterprise license, plus an OIDC identity provider already configured under [Settings → SSO](/docs/core/enterprise/sso).
|
||||
</Callout>
|
||||
|
||||
## How It Works
|
||||
|
||||
Application Authentication is built on top of [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/) and Traefik's `forwardAuth` middleware:
|
||||
|
||||
1. Dokploy deploys a dedicated `dokploy-forward-auth` service (oauth2-proxy) on a server, configured with one of your OIDC providers.
|
||||
2. A shared **auth domain** (e.g. `auth.acme.com`) is registered in Traefik, pointing to that oauth2-proxy instance.
|
||||
3. On any application domain where you enable SSO protection, Dokploy adds a `forwardAuth` middleware to that domain's Traefik router, pointing at the auth domain.
|
||||
4. When a visitor requests the protected app, Traefik first checks with oauth2-proxy. If they're not authenticated, they are redirected to log in via your identity provider on the shared auth domain, then redirected back to the app once authenticated.
|
||||
|
||||
This is deployed **per server**: one oauth2-proxy instance handles authentication for every protected application domain on that server. Individual applications "opt in" by enabling the toggle on their domain.
|
||||
|
||||
<Callout type="warn">
|
||||
Any user who can successfully authenticate against the configured identity provider is granted access. There is currently no allow-list by email, domain, or group — access control should be enforced on the identity provider side (e.g. restrict who can sign in to the OIDC application you registered).
|
||||
</Callout>
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- A valid **Enterprise license**.
|
||||
- An **OIDC provider** already registered under [Settings → SSO](/docs/core/enterprise/sso). SAML providers are not supported for this feature — only OIDC.
|
||||
- A domain you control to use as the shared **auth domain** (e.g. `auth.acme.com`), pointed via DNS to the target server.
|
||||
- The auth domain must share the **same base domain** as any application domain you want to protect (e.g. `auth.acme.com` can protect `app.acme.com`, but not `app.other.com`), since the authentication cookie is scoped to that shared base domain.
|
||||
|
||||
## Setting Up the Authentication Proxy
|
||||
|
||||
1. Go to **Dashboard → Settings → SSO**.
|
||||
2. Under **Application Authentication**, find the server you want to protect applications on (this can be a remote server or, if self-hosted, the local Dokploy server).
|
||||
3. Set the **auth domain** (e.g. `auth.acme.com`) and choose your TLS/certificate settings (Let's Encrypt, custom resolver, or none).
|
||||
4. Click **Deploy** and select which OIDC provider to use for this server.
|
||||
5. Once deployed, Dokploy shows a **callback URL** — register it with your identity provider if it isn't already covered by your OIDC application configuration.
|
||||
|
||||
<Callout type="info">
|
||||
Only one auth domain and one OIDC provider can be configured per server. To use different providers for different applications, deploy them on different servers.
|
||||
</Callout>
|
||||
|
||||
## Protecting an Application Domain
|
||||
|
||||
Once the authentication proxy is running on a server:
|
||||
|
||||
1. Go to your **Application → Domains** tab.
|
||||
2. Click the shield icon next to the domain you want to protect.
|
||||
3. Toggle **Protect this domain with SSO**.
|
||||
|
||||
The domain's Traefik configuration is updated immediately to require authentication. You can enable or disable protection independently for each domain, an application with multiple domains can have SSO enabled on some and not others.
|
||||
|
||||
<Callout type="warn">
|
||||
Application Authentication is currently only supported on **application domains**. Docker Compose service domains are not supported.
|
||||
</Callout>
|
||||
|
||||
## Removing Protection
|
||||
|
||||
- To stop protecting a single domain, toggle it off from the same **Domains** tab.
|
||||
- To tear down the authentication proxy for an entire server, go back to **Settings → SSO → Application Authentication** and click **Remove** for that server. This removes the `dokploy-forward-auth` service, applications on that server will no longer be able to enable SSO protection until it's redeployed.
|
||||
107
apps/docs/content/docs/core/enterprise/sso/auth0.mdx
Normal file
@@ -0,0 +1,107 @@
|
||||
---
|
||||
title: Auth0
|
||||
description: Configure SSO with Auth0 (OIDC or SAML)
|
||||
---
|
||||
|
||||
<Tabs items={['SSO (OIDC)', 'SAML']}>
|
||||
<Tab value="SSO (OIDC)">
|
||||
|
||||
## 1. Create an application in Auth0
|
||||
|
||||
1. Log in to the [Auth0 Dashboard](https://manage.auth0.com/).
|
||||
2. Go to **Applications** → **Applications** → **Create Application**.
|
||||
3. Choose **Regular Web Application** and create it.
|
||||
4. Note your **Domain**, **Client ID**, and **Client Secret**.
|
||||
|
||||
## 2. Configure Dokploy
|
||||
|
||||
1. In Dokploy, go to **Settings** (or **Organization** / **Security** in Enterprise).
|
||||
2. Enable **SSO** and choose **OpenID Connect**.
|
||||
3. Enter:
|
||||
- **Provider**: myorg-name-auth0 (Unique)
|
||||
- **Issuer URL**: `https://YOUR_AUTH0_DOMAIN/` (Make sure add the trailing slash)
|
||||
- **Domain**: the domain users use to authenticate via Auth0 (e.g. your organization domain like `acme.com`), not the Dokploy instance URL
|
||||
- **Client ID**: from Auth0 application
|
||||
- **Client Secret**: from Auth0 application
|
||||
- **Scopes**: openid email profile
|
||||
4. Save.
|
||||
|
||||
## 3. Configure Auth0
|
||||
|
||||
1. In your application, go to **Settings**.
|
||||
2. Set **Allowed Callback URLs** to your Dokploy URL, for example:
|
||||
- `https://your-dokploy-domain.com/api/auth/callback/myorg-name-auth0`
|
||||
3. Set **Allowed Logout URLs** to:
|
||||
- `https://your-dokploy-domain.com`
|
||||
4. Set **Allowed Origins** to:
|
||||
- `https://your-dokploy-domain.com`
|
||||
5. Save changes.
|
||||
|
||||
## Troubleshooting (OIDC)
|
||||
|
||||
- **Redirect URI mismatch** — Ensure the callback URL in Dokploy matches exactly what is configured in Auth0 (including protocol and path).
|
||||
- **Invalid client** — Double-check Client ID and Client Secret, and that the application is a web application.
|
||||
- **Scopes** — Ensure Auth0 is configured to return `openid` and, if required, `email` and `profile`.
|
||||
|
||||
</Tab>
|
||||
<Tab value="SAML">
|
||||
|
||||
## 1. Create a SAML application in Auth0
|
||||
|
||||
1. Log in to the [Auth0 Dashboard](https://manage.auth0.com/).
|
||||
2. Go to **Applications** → **Applications** → **Create Application**.
|
||||
3. Choose **Regular Web Application** and create it.
|
||||
4. In the application, go to **Add Ons** → enable **SAML 2 Web App** and configure it, in the settings specify this callback URL: `https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml`.
|
||||
5. Next & Save.
|
||||
|
||||
## 2. Configure Dokploy
|
||||
|
||||
1. In Dokploy, go to **Settings** (or **Organization** / **Security** in Enterprise).
|
||||
2. Enable **SSO** and choose **SAML**.
|
||||
3. Enter:
|
||||
- **Provider**: myorg-name-auth0-saml (unique name for this provider)
|
||||
- **Issuer URL**: the Auth0 SAML Entity ID / Issuer located in `Add Ons` tab called `SAML 2 Web App` called `Entity ID` (e.g. `urn:auth0:your-tenant:your-app`)
|
||||
- **SSO URL**: the Auth0 SAML Single Sign-On URL located in `Add Ons` tab called `SAML 2 Web App` called `Single Sign-On URL` (e.g. `https://dev-ladsadb.us.auth0.com/samlp/wgJe9bWmwhVnuAC7eNtyUsiou4b6wxuf`)
|
||||
- **Certificate**: download the certificate active (x509) from the `Add Ons` tab called `SAML 2 Web App` called `Identity Provider Certificate` and paste it in the `Certificate` field.
|
||||
- **Federation Metadata XML**: copy the Identity Provider Metadata XML from the certificate active and paste it in the `Metadata XML` field.
|
||||
- **Domain**: the domain users use to authenticate via Auth0 (e.g. your organization domain like `acme.com`), not the Dokploy instance URL
|
||||
4. Save.
|
||||
|
||||
## 3. Configure Auth0 (SAML)
|
||||
|
||||
1. In your Auth0 SAML application, set the **Application Callback URL** (ACS URL) to your Dokploy SAML ACS URL, for example:
|
||||
- `https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml`
|
||||
2. In the **SAML 2 Web App** add-on, open **Settings** and paste the following JSON in the **Settings** (Application Settings) field. Replace `https://your-dokploy-domain.com` with your Dokploy base URL and `myorg-name-auth0-saml` with the **exact same provider name** you entered in Dokploy in step 2 (the callback URL path must match), so Dokploy can read email, display name, and other attributes:
|
||||
|
||||
```json
|
||||
{
|
||||
"audience": "https://your-dokploy-domain.com/saml/metadata",
|
||||
"recipient": "https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml",
|
||||
"destination": "https://your-dokploy-domain.com/api/auth/sso/saml2/callback/myorg-name-auth0-saml",
|
||||
"signResponse": true,
|
||||
"signAssertion": true,
|
||||
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
||||
"nameIdentifierProbes": [
|
||||
"email"
|
||||
],
|
||||
"mappings": {
|
||||
"email": "email",
|
||||
"displayName": "name",
|
||||
"givenName": "given_name",
|
||||
"surname": "family_name"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
4. Save.
|
||||
|
||||
## Troubleshooting (SAML)
|
||||
|
||||
- **ACS URL mismatch** — Ensure the callback/ACS URL in Auth0 matches exactly what Dokploy provides (including protocol and path).
|
||||
- **Certificate** — Use the full x509 certificate from Auth0 (PEM format); ensure no extra spaces or line breaks.
|
||||
- **Entity ID** — The Entity ID in Dokploy must match the Issuer/Entity ID configured in Auth0.
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
For help with your setup, [contact us](https://dokploy.com/contact).
|
||||
88
apps/docs/content/docs/core/enterprise/sso/azure.mdx
Normal file
@@ -0,0 +1,88 @@
|
||||
---
|
||||
title: Azure AD (Microsoft Entra ID)
|
||||
description: Configure SSO with Azure AD / Microsoft Entra ID (OIDC or SAML)
|
||||
---
|
||||
|
||||
<Tabs items={['SSO (OIDC)', 'SAML']}>
|
||||
<Tab value="SSO (OIDC)">
|
||||
|
||||
## 1. Register an application in Azure
|
||||
|
||||
1. Log in to the [Azure Portal](https://portal.azure.com/).
|
||||
2. Go to **Microsoft Entra ID** (or **Azure Active Directory**) → **App registrations** → **New registration**.
|
||||
3. Enter a **Name** (e.g. Dokploy), choose supported account types, and set **Redirect URI** to **Web** with a placeholder for now (e.g. `https://your-dokploy-domain.com/api/auth/callback/myorg-name-azure`).
|
||||
4. Register and note the **Application (client) ID** and **Directory (tenant) ID**.
|
||||
5. Go to **Certificates & secrets** → **New client secret**, create a secret and note its **Value** (you won’t see it again).
|
||||
6. The **Issuer URL** for OpenID Connect is: `https://login.microsoftonline.com/{tenant-id}/v2.0` (replace `{tenant-id}` with your Directory (tenant) ID). Some setups expect a trailing slash.
