Production-ready VPS setup. Docker, Traefik, SSL, monitoring, security. One script, done.
┌─────────────────────────────────────────────────────────┐
│ VPS │
│ │
┌──────────┐ ┌─────────┐ │ ┌─────────────────────────────────────────────────┐ │
│ │ │ │ │ │ Traefik │ │
│ Internet │─────▶│Cloudflare│──────┼──▶│ - SSL termination (Cloudflare DNS challenge) │ │
│ │ │ DNS │ │ │ - Rate limiting, security headers │ │
└──────────┘ └─────────┘ │ │ - Automatic service discovery │ │
│ └──────────────────────┬──────────────────────────┘ │
│ │ │
│ ┌─────────────┼─────────────┐ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────┐ ┌───────────┐ ┌───────────┐ │
│ │ Nuxt │ │ Laravel │ │ Go │ │
│ │ Next.js │ │ NestJS │ │ API │ │
│ │ React │ │ │ │ │ │
│ └─────────────┘ └─────┬─────┘ └───────────┘ │
│ │ │
│ ▼ │
│ ┌────────────────────────┐ │
│ │ MySQL │ PostgreSQL │ │
│ │ Redis │ │ │
│ └────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────┐ │
│ │ Monitoring Stack │ │
│ │ Prometheus → Grafana → Alertmanager │ │
│ │ Loki → Promtail (logs) │ │
│ │ Homer │ Portainer │ Uptime Kuma │ │
│ └─────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────┐ │
│ │ Security Layer │ │
│ │ UFW │ Fail2ban │ CrowdSec │ SSH Hardening │ │
│ └─────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────┘
# Fresh Ubuntu 22.04+ VPS (as root)
git clone https://github.com/ismaildasci/vps-starter.git
cd vps-starter/scripts/setup
sudo bash setup.sh deploy 2Installs Docker, UFW, Fail2ban, swap, aliases. Creates deploy user with 2GB swap.
| Component | What it does |
|---|---|
| Docker + Compose | Container runtime |
| UFW | Firewall (22, 80, 443 only) |
| Fail2ban | Blocks brute force attacks |
| SSH Hardening | Key-only, no root login |
| Swap | Configurable (default 2GB) |
| Aliases | dps, dcup, dclogs... |
| Template | Stack |
|---|---|
| Nuxt | Nuxt 4, Vue 3 |
| Next.js | Next 14+, React |
| React | Vite, nginx |
| Vue | Vite, nginx |
| Template | Stack |
|---|---|
| Laravel | PHP-FPM, nginx |
| NestJS | TypeScript |
| Go | Go 1.22 |
| Template | Version |
|---|---|
| MySQL | 8.0 |
| PostgreSQL | 16 |
| Redis | 7 |
| Template | Purpose |
|---|---|
| Grafana + Prometheus | Metrics & dashboards |
| Loki + Promtail | Log aggregation |
| Homer | Dashboard |
| Portainer | Docker UI |
| Uptime Kuma | Uptime monitoring |
| Template | Purpose |
|---|---|
| Authelia | SSO and Multi-Factor Authentication |
| Vaultwarden | Self-hosted Bitwarden password manager |
| CrowdSec | Modern IPS with Traefik bouncer |
| Vault | Secret management (HashiCorp) |
| Template | Purpose |
|---|---|
| Tailscale | Zero Trust mesh VPN |
| Cloudflare Tunnel | Zero Trust access without open ports |
| Template | Purpose |
|---|---|
| Ollama | Local LLM runtime (CPU/GPU) |
| Open WebUI | ChatGPT-like interface for Ollama |
| n8n | AI workflow automation |
| Template | Purpose |
|---|---|
| Restic | Encrypted, deduplicated backups (S3/B2/local) |
| Template | Purpose |
|---|---|
| Gitea | Self-hosted Git server with CI/CD |
| Template | Purpose |
|---|---|
| Stirling PDF | Self-hosted PDF manipulation (50+ tools) |
├── scripts/
│ ├── setup/ # Server setup (run once)
│ ├── backup.sh # Volume backups
│ ├── restore.sh # Restore backups
│ └── env-*.sh # Env management + GPG
│
├── config/ # Server configs
│ ├── fail2ban/
│ ├── ssh/
│ └── docker/
│
├── templates/ # Copy & deploy
│ ├── traefik/
│ ├── frontend/
│ ├── backend/
│ ├── databases/
│ ├── monitoring/
│ ├── security/
│ ├── networking/
│ ├── ai/
│ ├── backup/
│ ├── devops/
│ └── productivity/
│
└── docs/ # Guides
/home/deploy/
├── apps/ # Your projects go here
├── traefik/ # Reverse proxy
├── shared/ # MySQL, Redis (shared)
├── envs/ # .env files (chmod 600)
├── backups/ # Encrypted backups
└── scripts/ # Utilities
All templates include:
- Memory/CPU limits
no-new-privilegessecurity option- Health checks
- Read-only filesystem (where possible)
- Non-root users
- Server Setup
- Docker Setup
- Traefik Setup
- Deploy Nuxt
- Deploy Laravel
- Monitoring
- Security
- Troubleshooting
After setup, you get these shortcuts:
dps # docker ps (formatted)
dcup # docker compose up -d
dcdown # docker compose down
dclogs # docker compose logs -f
dprune # cleanup unused stuff
apps # cd ~/appsSee CONTRIBUTING.md