This project is a plug-and-play infrastructure setup designed for any VPS. It combines the power of Traefik for reverse proxy and SSL, a complete monitoring stack (Prometheus + Grafana), and containerized databases — all wired together with Docker.
Whether you're spinning up a dev environment or preparing for production, this setup helps you launch fast, stay secure, and keep everything under control.
If you find this project useful, please consider sponsoring me on GitHub! on GitHub! — it helps keep the project active and maintained!
Your sponsorship helps me dedicate more time to adding features, fixing bugs, and building open source tools for the community. Thank you for your support! 🙏
Enjoyed the content? If you want and can, buy me a coffee via Pix! ☕ ✨
f986fbd8-1902-42af-8fd6-d351aa950a74- 🔐 Automatic HTTPS with Let's Encrypt via Traefik with Dns Challenge (CloudFlare)
- 🔁 Dynamic reverse proxy for your services, with zero-downtime reloads
- 📊 Built-in monitoring stack with Prometheus, Grafana, and exporters
- 🛢️ Containerized databases like PostgreSQL, Redis and MySQL, ready to use
- 🐳 Fully Docker-based, easy to deploy and manage
- ⚙️ Scalable foundation for microservices or monoliths
Below is a simplified overview of the infrastructure:
+--------------------------+
| INTERNET |
+--------------------------+
|
▼
+----------------+
| Traefik |
| (production) |
+----------------+
|
+---------------------------+---------------------------+
| | |
▼ ▼ ▼
+--------------+ +-----------------+ +-----------------+
| Grafana | | Prometheus | | Portainer |
| Monitoring | | production | | production |
+--------------+ +-----------------+ +-----------------+
(All services above are reverse proxied by Traefik)
+-----------------------------------+
| Application Layer |
| (application network) |
+-----------------------------------+
| Your custom services |
| (API, WebApp, Workers, etc.) |
+-----------------------------------+
+-----------------------------------+
| Databases |
| (databases network) |
+-----------------------------------+
| PostgreSQL / MySQL/ Redis |
+-----------------------------------+
This project uses three isolated Docker networks to provide clean architecture and enhance security:
production— for core infrastructure services like Traefik, Prometheus, and Portainerdatabases— for database containers such as PostgreSQL, MySQL, Redisapplication— for your actual app containers (API, frontend, workers, etc.)Monitoring— for the Exporter's and Grafana
Each container is connected only to the networks it needs — reducing attack surfaces and keeping your infrastructure modular and maintainable.
A collection of handy commands to help you manage your infrastructure and server setup.
Generate a new SSH key (no passphrase):
ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519_ci -N ""
View the private key:
cat ~/.ssh/id_ed25519_ci
View the public key:
cat ~/.ssh/id_ed25519_ci.pub
Add the public key to the server (as root): Append the .pub content to:
/root/.ssh/authorized_keys
Set correct permissions on the server:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Use the command below to create a hashed password for use with basic auth in Traefik:
htpasswd -nbB yourusername yourpassword
Example output: admin:$2y$05$abc123...longhash...
Use this in your Traefik middleware config for securing the dashboard.
Create a Docker network:
docker network create <network-name>
List all Docker networks:
docker network ls
Follow Traefik logs:
docker logs -f traefik
Filter Traefik logs for certificate activity:
docker logs -f traefik | grep certificate
Install and configure Prometheus Node Exporter to monitor system metrics (CPU, memory, disk, etc).
📥 1. Download Node Exporter
cd /opt
curl -LO https://github.com/prometheus/node_exporter/releases/download/v1.9.0/node_exporter-1.9.0.linux-amd64.tar.gz
📦 2. Extract and move binary
tar xvf node_exporter-1.9.0.linux-amd64.tar.gz
mv node_exporter-1.9.0.linux-amd64/node_exporter /usr/local/bin/
rm -rf node_exporter-1.9.0.linux-amd64*👤 3. Create a system user
sudo useradd --no-create-home --shell /usr/sbin/nologin node_exporter🔥 4. Open port 9100
ufw allow 9100/tcp🚀 5. Start and enable the service
systemctl daemon-reload
systemctl start node_exporter
systemctl enable node_exporter✔️ Traefik - Dashboard ID: 4475
✔️ PostgreSQL - Dashboard ID: 9628
✔️ MySQL - Dashboard ID: 7362
✔️ Redis - Dashboard ID: 11835
✔️ Node Exporter (server metrics)- Dashboard ID: 1860
To browse ready-to-use community dashboards: 🔗 https://grafana.com/grafana/dashboards
Essential Docker commands to help you manage containers, images, volumes, and services with ease.
List running containers:
docker ps
List all containers (including stopped ones):
docker ps -a
Start a container:
docker start <container_name>
Stop a container:
docker stop <container_name>
Restart a container:
docker restart <container_name>
Restart a container:
docker restart <container_name>
Restart a container:
docker rm <container_name>
Start all services in the background:
docker compose up -d
Start services with rebuild (no cache):
docker compose up -d --build --no-cache
Stop all running services:
docker compose down
Stop all running services and remove volumes:
docker compose down -v
Rebuild services:
docker compose build
View logs for all services:
docker compose logs -f
View logs for a specific service:
docker compose logs -f <service_name>
Restart a specific service:
docker compose restart <service_name>
List local Docker images:
docker images
Build an image (from Dockerfile):
docker build -t <image_name> .
Build an image (from Dockerfile):
docker rmi <image_name>
Remove all stopped containers:
docker container prune
Remove unused images:
docker image prune
Remove all unused volumes:
docker volume prune