|
||||
|
||||
## 2. Configure Dokploy
|
||||
|
||||
1. In Dokploy, go to **Settings** (or **Organization** / **Security** in Enterprise).
|
||||
2. Enable **SSO** and choose **OpenID Connect**.
|
||||
3. Enter:
|
||||
- **Provider**: myorg-name-azure (unique name for this provider)
|
||||
- **Issuer URL**: `https://login.microsoftonline.com/YOUR_TENANT_ID/v2.0` (use your Directory (tenant) ID; add a trailing slash if required for discovery)
|
||||
- **Domain**: the domain users use to authenticate via Azure AD (e.g. your organization domain like `acme.com`), not the Dokploy instance URL
|
||||
- **Client ID**: the Application (client) ID from Azure
|
||||
- **Client Secret**: the client secret value from Certificates & secrets
|
||||
- **Scopes**: openid email profile
|
||||
4. Save.
|
||||
|
||||
## 3. Configure Azure
|
||||
|
||||
1. In your app registration, go to **Authentication**.
|
||||
2. Under **Web** → **Redirect URIs**, add:
|
||||
- `https://your-dokploy-domain.com/api/auth/callback/myorg-name-azure`
|
||||
3. Under **Front-channel logout URL** (optional), you can set:
|
||||
- `https://your-dokploy-domain.com`
|
||||
4. Go to **Token Configuration** and add optional claim, select **email**, **preferred_username** and **upn** from the list of claims.
|
||||
5. Save.
|
||||
|
||||
## Troubleshooting (OIDC)
|
||||
|
||||
- **Redirect URI mismatch** — Ensure the callback URL in Dokploy matches exactly what is configured in Azure (including protocol and path). Use the same **Provider** value in the path (e.g. `.../api/auth/callback/myorg-name-azure`).
|
||||
- **Invalid client** — Double-check Application (client) ID and client secret. Confirm the secret has not expired under **Certificates & secrets**.
|
||||
- **Tenant** — Use the correct Directory (tenant) ID in the Issuer URL. For multi-tenant apps, you may use `common` instead of the tenant ID (e.g. `https://login.microsoftonline.com/common/v2.0`).
|
||||
- **Scopes** — Ensure the app registration has the right API permissions (e.g. **OpenID permissions**, **User.Read**) if required for `openid`, `email`, and `profile`.
|
||||
|
||||
</Tab>
|
||||
<Tab value="SAML">
|
||||
|
||||
## 1. Create an Enterprise Application (SAML) in Azure
|
||||
|
||||
1. Log in to the [Azure Portal](https://portal.azure.com/).
|
||||
2. Go to **Microsoft Entra ID** → **Enterprise applications** → **New application** → **Create your own application** (or **Non-gallery application**).
|
||||
3. Enter a **Name** (e.g. Dokploy) and create.
|
||||
4. Go to **Single sign-on** → **SAML**.
|
||||
5. Note the **Identifier (Entity ID)** and **Login URL** (SSO URL). Under **SAML Certificates**, download or copy the **Certificate (Base64)** (x509) and download the **Federation Metadata XML** file.
|
||||
|
||||
## 2. Configure Dokploy
|
||||
|
||||
1. In Dokploy, go to **Settings** (or **Organization** / **Security** in Enterprise).
|
||||
2. Enable **SSO** and choose **SAML**.
|
||||
3. Enter:
|
||||
- **Provider**: myorg-name-azure-saml (unique name for this provider)
|
||||
- **Issuer URL**: the Azure SAML Entity ID (Identifier) from the Enterprise application (eg. `https://sts.windows.net/YOUR_TENANT_ID/`).
|
||||
- **SSO URL**: the Azure Login URL (Single Sign-On URL) (eg. `https://login.microsoftonline.com/YOUR_TENANT_ID/saml2`)
|
||||
- **Certificate**: the IdP signing certificate (x509 Base64) from Azure
|
||||
- **Federation Metadata XML**: the Federation Metadata XML file from Azure
|
||||
- **Domain**: the domain users use to authenticate via Azure AD (e.g. your organization domain like `acme.com`), not the Dokploy instance URL
|
||||
4. Save.
|
||||
|
||||
## 3. Configure Azure (SAML)
|
||||
|
||||
1. In your Enterprise application, go to **Single sign-on** → **SAML**.
|
||||
2. Under **Basic SAML Configuration**, set **Identifier (Entity ID)** if required (SP Entity ID from Dokploy) (eg. `https://your-dokploy-instance.com`).
|
||||
3. Set **Reply URL (Assertion Consumer Service URL)** to your Dokploy SAML ACS URL (eg. `https://your-dokploy-instance.com/api/auth/sso/saml2/callback/myorg-name-azure-saml`).
|
||||
3. Save.
|
||||
|
||||
## Troubleshooting (SAML)
|
||||
|
||||
- **ACS URL mismatch** — Ensure the Reply URL (ACS) in Azure matches exactly what Dokploy provides (including protocol and path).
|
||||
- **Certificate** — Use the Certificate (Base64) from Azure; paste as-is or convert to PEM if Dokploy expects PEM.
|
||||
- **Entity ID** — The Entity ID in Dokploy must match the Identifier (Entity ID) of the Azure Enterprise application.
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
For help with your setup, [contact us](https://dokploy.com/contact).
|
||||
26
apps/docs/content/docs/core/enterprise/sso/index.mdx
Normal file
@@ -0,0 +1,26 @@
|
||||
---
|
||||
title: Single Sign-On (SSO)
|
||||
description: Configure SSO with Auth0, Keycloak, or other OIDC/SAML providers
|
||||
---
|
||||
|
||||
Enterprise supports Single Sign-On via OpenID Connect (OIDC) and SAML. You can use Auth0, Keycloak, or any compatible identity provider.
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-sso.png" alt="SSO providers in Settings" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
<ImageZoom src="/assets/images/ui/sso-add-oidc-provider.png" alt="Add OIDC provider modal" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
Choose a provider below for step-by-step configuration:
|
||||
|
||||
- **[Auth0](/docs/core/enterprise/sso/auth0)** — Cloud identity platform
|
||||
- **[Azure AD (Microsoft Entra ID)](/docs/core/enterprise/sso/azure)** — Microsoft's cloud identity platform
|
||||
- **[Okta](/docs/core/enterprise/sso/okta)** — Cloud identity platform
|
||||
- **[Keycloak](/docs/core/enterprise/sso/keycloak)** — Open-source identity and access management
|
||||
- **[Zitadel](/docs/core/enterprise/sso/zitadel)** — Open-source identity and access management
|
||||
|
||||
You can also use any other OIDC/SAML provider by configuring the endpoints and flow manually.
|
||||
|
||||
For other OIDC/SAML providers, use the same endpoints and flow; [contact us](https://dokploy.com/contact) if you need help.
|
||||
|
||||
## Application Authentication
|
||||
|
||||
Once you have an OIDC provider configured, you can also use it to protect your **deployed applications** behind an SSO login gate, see [Application Authentication](/docs/core/enterprise/sso/application-authentication).
|
||||
48
apps/docs/content/docs/core/enterprise/sso/keycloak.mdx
Normal file
@@ -0,0 +1,48 @@
|
||||
---
|
||||
title: Keycloak
|
||||
description: Configure SSO with Keycloak
|
||||
---
|
||||
|
||||
## 1. Create a client in Keycloak
|
||||
|
||||
1. Log in to your Keycloak Admin Console.
|
||||
2. Select your realm (or create one).
|
||||
3. Go to **Clients** → **Create client**.
|
||||
4. Set **Client ID** (e.g. `my-client-id`) and **Client type** to **OpenID Connect**.
|
||||
5. Set **Root URL** to your Dokploy base URL, e.g. `https://your-dokploy-domain.com`.
|
||||
6. Save.
|
||||
7. Open the client, set **Access type** to **confidential**, then open the **Credentials** tab and note the **Secret**.
|
||||
8. From **Realm settings** → **OpenID Endpoint Configuration**, note the **Issuer** (e.g. `https://keycloak.example.com/realms/your-realm`).
|
||||
|
||||
## 2. Configure Dokploy
|
||||
|
||||
1. In Dokploy, go to **Settings** (or **Organization** / **Security** in Enterprise).
|
||||
2. Enable **SSO** and choose **OpenID Connect**.
|
||||
3. Enter:
|
||||
- **Provider**: my-client-id (Unique)
|
||||
- **Issuer URL**: your Keycloak realm URL (e.g. `https://keycloak.example.com/realms/your-realm`)
|
||||
- **Domain**: the domain users use to authenticate via Keycloak (e.g. your organization domain like `acme.com`), not the Dokploy instance URL
|
||||
- **Client ID**: my-client-id
|
||||
- **Client Secret**: the secret from the Keycloak client Credentials tab
|
||||
- **Scopes**: openid email profile
|
||||
4. Save.
|
||||
|
||||
## 3. Configure Keycloak
|
||||
|
||||
1. In your Keycloak client, go to **Settings**.
|
||||
2. Set **Valid redirect URIs** to your Dokploy callback URL, for example:
|
||||
- `https://your-dokploy-domain.com/api/auth/callback/my-client-id`
|
||||
3. Set **Valid post logout redirect URIs** to:
|
||||
- `https://your-dokploy-domain.com`
|
||||
4. Set **Allowed Origins** to:
|
||||
- `https://your-dokploy-domain.com`
|
||||
5. Save changes.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
- **Redirect URI mismatch** — Ensure the callback URL in Dokploy matches exactly what is configured in Keycloak (including protocol and path). Use the same **Provider** value in the path (e.g. `.../api/auth/callback/myorg-name-keycloak`).
|
||||
- **Invalid client** — Double-check Client ID and Client Secret, and that the client is enabled and set to confidential access.
|
||||
- **Scopes** — Ensure the client is configured to request `openid` and, if required, `email` and `profile`.
|
||||
- **Attribute mapping** — If user email or name is missing, map Keycloak attributes (e.g. email, preferred_username) in Dokploy if your setup supports it.
|
||||
|
||||
For help with your setup, [contact us](https://dokploy.com/contact).
|
||||
11
apps/docs/content/docs/core/enterprise/sso/meta.json
Normal file
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"title": "SSO",
|
||||
"pages": [
|
||||
"auth0",
|
||||
"azure",
|
||||
"keycloak",
|
||||
"okta",
|
||||
"zitadel",
|
||||
"application-authentication"
|
||||
]
|
||||
}
|
||||
80
apps/docs/content/docs/core/enterprise/sso/okta.mdx
Normal file
@@ -0,0 +1,80 @@
|
||||
---
|
||||
title: Okta
|
||||
description: Configure SSO with Okta (OIDC or SAML)
|
||||
---
|
||||
|
||||
<Tabs items={['SSO (OIDC)', 'SAML']}>
|
||||
<Tab value="SSO (OIDC)">
|
||||
|
||||
## 1. Create an application in Okta
|
||||
|
||||
1. Log in to the [Okta Admin Console](https://login.okta.com/) (or your Okta domain).
|
||||
2. Go to **Applications** → **Applications** → **Create App Integration**.
|
||||
3. Choose **OIDC - OpenID Connect** and **Web Application**, then create it.
|
||||
4. Note your **Client ID** and **Client Secret** (under **General** or **Client credentials**).
|
||||
5. Note your Okta **domain** (e.g. `https://your-domain.okta.com`) and, if using a custom authorization server, its **issuer** (e.g. `https://your-domain.okta.com/oauth2/default`) or go to **Security** → **API** → **Authorization Servers** and note the **Issuer** (e.g. `https://your-domain.okta.com`).
|
||||
|
||||
## 2. Configure Dokploy
|
||||
|
||||
1. In Dokploy, go to **Settings** (or **Organization** / **Security** in Enterprise).
|
||||
2. Enable **SSO** and choose **OpenID Connect**.
|
||||
3. Enter:
|
||||
- **Provider**: myorg-name-okta (unique name for this provider)
|
||||
- **Issuer URL**: your Okta issuer URL (e.g. `https://your-domain.okta.com`)
|
||||
- **Domain**: the domain users use to authenticate via Okta (e.g. your organization domain like `acme.com`), not the Dokploy instance URL
|
||||
- **Client ID**: from the Okta application
|
||||
- **Client Secret**: from the Okta application
|
||||
- **Scopes**: openid email profile
|
||||
4. Save.
|
||||
|
||||
## 3. Configure Okta
|
||||
|
||||
1. In your Okta application, go to **General** (or **Sign-in** / **Assignments** as needed).
|
||||
2. Set **Sign-in redirect URIs** to your Dokploy callback URL, for example:
|
||||
- `https://your-dokploy-domain.com/api/auth/callback/myorg-name-okta`
|
||||
3. Set **Sign-out redirect URIs** (optional) to:
|
||||
- `https://your-dokploy-domain.com`
|
||||
4. Under **Trusted Origins**, add your Dokploy URL as an origin (e.g. `https://your-dokploy-domain.com`) if required for CORS.
