VPS Coolify Bootstrap
Production-ready bootstrap for Coolify on Ubuntu 24.04 LTS — from first boot to running workloads.
Quick Start
git clone https://github.com/rigu/vps-coolify-bootstrap.git
cd vps-coolify-bootstrap
bash scripts/generate-secrets.sh
# Edit bootstrap-artifacts/bootstrap.env with your values
bash scripts/prepare-vps-coolify-init.sh --overwrite
# Use bootstrap-artifacts/vps-coolify-init.generated.yml as VPS user-data
→ Full walkthrough: Getting Started
What You Get
| Feature | Description |
|---|---|
| First-boot provisioning | VPS init user-data with full hardening |
| SSH hardening | AllowUsers, pubkey-only, custom port |
| Firewall baseline | UFW + fail2ban + unattended upgrades |
| Coolify access flow | Onboarding on :8000, then domain/TLS on 80/443 |
| Realtime policy | Configurable 6001/6002 exposure via env |
| Cross-platform | Bash + PowerShell render scripts |
| Verification | Post-bootstrap state validation script |
| Recovery | Emergency SSH recovery + failure runbook |
| Credential vault | Encrypted server-side user passwords |
Implementation Guide
Follow these pages in order for a complete deployment:
| Step | Page | What it covers |
|---|---|---|
| 1 | Getting Started | Generate env, render init, provision VPS |
| 2 | Onboarding Troubleshooting | Fix common Coolify onboarding issues |
| 3 | Create Infra Network | Deploy shared services (Postgres, Valkey, RabbitMQ, SeaweedFS) |
| 4 | Install Docmost on Coolify | Deploy Docmost knowledge base |
| 5 | Install Plane on Coolify | Deploy Plane project management |
Reference Pages
| Page | Purpose |
|---|---|
| Backup Strategy | Production backup design |
| Maintenance Runbook | Daily/weekly/monthly checks |
| Script Workflow | Detailed script usage and flags |
| Bootstrap Env Reference | All env variables documented |
| Bootstrap Flow | First-boot execution order |
| Operations & Security | Post-bootstrap hardening and updates |
| Deployment Modes | All supported deployment paths |
| Realtime Modes | Realtime port exposure options |
| Failure Recovery | Step-by-step recovery runbook |
| Plane Incident Prevention | Known Plane issues and fixes |
| GitHub Promotion | Maintainer checklist |
Repository Layout
env/ Env templates (.env.example files)
scripts/ Bootstrap + helper scripts (Bash + PowerShell)
templates/ VPS init + compose templates
docs/ This documentation site
bootstrap-artifacts/ Generated output (not committed)
Primary Sources
- Docker packet filtering and firewalls
- Docker iptables and DOCKER-USER
- Coolify firewall guidance
- Coolify auto-update behavior
- OpenSSH AllowUsers
Last verified: March 7, 2026.
License: MIT — Use at your own risk; see the README disclaimer.