Get the top HN stories in your inbox every day.
benbristow
enumjorge
Apologies for the very off-topic reply, but I can't help but find it a little funny that on a thread exalting a particular tool, the top comment at the time of this writing is a link to another, newer tool. Not that there's anything wrong with sharing the link, but it does seem like here at HN we have a bit of a grass-is-greener thing going on. I would understand it more if the discussion was around how bad a tool is and someone chimed in with an alternative. And it's not like I don't want people to share these other projects but personally on a thread about a particular topic, the comments I find the most useful are those from people with experience in that topic sharing their opinions, tips, etc. In this case, the comment our community found the most valuable on the topic of Dokku seems to be a link to Dokploy, a project that judging by the commit history is new as of this past April.
rsyring
I find it helpful to have other tools listed. I already know a decent amount about Dokku and clicked on these comments specifically to find out what other tools might be up and coming or otherwise mentioned in the space.
I'm still waiting for something built on a rootless container solution and with everything defined in git (i.e. no or limited cli commands) so that exactly what is being deployed is, at all times, tracked in git.
miroljub
> I'm still waiting for something built on a rootless container solution
I'm pretty sure you can run both Dokku and Dokkplay using podman. It's a drop-in replacement for docker that runs just fine rootless.
panarky
If the topic is "favorite personal serverless platform" then discussion of other offerings is absolutely on-topic.
> Apologies for the very off-topic reply ... it does seem like here at HN ...
There's nothing more HN than filling the first page of comments with discussion of everything except the linked article.
franciscop
> it does seem like here at HN we have a bit of a grass-is-greener thing
Since it's Hacker News, not Old-But-Stable-Project-News, that seems expected? The other way it also happens, and has been happening forever, I published a new OSS project of mine ~10 years ago, went to the front-page, and 8 of 10 comments were recommending other pre-existing tools.
benbristow
I think I was respectful enough to word the original comment I made to the difference between Dokploy & Dokku, not just saying one is better than the other. I've used both successfully and think both are great products - just wanted to share my experience. There seems to be an umbrella recently of self-hosting tools like Coolify/Dokku/Dokploy etc. so wanted to contribute to the discussion in that way. Dokploy is also an open-source project so thought the exposure might be positive on a high ranking HN post.
enumjorge
My comment came out crankier than I intended. I do think comments like yours are valuable, and I agree that you were respectful and informative. I'm just genuinely amused that the top comment is for a completely different tool. That's more an observation about how we vote as a community, not about your post. I include myself in that group though as I have in the past been drawn to the new and shiny over the already known.
gosub100
My theory for this, at least in this case when the featured article is about a software program, aka a tool, then it really becomes a discussion about the tools that serve the purpose of that in TFA.
Here's an analogy from the physical realm: "presenting shovel, a customizable tool for removing dirt".
- doesn't work well for rocky terrain, but I'm working on DigBar, which can outperform Shovel in many high performance workloads.
- it's a lot slower than Hoe, if you're only going down 4" of topsoil
- I wrote a custom frontend for Shovel call Flatend, it carries more volume for loose loads
- theres a paid product called posthole that is worth buying if you build fences, uses shovel under GPLv3
e-clinton
The linking of other tools/initiatives for me is half the value of the post
nacs
After seeing a recent HN post about Dokku, I started going into the nitty gritty of deploying it before finding out there is no multi-node support at all. So if you ever get to the point where you want to scale beyond one server, dokku can't do it which seems like most of the point of using a Heroku-ish tool (I've tried k3s in the past but Kubernetes always seemed like overkill for a non-enterprise setup).
I'll check out dokploy now that I see it has multi-node support.
turblety
Thanks for the recommendation. I've just given it a try and it looks great. I had tried coolify.io before, but the multi node/swarm support wasn't great, and the registry didn't work. Dokploy seemed to work straight out of the box.
One thing I wish it had to preview deployments though. Coolify had that. But I can live without it.
elAhmo
One alternative to this alternative is to use a webui for dokku itself. Such as https://github.com/ledokku/ledokku
hebrox
I see that the last commit was 2 years ago. Do you know any other alternatives?
fastball
Looks nice, but this is quite the security issue:
Traubenfuchs
Thank you -that looks significantly less involved than setting up dokku.
kevinob11
For a while dokku was selling a pro version with a web ui and json api. I don't really mind the CLI so while we bought it I don't really use it. I see there hasn't been much activity on pro, I wonder if it is still a focus.