|
||||
5. Save.
|
||||
|
||||
## Troubleshooting (OIDC)
|
||||
|
||||
- **Redirect URI mismatch** — Ensure the callback URL in Dokploy matches exactly what is configured in Okta (including protocol and path). Use the same **Provider** value in the path (e.g. `.../api/auth/callback/myorg-name-okta`).
|
||||
- **Invalid client** — Double-check Client ID and Client Secret, and that the application is a Web Application with the correct grant types (e.g. Authorization Code).
|
||||
- **Issuer URL** — Use the full issuer URL for your authorization server (e.g. `https://your-domain.okta.com`).
|
||||
- **Scopes** — Ensure the Okta authorization server is configured to allow `openid`, and if needed `email` and `profile`.
|
||||
|
||||
</Tab>
|
||||
<Tab value="SAML">
|
||||
|
||||
## 1. Create a SAML application in Okta
|
||||
|
||||
1. Log in to the [Okta Admin Console](https://login.okta.com/) (or your Okta domain).
|
||||
2. Go to **Applications** → **Applications** → **Create App Integration**.
|
||||
3. Choose **SAML 2.0** and create it.
|
||||
4. Enter an **App name** (e.g. Dokploy). Under **Configure SAML**, in the Single sign-on URL field, set the SAML ACS URL (eg. `https://your-dokploy-instance.com/api/auth/sso/saml2/callback/myorg-name-okta-saml`) and in the Audience URI (SP Entity ID) field, set the SP Entity ID (eg. `https://your-dokploy-instance.com`).
|
||||
5. Next & Save.
|
||||
|
||||
## 2. Configure Dokploy
|
||||
|
||||
1. In Dokploy, go to **Settings** (or **Organization** / **Security** in Enterprise).
|
||||
2. Enable **SSO** and choose **SAML**.
|
||||
3. Enter:
|
||||
- **Provider**: myorg-name-okta-saml (unique name for this provider)
|
||||
- **Issuer URL**: the Okta Identity Provider issuer (Entity ID) located in `Sign On` tab called `Issuer` (eg. `http://www.okta.com/exkzq3acyuEtIuNrW697`)
|
||||
- **SSO URL**: the Okta Identity Provider single sign-on URL located in `Sign On` tab called `Single sign-on URL` (eg. `https://trial-2804699.okta.com/app/trial-2802699_something/exkzqi3cyuEtIuNrW697/sso/saml`)
|
||||
- **Certificate**: go to `Signing Certificate` tab and download the certificate active (x509) and paste it in the `Certificate` field.
|
||||
- **Federation Metadata XML**: copy the idp metadata XML from the certificate active and paste it in the `Metadata XML` field.
|
||||
- **Domain**: the domain users use to authenticate via Okta (e.g. your organization domain like `acme.com`), not the Dokploy instance URL
|
||||
4. Save.
|
||||
|
||||
## Troubleshooting (SAML)
|
||||
|
||||
- **ACS URL mismatch** — Ensure the Single sign-on URL (ACS) in Okta matches exactly what Dokploy provides (including protocol and path).
|
||||
- **Certificate** — Use the x509 certificate from Okta’s IdP metadata (PEM or Base64); ensure it is the one used to sign assertions.
|
||||
- **Entity ID** — The Entity ID in Dokploy must match the Identity Provider issuer in Okta.
|
||||
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
For help with your setup, [contact us](https://dokploy.com/contact).
|
||||
61
apps/docs/content/docs/core/enterprise/sso/zitadel.mdx
Normal file
@@ -0,0 +1,61 @@
|
||||
---
|
||||
title: Zitadel
|
||||
description: Configure SSO with Zitadel
|
||||
---
|
||||
|
||||
## 1. Create an application in Zitadel
|
||||
|
||||
1. Log in to your Zitadel instance and open your **Project**.
|
||||
2. Go to **Applications** → **New Application**.
|
||||
3. Give it a name (e.g. `dokploy`) and click **Next**.
|
||||
4. Select **Web** as the application type and click **Next**.
|
||||
5. Choose **CODE** as the authentication method (Authorization Code with `client_secret_basic`).
|
||||
6. Add the following **Redirect URI**:
|
||||
- `https://your-dokploy-domain.com/api/auth/sso/callback/{providerId}`
|
||||
Replace `{providerId}` with the unique identifier you will use in Dokploy (e.g. `zitadel`).
|
||||
7. Add the **Post Logout URI**:
|
||||
- `https://your-dokploy-domain.com`
|
||||
8. Click **Create**.
|
||||
9. Copy the **Client ID** and generate + copy the **Client Secret** before closing the dialog.
|
||||
|
||||
## 2. Get your Issuer URL
|
||||
|
||||
Your Zitadel issuer URL is the base domain of your instance, for example:
|
||||
|
||||
- Cloud: `https://your-instance.zitadel.cloud`
|
||||
- Self-hosted: `https://zitadel.yourdomain.com`
|
||||
|
||||
Dokploy will automatically fetch the OpenID Connect discovery document from `{issuer}/.well-known/openid-configuration`.
|
||||
|
||||
## 3. Configure Dokploy
|
||||
|
||||
1. In Dokploy, go to **Settings** → **SSO** → **Register OIDC Provider**.
|
||||
2. Enter:
|
||||
- **Provider ID**: `zitadel` (must match the `{providerId}` used in the Redirect URI above)
|
||||
- **Issuer URL**: your Zitadel base URL (e.g. `https://your-instance.zitadel.cloud`)
|
||||
- **Domains**: email domain(s) of your users (e.g. `acme.com`)
|
||||
- **Client ID**: the Client ID from Zitadel
|
||||
- **Client Secret**: the Client Secret from Zitadel
|
||||
- **Scopes**: leave empty (defaults to `openid email profile`)
|
||||
3. Note the **Callback URL** shown by Dokploy (e.g. `https://your-dokploy-domain.com/api/auth/sso/callback/zitadel`).
|
||||
4. Save.
|
||||
|
||||
## 4. Verify the Redirect URI in Zitadel
|
||||
|
||||
Make sure the Redirect URI configured in your Zitadel application matches exactly the Callback URL shown in Dokploy:
|
||||
|
||||
```
|
||||
https://your-dokploy-domain.com/api/auth/sso/callback/zitadel
|
||||
```
|
||||
|
||||
If they differ, update the Redirect URI in the Zitadel application settings.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
- **Redirect URI mismatch** — The Redirect URI in Zitadel must match the Callback URL in Dokploy exactly, including the `{providerId}` path segment.
|
||||
- **Invalid client** — Verify the Client ID and Client Secret are correct and that the application is active in Zitadel.
|
||||
- **Authentication method** — Zitadel must be set to **CODE** (Authentication Method: Basic). PKCE is not supported for server-side applications.
|
||||
- **HTTPS required** — Zitadel requires HTTPS for Redirect URIs in production. Enable **Development Mode** in your Zitadel instance only if testing with HTTP.
|
||||
- **User not found** — Ensure the user exists in the Zitadel project and that the `email` scope is included.
|
||||
|
||||
For help with your setup, [contact us](https://dokploy.com/contact).
|
||||
78
apps/docs/content/docs/core/enterprise/whitelabeling.mdx
Normal file
@@ -0,0 +1,78 @@
|
||||
---
|
||||
title: Whitelabeling
|
||||
description: Rebrand Dokploy with your application name, logos, colors, and custom links
|
||||
---
|
||||
|
||||
Whitelabeling lets Enterprise users fully rebrand their Dokploy instance. You can customize the application name, logos, favicon, appearance, metadata, links, and error pages — all from **Settings → Whitelabel**.
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-whitelabeling.png" alt="Whitelabeling settings" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Branding
|
||||
|
||||
Customize the application name, logos, and favicon to match your brand identity.
|
||||
|
||||
| Field | Description |
|
||||
| --- | --- |
|
||||
| **Application Name** | Replaces "Dokploy" across the entire interface. |
|
||||
| **Application Description** | Tagline shown on the login/onboarding pages. Defaults to the standard Dokploy description if empty. |
|
||||
| **Logo URL** | Main logo shown in the sidebar and header. Recommended size: 128×128px. |
|
||||
| **Login Page Logo URL** | Logo displayed on the login page. If empty, the main logo is used. |
|
||||
| **Favicon URL** | Browser tab icon. Supports `.ico`, `.png`, and `.svg` formats. |
|
||||
|
||||
## Appearance
|
||||
|
||||
Customize the look and feel of the application with custom CSS.
|
||||
|
||||
The **Custom CSS** editor lets you inject custom CSS styles globally. Click **Load Default Styles** to get the base theme CSS variables as a starting point, then modify the values to match your brand.
|
||||
|
||||
Example — changing background and foreground colors:
|
||||
|
||||
```css
|
||||
/* Light Mode */
|
||||
:root {
|
||||
--background: 0 0% 100%;
|
||||
--foreground: 240 10% 3.9%;
|
||||
--card: 0 0% 100%;
|
||||
--card-foreground: 240 10% 3.9%;
|
||||
--popover: 0 0% 100%;
|
||||
--popover-foreground: 240 10% 3.9%;
|
||||
}
|
||||
```
|
||||
|
||||
## Metadata & Links
|
||||
|
||||
Customize the page title, footer text, and sidebar links.
|
||||
|
||||
| Field | Description |
|
||||
| --- | --- |
|
||||
| **Page Title** | Browser tab title. Defaults to "Dokploy" if empty. |
|
||||
| **Footer Text** | Custom text displayed in the footer area. |
|
||||
| **Support URL** | Custom URL for the "Support" link in the sidebar. |
|
||||
| **Documentation URL** | Custom URL for the "Documentation" link in the sidebar. |
|
||||
|
||||
## Error Pages
|
||||
|
||||
Customize the error page messages shown to users.
|
||||
|
||||
| Field | Description |
|
||||
| --- | --- |
|
||||
| **Error Page Title** | Title shown on error pages. |
|
||||
| **Error Page Description** | Description text shown on error pages. Defaults to "We're sorry, but an unexpected error occurred. Please try again later." |
|
||||
|
||||
## Live Preview
|
||||
|
||||
The whitelabel settings page includes a **Live Preview** section at the bottom. It shows a quick preview of how your branding changes will look — including the logo, application name, button styles, and footer text — before you save.
|
||||
|
||||
## Actions
|
||||
|
||||
- **Reset to Defaults** — Revert all whitelabel settings back to the default Dokploy branding.
|
||||
- **Save Changes** — Apply your customizations.
|
||||
|
||||
## Best practices
|
||||
|
||||
- Use high-resolution logos (e.g. 2×) for sharp display on retina screens. SVG format is recommended for perfect scaling.
|
||||
- Keep your custom CSS colors accessible with sufficient contrast for text and buttons.
|
||||
- Test the login page, dashboard, and key workflows after applying changes to ensure nothing is broken or hard to read.
|
||||
- Always preview your changes using the Live Preview section before saving.
|
||||
|
||||
For help enabling or configuring whitelabeling, [contact us](https://dokploy.com/contact).
|
||||
@@ -12,5 +12,6 @@ description: "Dokploy has certain goodies that are external that can be used wit
|
||||
6. **Templates Collection** : Docker compose collection for Dokploy [Github](https://github.com/benbristow/dokploy-compose-templates)
|
||||
7. **Dokploy Port Updater**: Dokploy Port Updater [Github](https://github.com/clockradios/dokploy-port-updater)
|
||||
8. **Dokli TUI**: Dokli TUI [Github](https://github.com/jonykalavera/dokli)
|
||||
10. **nix-dokploy**: A NixOS module that runs Dokploy using declarative systemd units [Github](https://github.com/el-kurto/nix-dokploy)
|
||||
|
||||
Want to submit your own? [Submit a PR](https://github.com/Dokploy/website/blob/main/README.md)
|
||||
|
||||
@@ -162,4 +162,58 @@ This allows all subdomains (`app1.example.com`, `app2.example.com`, etc.) to rou
|
||||
|
||||
<Callout type="info">
|
||||
With wildcard routing, you only need ONE public hostname in Cloudflare Tunnel. Traefik handles routing to different apps based on the domain configured in Dokploy.
