Table of Contents
- Introduction
- Basic Features Overview
- Application Management
- Database Management
- SSL Certificate Management
- Monitoring and Alerting
- Advanced Docker Configurations
- Custom Monitoring Metrics
- Automated Backup Strategies
- Security Best Practices
- Regular Maintenance
- Conclusion
1. Introduction
Managing Linux servers can be complex and time-consuming. Dokploy, an elegant open-source server management panel, simplifies these tasks with its intuitive interface and powerful features. This comprehensive guide covers everything from basic usage to advanced configurations.
2. Basic Features Overview
Dokploy offers:
- Application and database management
- Docker Compose integration
- Automated backups
- Pre-built templates
- Monitoring and alerting
- SSL certificate management
3. Application Management
App Store Installation
One-click installation for popular applications:
- WordPress
- Nginx
- MySQL/MariaDB
- Redis
- MongoDB
- PHP
- Node.js
Basic Docker Compose Example
version: '3'
services:
wordpress:
image: wordpress:latest
ports:
- "8080:80"
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress_password
WORDPRESS_DB_NAME: wordpress
Advanced Multi-Container Setup
version: '3.8'
services:
frontend:
image: nginx:alpine
volumes:
- ./frontend:/usr/share/nginx/html
networks:
- app-network
depends_on:
- backend
deploy:
resources:
limits:
cpus: '0.50'
memory: 512M
backend:
image: node:16-alpine
volumes:
- ./backend:/app
environment:
NODE_ENV: production
DB_HOST: db
networks:
- app-network
- db-network
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
db:
image: postgres:13-alpine
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- db-network
environment:
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
secrets:
- db_password
networks:
app-network:
driver: bridge
db-network:
driver: bridge
internal: true
volumes:
postgres_data:
secrets:
db_password:
file: ./secrets/db_password.txt
4. Database Management
Basic Backup Configuration
Database: MySQL
Frequency: Daily at 2 AM
Retention: 7 days
Location: /backup/mysql/
Format: .gz compression
Advanced Backup Strategy
backup:
databases:
mysql:
schedule: "0 2 * * *" # Every day at 2 AM
retention:
local: "7d"
remote: "30d"
compression: "gzip"
pre_backup_script: "/scripts/pre_backup.sh"
post_backup_script: "/scripts/post_backup.sh"
destinations:
- type: "local"
path: "/backup/mysql"
- type: "s3"
bucket: "my-backup-bucket"
prefix: "mysql"
region: "us-east-1"
- type: "sftp"
host: "backup.example.com"
path: "/backups/mysql"
postgres:
schedule: "0 3 * * *" # Every day at 3 AM
options:
format: "custom"
jobs: 4
compress: 9
File Backup Configuration
backup:
files:
wordpress:
source: "/var/www/wordpress"
schedule: "0 1 * * *" # Every day at 1 AM
exclude:
- "*.log"
- "cache/*"
- "tmp/*"
retention:
daily: 7
weekly: 4
monthly: 3
5. SSL Certificate Management
Basic Configuration
server {
listen 443 ssl;
server_name your-domain.com;
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
}
Advanced SSL Configuration
# Strong SSL configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_session_tickets off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self';" always;
6. Monitoring and Alerting
Basic Monitoring
- CPU utilization
- Memory usage
- Disk space
- Network traffic
- Process status
Advanced Custom Metrics
monitoring:
custom_metrics:
- name: nginx_active_connections
type: gauge
command: "curl -s http://localhost/nginx_status | awk 'NR==3 {print $1}'"
interval: 60s
- name: php_fpm_processes
type: gauge
command: "ps aux | grep php-fpm | wc -l"
interval: 30s
- name: disk_io_usage
type: counter
command: "iostat -x | awk '/sda/ {print $14}'"
interval: 120s
alerts:
- metric: nginx_active_connections
condition: "> 1000"
duration: "5m"
severity: warning
- metric: php_fpm_processes
condition: "> 50"
duration: "2m"
severity: critical
Application Performance Monitoring
// Node.js application monitoring
const metrics = {
http_request_duration_seconds: new client.Histogram({
name: 'http_request_duration_seconds',
help: 'Duration of HTTP requests in seconds',
labelNames: ['method', 'route', 'status_code'],
buckets: [0.1, 0.5, 1, 2, 5]
}),
active_users: new client.Gauge({
name: 'active_users',
help: 'Number of active users'
}),
database_queries: new client.Counter({
name: 'database_queries_total',
help: 'Total number of database queries',
labelNames: ['query_type']
})
};
7. Security Best Practices
Firewall Configuration
# Basic firewall rules
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow http
ufw allow https
# Rate limiting
ufw limit ssh/tcp
# Advanced rules
ufw allow from 192.168.1.0/24 to any port 3306 # MySQL
ufw allow from 192.168.1.0/24 to any port 6379 # Redis
Docker Security
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"userns-remap": "default",
"no-new-privileges": true,
"seccomp-profile": "/etc/docker/seccomp-profile.json",
"selinux-enabled": true,
"userland-proxy": false,
"live-restore": true
}
Network Security
# Create isolated networks
docker network create --driver overlay --attachable frontend-net
docker network create --driver overlay --attachable backend-net
docker network create --driver overlay --internal db-net
# Configure network policies
iptables -A DOCKER-USER -i eth0 -j DROP
iptables -A DOCKER-USER -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A DOCKER-USER -i eth0 -p tcp --dport 443 -j ACCEPT
8. Regular Maintenance
Routine Tasks
- Check for system updates
- Review logs
- Verify backup integrity
- Monitor certificate expiration
- Clean temporary files
Log Management
logging:
location: /var/log/dokploy/
retention: 30 days
compression: enabled
rotate: daily
max_size: 100M
9. Conclusion
Dokploy provides a comprehensive solution for modern server management, combining ease of use with powerful features. Whether you're managing a single website or multiple applications, these configurations and best practices will help you maintain a secure, efficient, and well-monitored server environment.
10. Next Steps
- Explore container orchestration
- Implement CI/CD pipelines
- Set up high availability
- Configure disaster recovery
Remember to regularly check the official documentation for updates and new features. Happy server managing!