_d6rd
Nice. Why not use a github merge webhook for triggering deploys?
benbristow
I have actions on my projects to build & publish container images to GitHub's container registry. The deploy trigger from the workflow makes Dokploy get the latest image from the registry and run it.
dewey
I was looking at many of these "selfhosted Heroku" type of solutions recently and read many HN discussions about the different options (coolify.io, ploi, ...) as I migrated to a new server and always copying, adapting nginx configs got a bit old.
I've landed on Dokku in the end as it's the one with the least amount of "magic" involved and even if I stopped using it I could just uninstall it and have everything still running. Can highly recommend it!
The developer is also super responsive and I even managed to build a custom plugin without knowing too much about it with some assistance. Documented this on my blog too: https://blog.notmyhostna.me/posts/deploying-docker-images-wi...
Balladeer
How long did it take you to go from "making a new server / copying configs is fine" to "this is tedious enough I'd like to abstract it?"
Like, was it a years-long journey or is this the type of thing that becomes immediately obvious once you start working w/ N servers or something?
I'm trying to learn the space between "physical machines in my apartment" and "cloud-native everything" and that's led me to the point where I'm happily using cloud-init to configure servers and running fun little docker compose systems on them.
duckmysick
For homelab (but not only) you can install Proxmox Virtual Environment on your physical machine. You end up with a way to create VMs and containers with a web UI. It supports cloud-init too. If you have a spare machine it's excellent for experimenting and learning.
https://www.proxmox.com/en/proxmox-virtual-environment/overv...
dewey
I wanted to self-host more of my Rails projects and Dokku comes with nice Buildpack support so I can just push a generic Rails app and it'll run out of the box. That plus that I had to set up a new server after many years made me look into that more.
abra0
That's where I am too right now for personal projects, and I ended up reimplementing parts of Dokuploy for that, but I don't feel much of a need to move from "fun little docker compose" for some reason
imtringued
cloud-init is good, but it assumes that you treat your VMs like containers and that means you will need a lot more VMs that you constantly create and destroy and you will have to deal with block storage for persistence.
If all you do is ssh into a system with docker compose installed, you will hardly benefit from cloud-init beyond the first boot.
lfkdev
What you are actually searching for is called ansible
dewey
That's pretty much the opposite of what I'm searching for. Getting a static site running with https on Dokku on a fresh server is done in under 2 minutes if you type quickly.
1) Run curl command to install Dokku
2) Set up domain to point to my server
3) Run 3 Dokku commands (https://news.ycombinator.com/item?id=41358578)
4) Add remote git url to my repository
5) Git push to that remote
6) Done
undefined
lfkdev
1) Install Ansible
2) Create a playbook which pulls from your GIT, sets the DNS and installs Caddy (or apache+certbot or whatever) (~5min)
3) Run Ansible
You now don't need docker, can change to any other cheaper hoster any time you want and you don't have the limitations of "serverless" services
hk__2
That’s orthogonal; you can use Ansible with Dokku.
Sammi
I downvoted because you didn't qualify your statement.
interstice
I have found over the years that trying new software risks immediately running into a road block in real use. There will be some detail or complexity or bug on a semi-basic requirement that goes directly to an issue in github.
Dokku is not one of those, it does what it does well and aside from a couple of cli argument ordering quirks it's been great for my light usage. If I was using it more I'd probably want to configure entire architectures with declarative config files, I have no idea if it can do that though.
Lord_Zero
And then those GitHub issues get closed by stalebot a month later and the repo looks like it doesn't have many issues.
kmarc
Whenever a new tool / library / plugin / whatever is evaluated by myself or my team, I spend some time on gathering some github issue / PR stats. I think this is now part of my "software engineering toolset" / best practices.
If there are too many open PRs, or unresolved tickets, OR there are too many _new_ ones, I would rather start searching for something else
klabb3
Same. I do a lot of research and try to get a sense of the person/team behind it and their values, vision, dedication, if they accept outside contributions, etc.
A few years ago it became popular to document the project processes, but it all turned into generic code of conduct garbage and abstract governance pillars, as if they were writing a constitution. So looking at GitHub issues and commit history is still the best way. And very well invested time.
dewey
Dokku is actually the opposite of that. Super responsive, helpful and nice maintainer (Already mentioned by a few other people in this thread).