|
||||
</Callout>
|
||||
|
||||
## Using Cloudflare Access (Zero Trust) with Dokploy
|
||||
|
||||
If you protect your Dokploy dashboard with **Cloudflare Access** (Zero Trust), there are a few extra steps required to make login work correctly.
|
||||
|
||||
### Why login hangs behind Cloudflare Access
|
||||
|
||||
When Cloudflare Access sits in front of Dokploy, the login request (`POST /api/auth/sign-in/email`) may appear to hang indefinitely even with valid credentials. Invalid credentials still return a `401` immediately, which makes it easy to miss this issue.
|
||||
|
||||
The root cause is that Better Auth (Dokploy's auth library) validates the `Origin` header of every request. When the request comes through Cloudflare Access, the origin may not match any of the trusted origins Dokploy knows about, so the request is silently dropped.
|
||||
|
||||
### Required configuration
|
||||
|
||||
You need to configure three things:
|
||||
|
||||
**1. Set a stable `BETTER_AUTH_SECRET`**
|
||||
|
||||
Make sure this value is set and does not change between restarts. If it is missing or rotates, sessions are invalidated and auth flows may break.
|
||||
|
||||
```bash
|
||||
BETTER_AUTH_SECRET=your-random-secret-here
|
||||
```
|
||||
|
||||
Generate a secure value with:
|
||||
|
||||
```bash
|
||||
openssl rand -hex 32
|
||||
```
|
||||
|
||||
**2. Add your domain to trusted origins**
|
||||
|
||||
Set the `BETTER_AUTH_TRUSTED_ORIGINS` environment variable to include all origins that can reach Dokploy:
|
||||
|
||||
```bash
|
||||
BETTER_AUTH_TRUSTED_ORIGINS=http://localhost:3000,http://<internal-ip>:3000,https://dokploy.example.com
|
||||
```
|
||||
|
||||
Replace `dokploy.example.com` with your actual public domain.
|
||||
|
||||
**3. Configure Web Server settings in the Dokploy UI**
|
||||
|
||||
Go to **Settings → Server** and set:
|
||||
- **Host**: `dokploy.example.com` (your public domain)
|
||||
- **HTTPS**: enabled
|
||||
|
||||
This ensures Dokploy includes your domain as a trusted origin automatically.
|
||||
|
||||
<Callout type="info">
|
||||
After applying these changes, redeploy the Dokploy service so the new environment variables take effect.
|
||||
</Callout>
|
||||
|
||||
<Callout type="warn">
|
||||
If you access Dokploy through multiple origins (public domain, internal IP, Tailscale), make sure all of them are listed in `BETTER_AUTH_TRUSTED_ORIGINS`.
|
||||
</Callout>
|
||||
@@ -47,8 +47,8 @@ Please go to get started.
|
||||
description="Learn how to deploy databases."
|
||||
/>
|
||||
<Card
|
||||
href="/docs/core/traefik/overview"
|
||||
title="Traefik"
|
||||
description="Learn how to deploy Traefik."
|
||||
href="/docs/core/docker-compose"
|
||||
title="Docker Compose"
|
||||
description="Learn how to use Docker Compose with Dokploy."
|
||||
/>
|
||||
</Cards>
|
||||
|
||||
@@ -77,6 +77,67 @@ Dokploy utilizes Docker, so it is essential to have Docker installed on your ser
|
||||
curl -sSL https://dokploy.com/install.sh | sh
|
||||
```
|
||||
|
||||
See [Manual Installation](/docs/core/manual-installation) if you want to customize your Dokploy installation.
|
||||
|
||||
|
||||
### Advanced Installation Options
|
||||
|
||||
The installation script automatically detects and installs the latest stable version from GitHub. However, you can customize the installation using environment variables:
|
||||
|
||||
#### Install Specific Versions
|
||||
|
||||
**Install Canary Version (Development):**
|
||||
```bash
|
||||
export DOKPLOY_VERSION=canary && curl -sSL https://dokploy.com/install.sh | sh
|
||||
```
|
||||
|
||||
**Install Latest Stable:**
|
||||
```bash
|
||||
export DOKPLOY_VERSION=latest && curl -sSL https://dokploy.com/install.sh | sh
|
||||
```
|
||||
|
||||
**Install Specific Version:**
|
||||
```bash
|
||||
export DOKPLOY_VERSION=v0.26.6 && curl -sSL https://dokploy.com/install.sh | sh
|
||||
```
|
||||
|
||||
#### Custom Network Configuration
|
||||
|
||||
If you need to customize the Docker Swarm network configuration (useful to avoid CIDR conflicts with cloud provider VPCs):
|
||||
|
||||
```bash
|
||||
export DOCKER_SWARM_INIT_ARGS="--default-addr-pool 172.20.0.0/16 --default-addr-pool-mask-length 24"
|
||||
curl -sSL https://dokploy.com/install.sh | sh
|
||||
```
|
||||
|
||||
#### Manual Advertise Address
|
||||
|
||||
If the script cannot detect your server's IP automatically, specify it manually:
|
||||
|
||||
```bash
|
||||
export ADVERTISE_ADDR=192.168.1.100
|
||||
curl -sSL https://dokploy.com/install.sh | sh
|
||||
```
|
||||
|
||||
### Proxmox LXC Support
|
||||
|
||||
<Callout type='info'>
|
||||
The installation script automatically detects Proxmox LXC containers and applies the necessary configurations (`--endpoint-mode dnsrr`) for compatibility.
|
||||
</Callout>
|
||||
|
||||
### Updating Dokploy
|
||||
|
||||
To update your Dokploy installation to the latest version:
|
||||
|
||||
```bash
|
||||
curl -sSL https://dokploy.com/install.sh | sh -s update
|
||||
```
|
||||
|
||||
**Update to Specific Version:**
|
||||
```bash
|
||||
export DOKPLOY_VERSION=v0.26.6 && curl -sSL https://dokploy.com/install.sh | sh -s update
|
||||
```
|
||||
|
||||
## Completing the Setup
|
||||
|
||||
After running the installation script, Dokploy and its dependencies will be set up on your server. Here's how to finalize the setup and start using Dokploy:
|
||||
@@ -122,5 +183,5 @@ Once you have verified that your domain is working correctly, you can disable IP
|
||||
docker service update --publish-rm "published=3000,target=3000,mode=host" dokploy
|
||||
```
|
||||
|
||||
To further secure your installation, consider reading the [Security recommendations](/docs/core/multi-server/security#security-recommendations) section.
|
||||
To further secure your installation, consider reading the [Security recommendations](/docs/core/remote-servers/security#security-recommendations) section.
|
||||
|
||||
|
||||
214
apps/docs/content/docs/core/interface-overview.mdx
Normal file
@@ -0,0 +1,214 @@
|
||||
---
|
||||
title: Interface Overview
|
||||
description: 'A visual tour of the Dokploy dashboard — screenshots of every major section of the panel.'
|
||||
---
|
||||
|
||||
This page is a visual tour of the Dokploy dashboard. Use it to get familiar with each section of the panel before diving into the feature guides. Click any image to zoom in.
|
||||
|
||||
## Home
|
||||
|
||||
The home dashboard summarizes your organization at a glance: projects, services, recent deployments and their status.
|
||||
|
||||
<ImageZoom src="/assets/images/ui/home.png" alt="Dokploy home dashboard with projects, services and recent deployments" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Projects
|
||||
|
||||
Projects group your services. Each project can hold applications, databases and Docker Compose services, organized per environment.
|
||||
|
||||
<ImageZoom src="/assets/images/ui/projects.png" alt="Projects list" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
Inside a project you see every service with its live status:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/project-services.png" alt="Project services grid" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Environments
|
||||
|
||||
Every project supports multiple environments (for example `production` and `staging`), each with its own set of services and shared variables.
|
||||
|
||||
<ImageZoom src="/assets/images/ui/environments.png" alt="Environment selector with production and staging" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Applications
|
||||
|
||||
The application view centralizes everything about a deployed app.
|
||||
|
||||
### General & Providers
|
||||
|
||||
Connect GitHub, GitLab, Bitbucket, Gitea, any Git URL, a Docker image, or drop files directly:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/application-general.png" alt="Application general tab with provider configuration" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Environment Variables
|
||||
|
||||
<ImageZoom src="/assets/images/ui/application-environment.png" alt="Application environment variables editor" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Domains
|
||||
|
||||
Add domains with automatic HTTPS via Let's Encrypt:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/application-domains.png" alt="Application domains with automatic HTTPS" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Deployments
|
||||
|
||||
Every deployment is tracked, with a webhook URL for auto-deploys and full build logs:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/application-deployments.png" alt="Application deployments history" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
<ImageZoom src="/assets/images/ui/build-logs.png" alt="Build and deployment logs" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Logs
|
||||
|
||||
Real-time runtime logs with container selection, search and filters:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/application-logs.png" alt="Real-time application logs" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Monitoring
|
||||
|
||||
Per-service CPU, memory, network and disk metrics:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/application-monitoring.png" alt="Per-service monitoring" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Advanced
|
||||
|
||||
Custom commands, cluster settings, resources, and mounts:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/application-advanced.png" alt="Application advanced settings" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Databases
|
||||
|
||||
Deploy PostgreSQL, MySQL, MariaDB, MongoDB and Redis with a few clicks:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/database-postgres.png" alt="PostgreSQL database view" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Backups
|
||||
|
||||
Schedule automatic backups to any S3-compatible destination:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/database-backups.png" alt="Scheduled database backups" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
<ImageZoom src="/assets/images/ui/create-backup.png" alt="Create backup modal" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Docker Compose
|
||||
|
||||
Deploy multi-service stacks from a Git repository or a raw compose file, with a built-in editor:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/compose-editor.png" alt="Docker Compose editor" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Templates
|
||||
|
||||
Deploy hundreds of open-source apps with one click:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/templates.png" alt="Open source templates gallery" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Monitoring
|
||||
|
||||
Server-level metrics: CPU, memory, disk and Docker usage:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/server-monitoring.png" alt="Server monitoring dashboard" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Traefik File System
|
||||
|
||||
Edit the Traefik configuration directly from the panel:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/traefik-file-system.png" alt="Traefik file system editor" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Docker & Swarm
|
||||
|
||||
Inspect containers, images and Swarm nodes:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/docker.png" alt="Docker containers view" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
<ImageZoom src="/assets/images/ui/swarm.png" alt="Docker Swarm nodes" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Requests
|
||||
|
||||
Analyze incoming HTTP requests handled by Traefik:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/requests.png" alt="Requests analytics" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Schedules
|
||||
|
||||
Run cron jobs against your services:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/schedules.png" alt="Scheduled jobs" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Settings
|
||||
|
||||
### Web Server
|
||||
|
||||
Domain, certificates, and maintenance actions for the Dokploy panel itself:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-web-server.png" alt="Web server settings" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Remote Servers
|
||||
|
||||
Deploy to any VPS over SSH:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-remote-servers.png" alt="Remote servers" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Users
|
||||
|
||||
Invite team members and manage roles:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-users.png" alt="Users and roles" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Audit Logs
|
||||
|
||||
Track every action performed in your organization:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-audit-logs.png" alt="Audit logs" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### SSH Keys
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-ssh-keys.png" alt="SSH keys" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Git Providers
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-git.png" alt="Git providers" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Registry
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-registry.png" alt="Docker registry settings" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### S3 Destinations
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-s3-destinations.png" alt="S3 destinations for backups" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Certificates
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-certificates.png" alt="Certificates" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Notifications
|
||||
|
||||
Connect Slack, Discord, Telegram, email and more:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-notifications.png" alt="Notification channels" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### AI
|
||||
|
||||
Configure AI providers to enable AI-assisted features:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-ai.png" alt="AI settings" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
## Enterprise
|
||||
|
||||
### SSO
|
||||
|
||||
Configure OIDC/SAML providers and protect deployed applications with forward auth:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-sso.png" alt="SSO settings" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Custom Roles
|
||||
|
||||
Create roles with granular permissions, starting from presets like Viewer, Developer, Deployer or DevOps:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/create-custom-role.png" alt="Create custom role modal" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### Whitelabeling
|
||||
|
||||
Rebrand your Dokploy instance with your own name, logos and colors:
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-whitelabeling.png" alt="Whitelabeling settings" width={1600} height={775} className="rounded-lg"/>
|
||||
|
||||
### License
|
||||
|
||||
<ImageZoom src="/assets/images/ui/settings-license.png" alt="License settings" width={1600} height={775} className="rounded-lg"/>
|
||||
@@ -3,7 +3,7 @@ title: 'Manual Installation'
|
||||
description: 'Learn how to manually install Dokploy on your server.'
