Production-ready VPS setup. Docker, Traefik, SSL, monitoring, security. One script, done.
┌─────────────────────────────────────────────────────────┐
│ VPS │
│ │
┌──────────┐ ┌─────────┐ │ ┌─────────────────────────────────────────────────┐ │
│ │ │ │ │ │ Traefik │ │
│ Internet │─────▶│Cloudflare│──────┼──▶│ - SSL termination (Cloudflare DNS challenge) │ │
│ │ │ DNS │ │ │ - Rate limiting, security headers │ │
└──────────┘ └─────────┘ │ │ - Automatic service discovery │ │
│ └──────────────────────┬──────────────────────────┘ │
│ │ │
│ ┌─────────────┼─────────────┐ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────┐ ┌───────────┐ ┌───────────┐ │
│ │ Nuxt │ │ Laravel │ │ Go │ │
│ │ Next.js │ │ NestJS │ │ API │ │
│ │ React │ │ │ │ │ │
│ └─────────────┘ └─────┬─────┘ └───────────┘ │
│ │ │
│ ▼ │
│ ┌────────────────────────┐ │
│ │ MySQL │ PostgreSQL │ │
│ │ Redis │ │ │
│ └────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────┐ │
│ │ Monitoring Stack │ │
│ │ Prometheus → Grafana → Alertmanager │ │
│ │ Loki → Promtail (logs) │ │
│ │ Homer │ Portainer │ Uptime Kuma │ │
│ └─────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────┐ │
│ │ Security Layer │ │
│ │ UFW │ Fail2ban │ CrowdSec │ SSH Hardening │ │
│ └─────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────┘
# Fresh Ubuntu 22.04+ VPS (as root)cd vps-starter/scripts/setup
sudo bash setup.sh deploy 2Installs Docker, UFW, Fail2ban, swap, aliases. Creates deploy user with 2GB swap.
Component
What it does
Docker + Compose
Container runtime
UFW
Firewall (22, 80, 443 only)
Fail2ban
Blocks brute force attacks
SSH Hardening
Key-only, no root login
Swap
Configurable (default 2GB)
Aliases
dps, dcup, dclogs...
Template
Stack
Nuxt
Nuxt 4, Vue 3
Next.js
Next 14+, React
React
Vite, nginx
Vue
Vite, nginx
Template
Stack
Laravel
PHP-FPM, nginx
NestJS
TypeScript
Go
Go 1.22
Template
Version
MySQL
8.0
PostgreSQL
16
Redis
7
Template
Purpose
Grafana + Prometheus
Metrics & dashboards
Loki + Promtail
Log aggregation
Homer
Dashboard
Portainer
Docker UI
Uptime Kuma
Uptime monitoring
Template
Purpose
Authelia
SSO and Multi-Factor Authentication
Vaultwarden
Self-hosted Bitwarden password manager
CrowdSec
Modern IPS with Traefik bouncer
Vault
Secret management (HashiCorp)
Template
Purpose
Tailscale
Zero Trust mesh VPN
Cloudflare Tunnel
Zero Trust access without open ports
Template
Purpose
Ollama
Local LLM runtime (CPU/GPU)
Open WebUI
ChatGPT-like interface for Ollama
n8n
AI workflow automation
Template
Purpose
Restic
Encrypted, deduplicated backups (S3/B2/local)
Template
Purpose
Gitea
Self-hosted Git server with CI/CD
Template
Purpose
Stirling PDF
Self-hosted PDF manipulation (50+ tools)
├── scripts/
│ ├── setup/ # Server setup (run once)
│ ├── backup.sh # Volume backups
│ ├── restore.sh # Restore backups
│ └── env-*.sh # Env management + GPG
│
├── config/ # Server configs
│ ├── fail2ban/
│ ├── ssh/
│ └── docker/
│
├── templates/ # Copy & deploy
│ ├── traefik/
│ ├── frontend/
│ ├── backend/
│ ├── databases/
│ ├── monitoring/
│ ├── security/
│ ├── networking/
│ ├── ai/
│ ├── backup/
│ ├── devops/
│ └── productivity/
│
└── docs/ # Guides
After Setup (Server Layout) /home/deploy/
├── apps/ # Your projects go here
├── traefik/ # Reverse proxy
├── shared/ # MySQL, Redis (shared)
├── envs/ # .env files (chmod 600)
├── backups/ # Encrypted backups
└── scripts/ # Utilities
All templates include:
Memory/CPU limits
no-new-privileges security optionHealth checks
Read-only filesystem (where possible)
Non-root users
After setup, you get these shortcuts:
dps # docker ps (formatted)# docker compose up -d# docker compose down# docker compose logs -f# cleanup unused stuff# cd ~/apps See CONTRIBUTING.md
MIT