I was so positively surprised that I got help so quickly after asking that I started to sponsor it via GitHub immediately.
notpushkin
Dokku is really neat! I've been using it before moving to building my own Docker images and deploying with Swarm. It was also (partly) the motivation behind my own take on self-hosted PaaS, Lunni (shameless plug): https://lunni.dev/
In general, I really love the idea of running all your stuff on a server you own as opposed to e.g. Heroku or AWS. Simple predictable monthly bill really gives you peace of mind.
jjnoakes
> In general, I really love the idea of running all your stuff on a server you own as opposed to e.g. Heroku or AWS. Simple predictable monthly bill really gives you peace of mind.
Have you found hosting you like with bandwidth expense caps? I'm looking for something like this but I don't want surprise network bills if I misconfigure something.
diggan
> Have you found hosting you like with bandwidth expense caps?
Not exactly what you're looking for, but solves the same problem in a different way:
I've been quite happy with using Hetzner's dedicated servers which come with 1 GBit unmetered connection (unlimited bandwidth), so no surprise network charges :)
apitman
Note that if you saturate that 1Gbps link they will almost certainly ask you to stop. Lots of VPS offer "unlimited" but it's really not. It's only unlimited within their "fair use" restrictions, ie only as long as they think it's reasonable.
Would love to be shown a counterexample provider.
notpushkin
Yeah, I think plenty of VPS providers do unmetered traffic too. Mine has a limit but it's something like 8 TB/mo, so I'm not particularly worried either.
thelittleone
Perhaps Hetzner or OVH?
emacsen
I'm curious as to your thoughts around Swarm.
My concern around Swarm is around the Docker corporation, which appears to be struggling.
As a competitor, we have Nomad, but with the recent IBM acquisition, I'm concerned about Nomad's future.
notpushkin
I do have some concerns about Docker Inc. and Mirantis (which now owns Docker Swarm I believe), yeah. Swarm is pretty mature though, and while I don't think it's going anywhere soon, I don't think we'll get any more core features anytime soon.
For Lunni, my plan is to add support for another orchestrator while keeping the developer experience of just working with docker-compose.yml. I really didn't want to do K8s, but given it's essentially an open standard now, it should be a safer bet than Nomad. I guess we'll see when I can get to it!
ForHackernews
IBM bought Nomad? That's disappointing to hear.
Nomad was always much better than k8s, sad that it never got the same kind of traction or mindshare.
imtringued
My gripe with nomad was that it didn't have init containers. You were basically forced to either have an endlessly growing job specification file or put consul-template in every single container image.
mdasen
Do you mind if I ask why you chose Docker Swarm? I don't know that much about Swarm and I'd love to know what you think about it compared to K8s (in terms of ease, nice things, things missing, etc.)
raphinou
Not lunni's dev, but a Swarm fan :-)
I'm a swarm user, but using single node swarms. It's the best solution I found for deploying apps. A lot of projects publish docker compose files, and those are easily usable with Swarm after some small modifications. I'm using the setup described at dockerswarm.rocks [1] and it's smooth sailing.
It's a real pitty, and still surprises me, Swarm is not more popular. It's still maintained [2] but few people still recommend it (even dockerswarm.rocks doesn't anymore). I've switched to it in 2022 [2] thinking I didn't take a lot of risk as starting with it is a really a low investment, and I'm still satisfied with it. I've deployed a new server with it recently.
1: https://dockerswarm.rocks/traefik/ 2: https://www.yvesdennels.com/posts/docker-swarm-in-2022/
notpushkin
The main reason probably was the fact that I was already familiar with Docker and Docker Compose. Kubernetes introduces a whole lot of concepts that I didn't feel like studying up, plus there was a 3-node minimum requirement. I just wanted to be able to start with a single node and be able to scale up if needed, so Swarm just felt like a natural match here.
I'm looking into K8s and other orchestrators like Nomad and perhaps will add support in Lunni at some point, but for now I believe Swarm is the sweet spot for smaller deployments (from single server up to maybe a couple hundred nodes).
chuckadams
There are several k8s implementations that are fine with a single node: k3s in particular is worth a look. But Swarm is still quite legit in my book.
ownagefool
There isn't actually ( nor was there ever ) a 3 node requirement for k8s.
Etcd requires 3 boxes for HA, but nothing stops you running a single node etcd.
I personally run single master clusters, because if the master goes down, you lose management as opposed to actual service availability, so mostly I don't care.