|
||||
---
|
||||
|
||||
If you wish to customize the Dokploy installation on your server, you can modify several enviroment variables:
|
||||
If you wish to customize the Dokploy installation on your server, you can modify several environment variables:
|
||||
|
||||
1. **PORT** - Ideal for avoiding conflicts with other services.
|
||||
2. **TRAEFIK_SSL_PORT** - Set to another port if you want to use a different port for SSL.
|
||||
@@ -134,13 +134,22 @@ install_dokploy() {
|
||||
|
||||
chmod 777 /etc/dokploy
|
||||
|
||||
# Generate secure random password for Postgres
|
||||
POSTGRES_PASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-32)
|
||||
|
||||
# Store password as Docker Secret (encrypted and secure)
|
||||
echo "$POSTGRES_PASSWORD" | docker secret create dokploy_postgres_password - 2>/dev/null || true
|
||||
|
||||
echo "Generated secure database credentials (stored in Docker Secrets)"
|
||||
|
||||
docker service create \
|
||||
--name dokploy-postgres \
|
||||
--constraint 'node.role==manager' \
|
||||
--network dokploy-network \
|
||||
--env POSTGRES_USER=dokploy \
|
||||
--env POSTGRES_DB=dokploy \
|
||||
--env POSTGRES_PASSWORD=amukds4wi9001583845717ad2 \
|
||||
--secret source=dokploy_postgres_password,target=/run/secrets/postgres_password \
|
||||
--env POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password \
|
||||
--mount type=volume,source=dokploy-postgres,target=/var/lib/postgresql/data \
|
||||
postgres:16
|
||||
|
||||
@@ -151,9 +160,6 @@ install_dokploy() {
|
||||
--mount type=volume,source=dokploy-redis,target=/data \
|
||||
redis:7
|
||||
|
||||
docker pull traefik:v3.6.1
|
||||
docker pull dokploy/dokploy:latest
|
||||
|
||||
# Installation
|
||||
docker service create \
|
||||
--name dokploy \
|
||||
@@ -162,11 +168,13 @@ install_dokploy() {
|
||||
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
|
||||
--mount type=bind,source=/etc/dokploy,target=/etc/dokploy \
|
||||
--mount type=volume,source=dokploy,target=/root/.docker \
|
||||
--secret source=dokploy_postgres_password,target=/run/secrets/postgres_password \
|
||||
--publish published=3000,target=3000,mode=host \
|
||||
--update-parallelism 1 \
|
||||
--update-order stop-first \
|
||||
--constraint 'node.role == manager' \
|
||||
-e ADVERTISE_ADDR=$advertise_addr \
|
||||
-e POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password \
|
||||
dokploy/dokploy:latest
|
||||
|
||||
|
||||
@@ -179,7 +187,7 @@ install_dokploy() {
|
||||
-p 80:80/tcp \
|
||||
-p 443:443/tcp \
|
||||
-p 443:443/udp \
|
||||
traefik:v3.6.1
|
||||
traefik:v3.6.7
|
||||
|
||||
docker network connect dokploy-network dokploy-traefik
|
||||
|
||||
@@ -195,7 +203,7 @@ install_dokploy() {
|
||||
# --publish mode=host,published=443,target=443 \
|
||||
# --publish mode=host,published=80,target=80 \
|
||||
# --publish mode=host,published=443,target=443,protocol=udp \
|
||||
# traefik:v3.6.1
|
||||
# traefik:v3.6.7
|
||||
|
||||
GREEN="\033[0;32m"
|
||||
YELLOW="\033[1;33m"
|
||||
@@ -258,6 +266,23 @@ To customize the --advertise-addr parameter, replace the line: `advertise_addr=$
|
||||
:warning: This IP address should be accessible to all nodes that will join the Swarm.
|
||||
|
||||
|
||||
## Proxmox LXC Considerations
|
||||
|
||||
If you're installing Dokploy in a Proxmox LXC container, the installation script automatically detects the environment and adds `--endpoint-mode dnsrr` to Docker services for compatibility.
|
||||
|
||||
For manual installations in LXC, add this flag to your service creation commands:
|
||||
|
||||
```bash
|
||||
docker service create \
|
||||
--name dokploy-postgres \
|
||||
--endpoint-mode dnsrr \
|
||||
# ... rest of the configuration
|
||||
```
|
||||
|
||||
<Callout type='warn'>
|
||||
**Note:** The `--endpoint-mode dnsrr` flag is required for Docker services to work properly in Proxmox LXC containers due to networking limitations.
|
||||
</Callout>
|
||||
|
||||
## Existing Docker swarm
|
||||
|
||||
If you already have a Docker swarm running on your server and you want to use dokploy, you can use the following command to join it:
|
||||
@@ -303,17 +328,78 @@ To upgrade Dokploy manually, you can use the following command:
|
||||
curl -sSL https://dokploy.com/install.sh | sh -s update
|
||||
```
|
||||
|
||||
To use a specific version, you can use the following command:
|
||||
### Version-Specific Installation & Updates
|
||||
|
||||
The installation script automatically detects the latest stable version from GitHub. You can also specify a particular version:
|
||||
|
||||
**Install/Update to Canary (Development):**
|
||||
```bash
|
||||
export DOKPLOY_VERSION=canary && curl -sSL https://dokploy.com/install.sh | sh
|
||||
export DOKPLOY_VERSION=feature && curl -sSL https://dokploy.com/install.sh | sh
|
||||
curl -sSL https://dokploy.com/install.sh | sh (defaults to latest)
|
||||
```
|
||||
|
||||
Alternatively, you can use `bash -s`:
|
||||
**Install/Update to Latest Stable:**
|
||||
```bash
|
||||
export DOKPLOY_VERSION=latest && curl -sSL https://dokploy.com/install.sh | sh
|
||||
```
|
||||
|
||||
**Install/Update to Specific Version:**
|
||||
```bash
|
||||
export DOKPLOY_VERSION=v0.26.6 && curl -sSL https://dokploy.com/install.sh | sh
|
||||
```
|
||||
|
||||
**Auto-detect Latest Stable (Default):**
|
||||
```bash
|
||||
curl -sSL https://dokploy.com/install.sh | sh
|
||||
```
|
||||
|
||||
Alternatively, you can use `bash -s` for inline version specification:
|
||||
|
||||
```bash
|
||||
DOKPLOY_VERSION=canary bash -s < <(curl -sSL https://dokploy.com/install.sh)
|
||||
DOKPLOY_VERSION=feature bash -s < <(curl -sSL https://dokploy.com/install.sh)
|
||||
DOKPLOY_VERSION=v0.26.6 bash -s < <(curl -sSL https://dokploy.com/install.sh)
|
||||
```
|
||||
|
||||
### Additional Environment Variables
|
||||
|
||||
**Custom Docker Swarm Network Configuration:**
|
||||
```bash
|
||||
export DOCKER_SWARM_INIT_ARGS="--default-addr-pool 172.20.0.0/16 --default-addr-pool-mask-length 24"
|
||||
curl -sSL https://dokploy.com/install.sh | sh
|
||||
```
|
||||
|
||||
**Manual Advertise Address:**
|
||||
```bash
|
||||
export ADVERTISE_ADDR=192.168.1.100
|
||||
curl -sSL https://dokploy.com/install.sh | sh
|
||||
```
|
||||
|
||||
## Updating Traefik Manually
|
||||
|
||||
Dokploy does not update the Traefik container automatically when you upgrade. This is intentional to avoid unexpected downtime for your services. If you need a newer Traefik version (for example, due to a breaking change or security fix), you can update it manually.
|
||||
|
||||
1. Remove the existing Traefik container.
|
||||
2. Create a new container with the desired Traefik image version and the same configuration.
|
||||
3. Connect the new container to the Dokploy network.
|
||||
|
||||
Example (replace `v3.6.7` with the version you want):
|
||||
|
||||
```bash
|
||||
docker rm -f dokploy-traefik
|
||||
|
||||
docker run -d \
|
||||
--name dokploy-traefik \
|
||||
--restart always \
|
||||
-v /etc/dokploy/traefik/traefik.yml:/etc/traefik/traefik.yml \
|
||||
-v /etc/dokploy/traefik/dynamic:/etc/dokploy/traefik/dynamic \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock:ro \
|
||||
-p 80:80/tcp \
|
||||
-p 443:443/tcp \
|
||||
-p 443:443/udp \
|
||||
traefik:v3.6.7
|
||||
|
||||
docker network connect dokploy-network dokploy-traefik
|
||||
```
|
||||
|
||||
<Callout type='warn'>
|
||||
**Breaking changes:** Some Traefik versions introduce breaking changes that may not be compatible with the configuration and structure Dokploy uses. Before upgrading, check the [Traefik release notes](https://github.com/traefik/traefik/releases) and [Dokploy releases](https://github.com/Dokploy/dokploy/releases) for any announced breaking changes. Using an incompatible version can cause routing issues (e.g. 404s for applications using domains).
|
||||
</Callout>
|
||||
|
||||
@@ -8,18 +8,23 @@
|
||||
"index",
|
||||
"architecture",
|
||||
"features",
|
||||
"comparison",
|
||||
"installation",
|
||||
"manual-installation",
|
||||
"reset-password",
|
||||
"uninstall",
|
||||
"videos",
|
||||
"goodies",
|
||||
"multi-tenancy",
|
||||
"troubleshooting",
|
||||
"---Screenshots---",
|
||||
"interface-overview",
|
||||
"---Cloud---",
|
||||
"cloud",
|
||||
"monitoring",
|
||||
"differences",
|
||||
"---Server---",
|
||||
"ai",
|
||||
"(S3-Destinations)",
|
||||
"(Git-Sources)",
|
||||
"(Users)",
|
||||
@@ -28,16 +33,17 @@
|
||||
"ssh-keys",
|
||||
"certificates",
|
||||
"backups",
|
||||
"concurrent-builds",
|
||||
"---Services---",
|
||||
"variables",
|
||||
"domains",
|
||||
"applications",
|
||||
"docker-compose",
|
||||
"databases",
|
||||
"templates",
|
||||
"(examples)",
|
||||
"auto-deploy",
|
||||
"schedule-jobs",
|
||||
"patches",
|
||||
"volume-backups",
|
||||
"providers",
|
||||
"watch-paths",
|
||||
@@ -48,11 +54,18 @@
|
||||
"remote-servers/deployments",
|
||||
"remote-servers/security",
|
||||
"remote-servers/validate",
|
||||
"---Advanced---",
|
||||
"cluster",
|
||||
"---Enterprise---",
|
||||
"enterprise/index",
|
||||
"enterprise/license-keys",
|
||||
"enterprise/sso",
|
||||
"enterprise/whitelabeling",
|
||||
"enterprise/custom-roles",
|
||||
"enterprise/audit-logs",
|
||||
"---Guides---",
|
||||
"guides/cloudflare-tunnels",
|
||||
"guides/tailscale",
|
||||
"guides/ec2-instructions",
|
||||
"---Advanced---",
|
||||
"cluster"
|
||||
"guides/ec2-instructions"
|
||||
]
|
||||
}
|
||||
|
||||
239
apps/docs/content/docs/core/multi-tenancy.mdx
Normal file
@@ -0,0 +1,239 @@
|
||||
---
|
||||
title: Multi-Tenancy
|
||||
description: "Understand how Dokploy organizes resources using Organizations, Projects, Environments, and Services for team collaboration and resource isolation."
|
||||
---
|
||||
|
||||
import { Callout } from 'fumadocs-ui/components/callout';
|
||||
|
||||
Dokploy provides a hierarchical multi-tenancy model that lets you organize your infrastructure cleanly — whether you're a solo developer or managing multiple teams. This guide explains how Organizations, Projects, Environments, and Services work together.
|
||||
|
||||
## Resource Hierarchy
|
||||
|
||||
Dokploy organizes all resources in a four-level hierarchy:
|
||||
|
||||
```
|
||||
┌─────────────────────────────────────────────────────────────┐
|
||||
│ ORGANIZATION │
|
||||
│ The top-level tenant. All users, billing, and settings │
|
||||
│ belong to an organization. │
|
||||
│ │
|
||||
│ ┌────────────────────────┐ ┌────────────────────────┐ │
|
||||
│ │ PROJECT A │ │ PROJECT B │ │
|
||||
│ │ │ │ │ │
|
||||
│ │ ┌──────────────────┐ │ │ ┌──────────────────┐ │ │
|
||||
│ │ │ Environment: │ │ │ │ Environment: │ │ │
|
||||
│ │ │ Production │ │ │ │ Production │ │ │
|
||||
│ │ │ │ │ │ │ │ │ │
|
||||
│ │ │ ┌────────────┐ │ │ │ │ ┌────────────┐ │ │ │
|
||||
│ │ │ │ App (Next) │ │ │ │ │ │ App (Go) │ │ │ │
|
||||
│ │ │ ├────────────┤ │ │ │ │ ├────────────┤ │ │ │
|
||||
│ │ │ │ PostgreSQL │ │ │ │ │ │ Redis │ │ │ │
|
||||
│ │ │ ├────────────┤ │ │ │ │ │ │ │ │ │
|
||||
│ │ │ │ Redis │ │ │ │ │ └────────────┘ │ │ │
|
||||
│ │ │ └────────────┘ │ │ │ └──────────────────┘ │ │
|
||||
│ │ └──────────────────┘ │ │ │ │
|
||||
│ │ │ │ ┌──────────────────┐ │ │
|
||||
│ │ ┌──────────────────┐ │ │ │ Environment: │ │ │
|
||||
│ │ │ Environment: │ │ │ │ Staging │ │ │
|
||||
│ │ │ Staging │ │ │ │ │ │ │
|
||||
│ │ │ │ │ │ │ ┌────────────┐ │ │ │
|
||||
│ │ │ ┌────────────┐ │ │ │ │ │ App (Go) │ │ │ │
|
||||
│ │ │ │ App (Next) │ │ │ │ │ │ │ │ │ │
|
||||
│ │ │ ├────────────┤ │ │ │ │ └────────────┘ │ │ │
|
||||
│ │ │ │ PostgreSQL │ │ │ │ └──────────────────┘ │ │
|
||||
│ │ │ └────────────┘ │ │ │ │ │
|
||||
│ │ └──────────────────┘ │ │ │ │
|
||||
│ └────────────────────────┘ └────────────────────────┘ │
|
||||
│ │
|
||||
└─────────────────────────────────────────────────────────────┘
|
||||
```
|
||||
|
||||
### How it flows
|
||||
|
||||
```
|
||||
Organization ──► Project ──► Environment ──► Service
|
||||
│ │ │ │
|
||||
Users & Logical Isolation Apps,
|
||||
Billing grouping layer Databases,
|
||||
of work (prod/stg/dev) Compose
|
||||
```
|
||||
|
||||
## Organization
|
||||
|
||||
The **Organization** is the top-level container in Dokploy. Everything — users, projects, servers, settings — belongs to an organization.
|
||||
|
||||
- Each Dokploy instance starts with **one default organization** created during setup.
|
||||
- The user who installs Dokploy becomes the **Owner** of that organization.
|
||||
- All billing, SSO configuration, and global settings are scoped to the organization.
|
||||
|
||||
### Key capabilities
|
||||
|
||||
| Feature | Description |
|
||||
|---------|-------------|
|
||||
| **User Management** | Invite members, assign roles (Owner, Admin, Member, or custom roles) |
|
||||
| **SSO Integration** | Connect Auth0, Azure AD, Keycloak, Okta, or Zitadel (Enterprise) |
|
||||
| **Global Settings** | Manage servers, registries, SSH keys, certificates, and S3 destinations |
|
||||
| **Audit Logs** | Track all actions performed by organization members (Enterprise) |
|
||||
|
||||
## Projects
|
||||
|
||||
A **Project** is a logical grouping of related services. Think of it as a workspace for a specific product, client, or initiative.
|
||||
|
||||
- Projects live inside an organization.
|
||||
- Each project can contain **multiple environments**.
|
||||
- Projects have their own **shared environment variables** that are inherited by all services within.
|
||||
|
||||
### Common project structures
|
||||
|
||||
```
|
||||
# By product
|
||||
├── Project: "Marketing Website"
|
||||
├── Project: "Mobile API"
|
||||
└── Project: "Internal Tools"
|
||||
|
||||
# By client (agencies)
|
||||
├── Project: "Client: Acme Corp"
|
||||
├── Project: "Client: Globex Inc"
|
||||
└── Project: "Internal Projects"
|
||||
|
||||
# By team
|
||||
├── Project: "Frontend Team"
|
||||
├── Project: "Backend Team"
|
||||
└── Project: "Data Pipeline"
|
||||
```
|
||||
|
||||
### Creating a project
|
||||
|
||||
1. Go to the **Dashboard**.
|
||||
2. Click **Create Project**.
|
||||
3. Enter a name and optional description.
|
||||
|
||||
<Callout type="info">
|
||||
Projects are the primary unit for **access control**. You can grant members access to specific projects without exposing the rest of your infrastructure.
|
||||
</Callout>
|
||||
|
||||
## Environments
|
||||
|
||||
**Environments** provide isolation within a project. They allow you to run the same services in different configurations (production, staging, development) without interference.
|
||||
|
||||
- Each project starts with a **default environment**.
|
||||
- You can create additional environments as needed.
|
||||
- Environments have their own **shared environment variables** that override project-level variables.
|
||||
- Services in different environments are **completely isolated** from each other.
|
||||
|
||||
### Environment use cases
|
||||
|
||||
| Pattern | Environments | Purpose |
|
||||
|---------|-------------|---------|
|
||||
| **Standard** | `production`, `staging` | Classic deploy pipeline |
|
||||
| **Feature branches** | `production`, `staging`, `feature-x` | Test features in isolation |
|
||||
| **Regional** | `us-east`, `eu-west`, `ap-south` | Multi-region deployments |
|
||||
| **Per-client** | `client-a`, `client-b` | Client-specific configurations |
|
||||
|
||||
### Variable inheritance
|
||||
|
||||
Environment variables flow downward through the hierarchy with the ability to override at each level:
|
||||
|
||||
```
|
||||
Organization
|
||||
└── Project (shared variables: DATABASE_HOST=db.internal)
|
||||
├── Environment: Production (override: DATABASE_HOST=db-prod.internal)
|
||||
│ └── Service: API (uses DATABASE_HOST=db-prod.internal)
|
||||
│
|
||||
└── Environment: Staging (no override)
|
||||
└── Service: API (uses DATABASE_HOST=db.internal)
|
||||
```
|
||||
|
||||
<Callout>
|
||||
Environment-level variables take precedence over project-level variables. Service-level variables take precedence over both.
|
||||
</Callout>
|
||||
|
||||
## Services
|
||||
|
||||
**Services** are the actual workloads running inside an environment. Dokploy supports three types of services:
|
||||
|
||||
### Service types
|
||||
|
||||
| Type | Description | Examples |
|
||||
|------|-------------|---------|
|
||||
| **Application** | Your custom app deployed from Git or Docker | Next.js app, Go API, Python worker |
|
||||
| **Database** | Managed database instances | PostgreSQL, MySQL, MongoDB, Redis, MariaDB |
|
||||
| **Docker Compose** | Multi-container stacks defined via `docker-compose.yml` | WordPress + MySQL, ELK stack |
|
||||
|
||||
Each service gets its own:
|
||||
- **Domains** — Custom domains with automatic SSL via Traefik
|
||||
- **Environment Variables** — Service-specific configuration
|
||||
- **Deployments** — Independent deploy history and rollbacks
|
||||
- **Logs & Monitoring** — Per-service resource metrics
|
||||
- **Backups** — Automated database backups (for database services)
|
||||
|
||||
## Access Control
|
||||
|
||||
Dokploy's permission system maps directly to this hierarchy, allowing you to control who can see and do what at every level.
|
||||
|
||||
### Role hierarchy
|
||||
|
||||
```
|
||||
Owner (full control)
|
||||
│
|
||||
├── Admin (full control, cannot manage other admins/owner)
|
||||
│
|
||||
├── Member (limited, configurable permissions)
|
||||
│ ├── Can be granted access to specific Projects
|
||||
│ ├── Can be granted access to specific Environments
|
||||
│ └── Permissions are configurable per resource type
|
||||
│
|
||||
└── Custom Role (Enterprise)
|
||||
└── Fine-grained permissions across 25+ categories
|
||||
```
|
||||
|
||||
### Permission scoping
|
||||
|
||||
| Level | What you can control |
|
||||
|-------|---------------------|
|
||||
| **Organization** | Who can manage users, servers, registries, SSH keys, certificates |
|
||||
| **Project** | Who can view/create/delete projects and their services |
|
||||
| **Environment** | Who can access specific environments (e.g., only production) |
|
||||
| **Service** | Who can deploy, view logs, manage environment variables |
|
||||
|
||||
<Callout type="info">
|
||||
For detailed permission configuration, see [Permissions](/docs/core/permissions). For enterprise custom roles, see [Custom Roles](/docs/core/enterprise/custom-roles).
|
||||
</Callout>
|
||||
|
||||
## Best Practices
|
||||
|
||||
### Naming conventions
|
||||
|
||||
Use consistent, descriptive names across your hierarchy:
|
||||
|
||||
```
|
||||
Organization: "Acme Corp"
|
||||
└── Project: "acme-ecommerce"
|
||||
├── Environment: "production"
|
||||
│ ├── Service: "storefront" (Application)
|
||||
│ ├── Service: "api" (Application)
|
||||
│ ├── Service: "postgres-main" (Database)
|
||||
│ └── Service: "redis-cache" (Database)
|
||||
│
|
||||
└── Environment: "staging"
|
||||
├── Service: "storefront"
|
||||
├── Service: "api"
|
||||
└── Service: "postgres-main"
|
||||
```
|
||||
|
||||
### Separation strategies
|
||||
|
||||
| Strategy | When to use | Example |
|
||||
|----------|-------------|---------|
|
||||
| **One project per product** | You have distinct products with separate teams | `website`, `mobile-api`, `admin-panel` |
|
||||
| **One project per client** | You're an agency or MSP managing multiple clients | `client-acme`, `client-globex` |
|
||||
| **One environment per stage** | Standard dev → staging → production workflow | `development`, `staging`, `production` |
|
||||
| **One environment per feature** | You want isolated testing of features before merge | `feature-auth-v2`, `feature-payments` |
|
||||
|
||||
### Security recommendations
|
||||
|
||||
1. **Principle of least privilege** — Only grant the minimum permissions each user needs.
|
||||
2. **Use environments for isolation** — Never run staging and production services in the same environment.
|
||||
3. **Scope variables properly** — Put shared secrets at the project level, environment-specific values at the environment level.
|
||||
4. **Audit regularly** — Review user access and permissions periodically, especially when team members change roles. Use [Audit Logs](/docs/core/enterprise/audit-logs) (Enterprise) to track changes.
|
||||
5. **Use custom roles** — If the default roles don't fit your needs, create [Custom Roles](/docs/core/enterprise/custom-roles) (Enterprise) with exactly the permissions required.
|
||||
60
apps/docs/content/docs/core/patches.mdx
Normal file
@@ -0,0 +1,60 @@
|
||||
---
|
||||
title: "Patches"
|
||||
description: "Apply code patches to your repository during build to modify configs, env, or code"
|
||||
---
|
||||
|
||||
Patches allow you to apply file-level modifications to your repository during the build process. Patches are applied after cloning the repository and before building, letting you override or add files without modifying the source repository directly.