Now that there's anything wrong with your preference.
raphinou
How's Lunni going? Is swarm working well? I remember an announcement of it some time ago :-)
password4321
Related discussion on the front page today: "Coolify’s rise to fame, and why it could be a big deal" https://news.ycombinator.com/item?id=41356239
> Coolify can enable organizations of any size to host an arbitrary number of free, self-hosted software easier than ever.
https://github.com/coollabsio/coolify
> An open-source & self-hostable Heroku / Netlify / Vercel alternative.
HL33tibCe7
> It’s often desirable to have HTTPS for your site. Dokku makes this easy with the Let’s Encrypt Plugin, which will even auto-renew for you. I don’t use this, because I’m letting Cloudflare handle this with its proxy.
Hopefully you do use TLS between Cloudflare and your Dokku (even with a self-signed cert or something), otherwise your personal sites (which are apparently sensitive enough to put behind basic auth) are being transited over the internet in plaintext.
drpossum
From my understanding Cloudflare can generate origin certs for exactly this purpose and you can add certs to dokku with `dokku certs:add myapp`
throwitaway1123
Agreed. It also can't hurt to setup a firewall or EC2 Security Group that only allows ingress from Cloudflare IPs: https://www.cloudflare.com/ips/
Alternatively, you can use Cloudflare Tunnel, and then block all incoming connections.
viraptor
You have to limit the traffic to that pool to prevent people accessing your server directly. But that's not enough on its own, because other people can use CloudFlare's IPs to scan you too, so you need some kind of auth on top or use the tunnel.
throwitaway1123
Yes, this is correct. If you're using IP address allowlists then you also have to check the Host HTTP header (Cloudflare won't allow their other customers to forge that header). Or, you can use mTLS (as another commenter pointed out), or tunnels (as I pointed out): https://news.ycombinator.com/item?id=26690388
chazeon
Typically my servers is behind NAT and it has no public address, one can only reached the service through the CF tunnel and my access is through VPN, this should be safe, right?
fideloper
they also provide certs for mTLS between cloudflare and your origin, which you can layer in along with IP restrictions
(the term they use is “authenticated origin pull”)
umit-cakmak
Can you issue wildcard certificates with Dokku? It seems like you need to have a proxy domain to register the TXT records, since you do not know the domain of the user in advance.
andybak
Genuinely curious what the threat model is here?
aftbit
One might be avoid mass traffic interception due to malicious or corrupt BGP rules, either by accident or on purpose by a nation-state or telco. Another might be avoiding interception by your own ISP for various purposes.
yunohn
You can avoid both of those easily using Cloudflare Tunnels, which seamlessly works with their proxying CDN.
Mackser
I've been using Dokku for many years. It's remarkably stable and easy to use. I wrote an extensive tutorial on how to deploy various apps and websites with Dokku in 2018 [1] and I'm sure that following the same steps still works 6 years later.
1: https://maxschmitt.me/posts/tutorial-deploy-apps-websites-do...
realty_geek
Delighted to see dokku on here. It's an amazing product and the founder is super humble and helpful. I can't afford to throw much money at it now but it would be great if more people supported it financially
conradludgate
My experience with dokku was pretty poor. It was quick to start with but on my VPS crashing and restarting, my apps would not relaunch. I'd have to re-run the dokku commands again. Perhaps I did something wrong but I inevitably switched to a single-node k8s setup as it ended up being more reliable
josegonzalez
Dokku maintainer here. If you have more detailed feedback, I'd love to hear it! Happy you've found something that works for you though :)
goodbytes
This comment to me is another upvote to use dokku. Been a happy user for years myself. If you do need help, the discord is pretty responsive and always helpful.
mixmastamyk
systemctl enable foo
aledalgrande
Curious: for this type of infra, what do people use for file/object storage? Using something like AWS would negate all the savings with egress costs.
apitman
If you want hosted S3-compatible storage, you should be able to combine Backblaze B2, Wasabi, or Cloudflare R2 with any VPS provider from the bandwidth alliance:
https://www.cloudflare.com/bandwidth-alliance/
That should alleviate egress costs. Bonus that storage is also way cheaper.
tdeck
If your capacity needs aren't very high you can just store data on your web server in a directory
throwaway77385
Pocketbase (also in a Dokku-powered container) on a Hetzner Cloud VPS with attached storage. Stupidly cheap, very reliable.
ilovebabyyoda
minIO can also be self hosted as an s3 alternative. Or host a database. Likely just depends on the type of storage you are looking for
bpicolo
Good ol local disk
undefined
mdasen
Dokku is great, but historically it didn't really handle resilience. It looks like there's now a K3s scheduler (added earlier this year) which would mean I could have use a Kubernetes operator for a replicated database as well as have the app running on multiple boxes (in case one fails). It looks like it'll even setup K3s for you. The docs don't seem to go into it, but hopefully the ingress can also be setup on multiple boxes (I wonder if it uses a NodePort or the host network).
I was sad when Flynn died (https://github.com/flynn/flynn), but it's great to see Dokku doing well.
davidsgk
> Dokku is great, but historically it didn't really handle resilience.
Would you mind elaborating a bit on this? I'm exploring some serverless options right now and this would be useful info. Do you mean it's not really designed out of the box for resilience, or that it fails certain assumptions?
ffsm8
I'm not the person you're responding to, but I believe I can answer that question as well.
Dokku essentially just started a container. If your server goes down, so did this container because it's just a single process, basically.
Other PaaS providers usually combine it with some sort of clustering like k3s or docker-swarm, this provides them with fail over and scaling capabilities (which dokku historically lacked). Haven't tried this k3s integration either myself, so can't talk about how it is nowadays.
mdasen
Yea, this. Dokku was basically a single-server thing. If that box dies, your site goes down until you launch it on a new box. That might not be a huge deal for smaller sites. If my blog is down for a day, it's not a big deal.
With a cluster, if a server goes down, it can reschedule your apps on one of the other servers in the cluster (assuming that there's RAM/CPU available on another server). If you have a cluster of 3 or 5 boxes, maybe you lose one and your capacity is slightly diminished, but your apps still run. If your database is replicated between servers, another box in the cluster can be promoted to the primary and another box can spin up a new replica instance.
Dokku without a cluster makes deploys easy, but it doesn't help you handle the failure of a box.
josegonzalez
Yeah the k3s scheduler is basically "we integrate with k3s or BYO kubernetes and then deploy to that". It was sponsored by a user that was migrating away from Heroku actually. If you've used k3s/k8s, you basically get the same workflow as Dokku has always provided but now with added resilience.
Note: I am the Dokku maintainer.
davidsgk
Ah gotcha, thanks for the insight!
oezi
My major gripe with dokku is that there is no way to define the configuration in a file rather than executing the commands manually.
Otherwise: totally agree, great tool for self hosting.
josegonzalez
We have ansible modules (https://github.com/dokku/ansible-dokku) that cover the majority of app management if thats what you want. The reason I am hesitant to do it in something like `app.json` is purely because one might expose Dokku to users who only have push access and some of those commands can be fairly destructive.
Disclaimer: I am the Dokku maintainer.
oezi
Thank you! I was hoping for something less intimidating than going full ansible/terraform.
Essentially something that captures all dokku invocations and could be transferred to another machine. Is app.json this?
0xblinq
I’d love this feature too. Why not add it as an optional thing to enable and let users decide? Maybe just put a big warning in the docs and make it opt-in?
josegonzalez
I really hate adding knobs - it increases the amount of work I need to do to maintain and support the project.
Long term, I'd like to port the ansible modules over to being maintained internally by the dokku/omakase project, and then maybe that could be a plugin that folks could run from within their deploy.
imemyself
It doesn't cover everything - but I've had great success with terraform and this module. https://github.com/aaronstillwell/terraform-provider-dokku
JonAtkinson
You can configure almost everything using an app.json file.
dewey
I believe they are talking about the Dokku commands that are needed to set up a new Dokku app.
For example for a static site that would be the following:
dokku apps:create dewey.at
dokku domains:set dewey.at dewey.at www.dewey.at
dokku letsencrypt:enable dewey.at
mdasen
Could you put them in a .sh file and then just run `sh setup_dewey.sh`? Maybe put `&&` between them so that if one fails, it won't keep running through the script?
oezi
Exactely, I was really surprised that dokku isn't all based on storing these commands in a config/script which gets executed every time you change something.
Get the top HN stories in your inbox every day.
I've been enjoying using Dokploy recently.
https://github.com/Dokploy/dokploy
It's similar to Dokku but has a nice web UI, makes it easier to deploy Docker/Compose solutions and auto LetsEncrypt functionality is built-in by design (not as a separate plugin).
I've also built a GitHub Actions workflow to trigger off a deploy to apps hosted on it (basic cURL command but works well). https://github.com/benbristow/dokploy-deploy-action
And put together some pre-configured Compose files you can deploy for various apps. https://github.com/benbristow/dokploy-compose-templates