|
||||
|
||||
## Use Cases
|
||||
|
||||
- Override configuration files for specific environments
|
||||
- Inject environment-specific settings
|
||||
- Modify source code before building
|
||||
- Add files that shouldn't be committed to the repository
|
||||
|
||||
## How It Works
|
||||
|
||||
1. Navigate to the **Patches** section in your application settings
|
||||
2. Click **Create Patch** to add a new patch
|
||||
3. Select a file from the repository tree to edit, or create a new file
|
||||
4. Make your modifications and click **Save Patch**
|
||||
|
||||
Patches are applied in order every time a build is triggered, after the repository is cloned and before the build step runs.
|
||||
|
||||
## Creating a Patch
|
||||
|
||||
### Edit an Existing File
|
||||
|
||||
1. Click **Create Patch**
|
||||
2. Browse the file tree and select the file you want to modify
|
||||
3. Edit the file content in the editor
|
||||
4. Click **Save Patch**
|
||||
|
||||
### Create a New File
|
||||
|
||||
1. Click **Create Patch**
|
||||
2. Navigate to the desired directory in the file tree
|
||||
3. Click **New file in root** or navigate to a subdirectory
|
||||
4. Enter the filename and content
|
||||
5. Click **Create**, then **Save Patch**
|
||||
|
||||
### Delete a File
|
||||
|
||||
1. Click **Create Patch**
|
||||
2. Select the file you want to remove
|
||||
3. Click **Mark for deletion**
|
||||
4. Click **Save Patch**
|
||||
|
||||
<Callout type="info">
|
||||
Patches do not modify your original repository. They are only applied temporarily during the build process.
|
||||
</Callout>
|
||||
|
||||
## Managing Patches
|
||||
|
||||
You can view all configured patches in the Patches section. Each patch shows the target file path and the type of operation (edit, create, or delete). You can edit or remove patches at any time.
|
||||
|
||||
Patches are persistent and will be applied on every build. If you no longer need a patch, make sure to remove it to avoid unintended modifications in future builds.
|
||||
|
||||
<Callout>
|
||||
If a patch targets a file that doesn't exist in the repository (for edit operations), the build will fail. Make sure your patches reference valid file paths.
|
||||
</Callout>
|
||||
@@ -20,6 +20,21 @@ UFW is an essential security component that manages incoming and outgoing networ
|
||||
- ✅ Default incoming policy should be set to 'deny'
|
||||
- ✅ Only necessary ports should be opened
|
||||
|
||||
<Callout type="warn">
|
||||
**Important: Docker Bypasses UFW Rules**
|
||||
|
||||
Docker directly modifies `iptables` rules, which means it bypasses UFW firewall rules. This is a critical security issue: **ports exposed by Docker containers remain accessible from the public internet even when UFW rules should block them**, creating a false sense of security.
|
||||
|
||||
For example, if you have UFW configured to deny all incoming traffic by default, but you run a Docker container with `-p 3000:3000`, port 3000 will still be accessible from the internet despite your UFW configuration.
|
||||
|
||||
**Solutions:**
|
||||
|
||||
- **ufw-docker**: Use the [ufw-docker](https://github.com/chaifeng/ufw-docker) utility to properly integrate Docker with UFW, ensuring that Docker containers respect UFW firewall rules.
|
||||
|
||||
- **VPS Provider Firewall**: Configure your cloud provider's firewall (e.g., AWS Security Groups, DigitalOcean Firewalls) to block public access to Docker-exposed ports. This operates before Docker's iptables rules and provides reliable protection.
|
||||
|
||||
</Callout>
|
||||
|
||||
### SSH Security
|
||||
Secure Shell (SSH) configuration is crucial for safe remote server access.
|
||||
|
||||
|
||||
@@ -1,122 +0,0 @@
|
||||
---
|
||||
title: Open Source Templates
|
||||
description: Deploy open source templates with Dokploy
|
||||
---
|
||||
|
||||
By default we include a set of templates, that you can use to spin up templates quickly. You can also create your own templates.
|
||||
|
||||
## Templates
|
||||
|
||||
The following templates are available (100):
|
||||
|
||||
- **Appwrite**: End-to-end backend server for Web, Mobile, Native, or Backend apps with user authentication, database, storage, and more.
|
||||
- **Outline**: Self-hosted knowledge base and documentation platform.
|
||||
- **Supabase**: The open-source Firebase alternative with a dedicated Postgres database for web, mobile, and AI applications.
|
||||
- **Pocketbase**: Open-source backend for your next SaaS and Mobile app in 1 file.
|
||||
- **Plausible**: Open-source, privacy-focused, self-hosted web analytics platform.
|
||||
- **Calcom**: Open-source alternative to Calendly for creating scheduling and booking services.
|
||||
- **Grafana**: Open-source platform for data visualization and monitoring.
|
||||
- **Directus**: API-first, open-source headless CMS for building custom backends.
|
||||
- **Baserow**: Open-source database management tool.
|
||||
- **Budibase**: Open-source low-code platform for building forms, portals, and approval apps.
|
||||
- **Ghost**: Professional publishing platform built on Node.js.
|
||||
- **Uptime Kuma**: Free and open-source monitoring tool.
|
||||
- **n8n**: Open-source low-code platform for automating workflows.
|
||||
- **Wordpress**: Free and open-source CMS for publishing websites.
|
||||
- **Odoo**: Free and open-source business management software.
|
||||
- **Appsmith**: Open-source platform for building internal tools.
|
||||
- **Excalidraw**: Open-source online diagramming tool.
|
||||
- **Documenso**: Open-source alternative to DocuSign.
|
||||
- **NocoDB**: Airtable alternative for databases.
|
||||
- **Meilisearch**: Free and open-source search engine.
|
||||
- **Phpmyadmin**: Web interface for MySQL/MariaDB management.
|
||||
- **Rocketchat**: Open-source web chat platform.
|
||||
- **Minio**: Open-source object storage server.
|
||||
- **Metabase**: Open-source business intelligence tool.
|
||||
- **Glitchtip**: Simple, open-source error tracking.
|
||||
- **Open WebUI**: Open-source ChatGPT alternative.
|
||||
- **Listmonk**: Self-hosted newsletter manager.
|
||||
- **Double Zero**: Self-hostable SES dashboard.
|
||||
- **Umami**: Privacy-focused analytics alternative.
|
||||
- **Jellyfin**: Free software media system.
|
||||
- **Teable**: No-code database with spreadsheet interface.
|
||||
- **Zipline**: ShareX/file upload server.
|
||||
- **Soketi**: Open-source WebSockets server.
|
||||
- **Aptabase**: Self-hosted analytics platform.
|
||||
- **Typebot**: Open-source chatbot builder.
|
||||
- **Gitea**: Self-hosted software development service.
|
||||
- **Roundcube**: Open-source webmail software.
|
||||
- **File Browser**: Web-based file manager.
|
||||
- **Tolgee**: Web-based localization platform.
|
||||
- **Portainer**: Container management tool.
|
||||
- **InfluxDB**: Time-series data platform.
|
||||
- **Infisical**: Configuration and secrets manager.
|
||||
- **Docmost**: Collaborative wiki software.
|
||||
- **Vaultwarden**: Bitwarden-compatible server.
|
||||
- **Hi.events**: Event management platform.
|
||||
- **Windows/MacOS**: Dockerized operating systems.
|
||||
- **Coder**: Cloud development environment.
|
||||
- **Stirling PDF**: PDF tools suite.
|
||||
- **Lobe Chat**: Modern AI chat framework.
|
||||
- **Peppermint**: API development platform.
|
||||
- **Windmill**: Workflow and internal apps platform.
|
||||
- **Activepieces**: No-code automation tool.
|
||||
- **InvoiceShelf**: Self-hosted invoicing system.
|
||||
- **Postiz**: Content management platform.
|
||||
- **Slash**: Bookmarking and link shortener.
|
||||
- **Discord Tickets**: Support ticket bot.
|
||||
- **Nextcloud AIO**: File storage and collaboration.
|
||||
- **Blender**: 3D creation suite.
|
||||
- **HeyForm**: Conversational form builder.
|
||||
- **Chatwoot**: Customer engagement platform.
|
||||
- **Discourse**: Modern forum software.
|
||||
- **Immich**: Photo/video backup solution.
|
||||
- **Twenty CRM**: Modern CRM alternative.
|
||||
- **YOURLS**: URL shortening service.
|
||||
- **Ryot**: Media tracking platform.
|
||||
- **PhotoPrism**: AI-powered photos app.
|
||||
- **Ontime**: Event rundown manager.
|
||||
- **Trigger.dev**: Event-driven application platform.
|
||||
- **Browserless**: Headless browser automation.
|
||||
- **draw.io**: Diagramming application.
|
||||
- **Kimai**: Time-tracking application.
|
||||
- **Logto**: Identity management platform.
|
||||
- **Penpot**: Open-source design tool.
|
||||
- **Huly**: Project management platform.
|
||||
- **Unsend**: Email service platform.
|
||||
- **Langflow**: Low-code AI application builder.
|
||||
- **Elasticsearch**: Search and analytics engine.
|
||||
- **OneDev**: Git server with CI/CD.
|
||||
- **Unifi Network**: Network management platform.
|
||||
- **GLPI**: Service management software.
|
||||
- **Checkmate**: Server monitoring tool.
|
||||
- **Gotenberg**: PDF generation API.
|
||||
- **Actual Budget**: Privacy-focused finance app.
|
||||
- **Conduit/Conduwuit**: Matrix chat servers.
|
||||
- **Cloudflared**: Cloudflare Tunnel daemon.
|
||||
- **CouchDB**: Document-oriented database.
|
||||
- **IT Tools**: Developer utilities collection.
|
||||
- **Superset**: Data visualization platform.
|
||||
- **Glance/Homarr**: Dashboard solutions.
|
||||
- **ERPNext**: Open-source ERP software.
|
||||
- **Maybe**: Finance tracking application.
|
||||
- **Spacedrive**: Cross-platform file manager.
|
||||
- **AList**: Multi-storage file manager.
|
||||
- **Answer**: Q&A platform.
|
||||
- **Shlink**: URL shortener.
|
||||
- **Frappe HR**: HR & Payroll software.
|
||||
- **Formbricks**: Survey platform.
|
||||
- **Trilium**: Note-taking application.
|
||||
- **Convex**: Reactive database platform.
|
||||
|
||||
For an up to date list of available template you can visit [Dokploy templates website](https://templates.dokploy.com/).
|
||||
|
||||
## Create your own template
|
||||
|
||||
We accept contributions to upload new templates to the dokploy repository.
|
||||
|
||||
Make sure to follow the guidelines for creating a template:
|
||||
|
||||
[Steps to create your own template](https://github.com/Dokploy/templates)
|
||||
|
||||
[^1]: Please note that if you're self-hosting a mail server you need port 25 to be open for SMTP (Mail Transmission Protocol that allows you to send and receive) to work properly. Some VPS providers like [Hetzner](https://docs.hetzner.com/cloud/servers/faq/#why-can-i-not-send-any-mails-from-my-server) block this port by default for new clients.
|
||||
@@ -460,13 +460,18 @@ You should now be able to access the user interface.
|
||||
|
||||
In the case you want to recreate the dokploy services, you can do the following:
|
||||
|
||||
<Callout type='warn'>
|
||||
**Important:** Before recreating services, make sure you have backups of your data. Recreating services will not delete your volumes, but it's always good to have backups.
|
||||
</Callout>
|
||||
|
||||
Remove the dokploy-redis service:
|
||||
### Recreate Redis Service
|
||||
|
||||
Remove and recreate the dokploy-redis service:
|
||||
```bash
|
||||
docker service rm dokploy-redis
|
||||
|
||||
# Create a new dokploy-redis service
|
||||
docker service create \
|
||||
docker service create \
|
||||
--name dokploy-redis \
|
||||
--constraint 'node.role==manager' \
|
||||
--network dokploy-network \
|
||||
@@ -479,18 +484,23 @@ Remove the dokploy-postgres service:
|
||||
```bash
|
||||
docker service rm dokploy-postgres
|
||||
|
||||
# Create a new dokploy-postgres service
|
||||
docker service create \
|
||||
# Create a new dokploy-postgres service with Docker Secrets
|
||||
docker service create \
|
||||
--name dokploy-postgres \
|
||||
--constraint 'node.role==manager' \
|
||||
--network dokploy-network \
|
||||
--env POSTGRES_USER=dokploy \
|
||||
--env POSTGRES_DB=dokploy \
|
||||
--env POSTGRES_PASSWORD=amukds4wi9001583845717ad2 \
|
||||
--secret source=dokploy_postgres_password,target=/run/secrets/postgres_password \
|
||||
--env POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password \
|
||||
--mount type=volume,source=dokploy-postgres,target=/var/lib/postgresql/data \
|
||||
postgres:16
|
||||
```
|
||||
|
||||
<Callout type='info'>
|
||||
**Note:** Using Docker Secrets is the recommended approach for managing sensitive data like passwords. The secret is encrypted and only available to services that have been granted access to it.
|
||||
</Callout>
|
||||
|
||||
|
||||
Remove the dokploy-traefik service:
|
||||
|
||||
@@ -507,7 +517,7 @@ docker run -d \
|
||||
-p 80:80/tcp \
|
||||
-p 443:443/tcp \
|
||||
-p 443:443/udp \
|
||||
traefik:v3.6.1
|
||||
traefik:v3.6.7
|
||||
|
||||
docker network connect dokploy-network dokploy-traefik
|
||||
|
||||
@@ -525,24 +535,27 @@ docker service create \
|
||||
--publish mode=host,published=443,target=443 \
|
||||
--publish mode=host,published=80,target=80 \
|
||||
--publish mode=host,published=443,target=443,protocol=udp \
|
||||
traefik:v3.6.1
|
||||
traefik:v3.6.7
|
||||
```
|
||||
|
||||
Remove the dokploy service:
|
||||
### Recreate Dokploy Service
|
||||
|
||||
First, get the private IP of your server for the ADVERTISE_ADDR:
|
||||
|
||||
```bash
|
||||
# Get the private IP of your server
|
||||
ip addr show | grep -E "inet (192\.168\.|10\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.)" | head -n1 | awk '{print $2}' | cut -d/ -f1
|
||||
```
|
||||
|
||||
Copy the IP address from the output and use it in the command below.
|
||||
|
||||
Remove and recreate the dokploy service:
|
||||
|
||||
```bash
|
||||
docker service rm dokploy
|
||||
|
||||
# Create a new dokploy service
|
||||
|
||||
# We need the advertise address to be set which is the Private IP of your server, you can get it by running the following command:
|
||||
|
||||
# Run this command to get the private IP of your server:
|
||||
|
||||
# Copy this value and paste in the ADVERTISE_ADDR variable:
|
||||
ip addr show | grep -E "inet (192\.168\.|10\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.)" | head -n1 | awk '{print $2}' | cut -d/ -f1
|
||||
|
||||
# Create the dokploy service
|
||||
# Replace <YOUR_PRIVATE_IP> with the IP you got from the command above
|
||||
docker service create \
|
||||
--name dokploy \
|
||||
--replicas 1 \
|
||||
@@ -550,11 +563,34 @@ docker service create \
|
||||
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
|
||||
--mount type=bind,source=/etc/dokploy,target=/etc/dokploy \
|
||||
--mount type=volume,source=dokploy,target=/root/.docker \
|
||||
--secret source=dokploy_postgres_password,target=/run/secrets/postgres_password \
|
||||
--publish published=3000,target=3000,mode=host \
|
||||
--update-parallelism 1 \
|
||||
--update-order stop-first \
|
||||
--constraint 'node.role == manager' \
|
||||
-e ADVERTISE_ADDR="Eg: 192.168.1.100" \
|
||||
-e ADVERTISE_ADDR=<YOUR_PRIVATE_IP> \
|
||||
-e POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password \
|
||||
dokploy/dokploy:latest
|
||||
```
|
||||
|
||||
**For Proxmox LXC environments**, add the `--endpoint-mode dnsrr` flag to all services:
|
||||
|
||||
```bash
|
||||
docker service create \
|
||||
--name dokploy \
|
||||
--replicas 1 \
|
||||
--network dokploy-network \
|
||||
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
|
||||
--mount type=bind,source=/etc/dokploy,target=/etc/dokploy \
|
||||
--mount type=volume,source=dokploy,target=/root/.docker \
|
||||
--secret source=dokploy_postgres_password,target=/run/secrets/postgres_password \
|
||||
--publish published=3000,target=3000,mode=host \
|
||||
--update-parallelism 1 \
|
||||
--update-order stop-first \
|
||||
--constraint 'node.role == manager' \
|
||||
--endpoint-mode dnsrr \
|
||||
-e ADVERTISE_ADDR=<YOUR_PRIVATE_IP> \
|
||||
-e POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password \
|
||||
dokploy/dokploy:latest
|
||||
```
|
||||
|
||||
|
||||
@@ -34,6 +34,7 @@ Remove the docker network created by Dokploy:
|
||||
|
||||
```bash
|
||||
docker network remove -f dokploy-network
|
||||
docker network remove -f ingress
|
||||
```
|
||||
|
||||
</Step>
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
{
|
||||
"pages": ["core", "cli", "api"]
|
||||
"pages": ["core", "cli", "api", "templates"]
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { APIPage } from "@/lib/source";
|
||||
import { Callout } from "fumadocs-ui/components/callout";
|
||||
import { ImageZoom } from "fumadocs-ui/components/image-zoom";
|
||||
import { Tab, Tabs } from "fumadocs-ui/components/tabs";
|
||||
import defaultMdxComponents from "fumadocs-ui/mdx";
|
||||
import type { MDXComponents } from "mdx/types";
|
||||
|
||||
@@ -9,6 +10,8 @@ export function getMDXComponents(components?: MDXComponents): MDXComponents {
|
||||
...defaultMdxComponents,
|
||||
ImageZoom,
|
||||
Callout,
|
||||
Tab,
|
||||
Tabs,
|
||||
APIPage,
|
||||
...components,
|
||||
p: ({ children }) => (
|
||||
|
||||
@@ -5,6 +5,15 @@ const withMDX = createMDX();
|
||||
/** @type {import('next').NextConfig} */
|
||||
const config = {
|
||||
reactStrictMode: true,
|
||||
output: "standalone",
|
||||
images: {
|
||||
remotePatterns: [
|
||||
{
|
||||
protocol: "https",
|
||||
hostname: "templates.dokploy.com",
|
||||
},
|
||||
],
|
||||
},
|
||||
};
|
||||
|
||||
export default withMDX(config);
|
||||
|
||||
@@ -9,7 +9,8 @@
|
||||
"types:check": "fumadocs-mdx && tsc --noEmit",
|
||||
"postinstall": "fumadocs-mdx",
|
||||
"fix-openapi": "node scripts/fix-openapi.mjs",
|
||||
"build:docs": "npm run fix-openapi && node generate-docs.mjs"
|
||||
"generate-templates": "node scripts/generate-templates.mjs",
|
||||
"build:docs": "npm run fix-openapi && npm run generate-templates && node generate-docs.mjs && node scripts/fix-api-paths.mjs"
|
||||
},
|
||||
"dependencies": {
|
||||
"@next/third-parties": "16.0.7",
|
||||
@@ -21,7 +22,7 @@
|
||||
"fumadocs-openapi": "10.1.1",
|
||||
"fumadocs-ui": "16.2.3",
|
||||
"lucide-react": "^0.552.0",
|
||||
"next": "16.0.7",
|
||||
"next": "16.1.5",
|
||||
"react": "^19.2.0",
|
||||
"react-dom": "^19.2.0",
|
||||
"shiki": "3.19.0",
|
||||
|
||||
|
Before Width: | Height: | Size: 120 KiB After Width: | Height: | Size: 148 KiB |
BIN
apps/docs/public/assets/architecture-old.png
Normal file
|
After Width: | Height: | Size: 55 KiB |
|
Before Width: | Height: | Size: 55 KiB After Width: | Height: | Size: 378 KiB |
BIN
apps/docs/public/assets/docker-swarm.png
Normal file
|
After Width: | Height: | Size: 740 KiB |
|
Before Width: | Height: | Size: 136 KiB After Width: | Height: | Size: 154 KiB |
|
Before Width: | Height: | Size: 87 KiB After Width: | Height: | Size: 113 KiB |
|
Before Width: | Height: | Size: 149 KiB After Width: | Height: | Size: 179 KiB |
|
Before Width: | Height: | Size: 109 KiB After Width: | Height: | Size: 183 KiB |
|
Before Width: | Height: | Size: 77 KiB After Width: | Height: | Size: 126 KiB |
BIN
apps/docs/public/assets/images/ui/application-advanced.png
Normal file
|
After Width: | Height: | Size: 147 KiB |
BIN
apps/docs/public/assets/images/ui/application-authentication.png
Normal file
|
After Width: | Height: | Size: 200 KiB |
BIN
apps/docs/public/assets/images/ui/application-deployments.png
Normal file
|
After Width: | Height: | Size: 145 KiB |
BIN
apps/docs/public/assets/images/ui/application-domains.png
Normal file
|
After Width: | Height: | Size: 132 KiB |
BIN
apps/docs/public/assets/images/ui/application-environment.png
Normal file
|
After Width: | Height: | Size: 110 KiB |
BIN
apps/docs/public/assets/images/ui/application-general.png
Normal file
|
After Width: | Height: | Size: 154 KiB |
BIN
apps/docs/public/assets/images/ui/application-logs.png
Normal file
|
After Width: | Height: | Size: 207 KiB |
BIN
apps/docs/public/assets/images/ui/application-monitoring.png
Normal file
|
After Width: | Height: | Size: 132 KiB |
BIN
apps/docs/public/assets/images/ui/build-logs.png
Normal file
|
After Width: | Height: | Size: 348 KiB |
BIN
apps/docs/public/assets/images/ui/compose-editor.png
Normal file
|
After Width: | Height: | Size: 179 KiB |
BIN
apps/docs/public/assets/images/ui/concurrent-builds.png
Normal file
|
After Width: | Height: | Size: 151 KiB |
BIN
apps/docs/public/assets/images/ui/create-backup.png
Normal file
|
After Width: | Height: | Size: 169 KiB |
BIN
apps/docs/public/assets/images/ui/create-custom-role.png
Normal file
|
After Width: | Height: | Size: 176 KiB |
BIN
apps/docs/public/assets/images/ui/database-backups.png
Normal file
|
After Width: | Height: | Size: 130 KiB |
BIN
apps/docs/public/assets/images/ui/database-postgres.png
Normal file
|
After Width: | Height: | Size: 147 KiB |
BIN
apps/docs/public/assets/images/ui/docker.png
Normal file
|
After Width: | Height: | Size: 176 KiB |
BIN
apps/docs/public/assets/images/ui/environments.png
Normal file
|
After Width: | Height: | Size: 125 KiB |
BIN
apps/docs/public/assets/images/ui/home.png
Normal file
|
After Width: | Height: | Size: 154 KiB |
BIN
apps/docs/public/assets/images/ui/project-services.png
Normal file
|
After Width: | Height: | Size: 122 KiB |
BIN
apps/docs/public/assets/images/ui/projects.png
Normal file
|
After Width: | Height: | Size: 124 KiB |
BIN
apps/docs/public/assets/images/ui/requests.png
Normal file
|
After Width: | Height: | Size: 122 KiB |
BIN
apps/docs/public/assets/images/ui/schedules.png
Normal file
|
After Width: | Height: | Size: 103 KiB |
BIN
apps/docs/public/assets/images/ui/server-monitoring.png
Normal file
|
After Width: | Height: | Size: 166 KiB |
BIN
apps/docs/public/assets/images/ui/settings-ai.png
Normal file
|
After Width: | Height: | Size: 90 KiB |
BIN
apps/docs/public/assets/images/ui/settings-audit-logs.png
Normal file
|
After Width: | Height: | Size: 162 KiB |
BIN
apps/docs/public/assets/images/ui/settings-certificates.png
Normal file
|
After Width: | Height: | Size: 115 KiB |
BIN
apps/docs/public/assets/images/ui/settings-git.png
Normal file
|
After Width: | Height: | Size: 140 KiB |
BIN
apps/docs/public/assets/images/ui/settings-license.png
Normal file
|
After Width: | Height: | Size: 96 KiB |