Skip to content

Dokploy Platform

Self-hosted PaaS at platform.projecteidos.com. The "git push and it deploys" platform — a Heroku/Vercel equivalent we run ourselves.

Field Value
Public URL https://platform.projecteidos.com
Admin URL https://platform.projecteidos.com (UI)
Audience engineers
Criticality high — manages deploys for multiple apps
Maturity [INFO NEEDED]
Owner [INFO NEEDED]
Last reviewed 2026-05-05

1. At a glance

Dokploy automates the work of deploying applications. Engineers point it at a Git repo (or a Docker image), and it runs the app on our servers, with TLS, environment variables, and routing handled. If Dokploy is unhealthy, redeploys stop, but apps already running may keep serving traffic. If Dokploy's data is lost, the configuration of every app it manages must be reconstructed.

2. Business purpose

  • One-click deployments without per-app DevOps work.
  • Centralized place for environment variables, build settings, and routing.
  • Lower operational cost vs Vercel/Heroku/Render at scale.

3. Audience

Engineering team.

4. Hosting & cloud infrastructure

  • Server: E2 EIDOSDev1 Dokploy VPS — Dokploy itself runs on E2 and manages all containers on E2
  • Reverse proxy (front): Caddy on E1 → Dokploy/Traefik on E2

Infrastructure map

Item Value Notes
Public hostname platform.projecteidos.com
Backend host E2 (3 vCPU / 18 GB Free Ampere A1 in EIDOSDev1)
Open ports 443
TLS cert [INFO NEEDED] Caddy auto-LE
Reverse proxy Traefik (Dokploy bundles it) sits behind E1 Caddy
Container image / version dokploy/dokploy:[INFO NEEDED]
Host server name E2
Worker nodes managed E2 itself only [CONFIRM] single-node Dokploy
Public IP (E2) 145.241.230.130 (best-inference; [CONFIRM] via OCI console) apex WP DNS direct, subdomain via E1
Apps deployed GitLab, Teams Bot, 3 Twenty CRMs, 3 WordPress sites (= 8 apps + Dokploy itself) see proxies.md
Database bundled Postgres container [CONFIRM]
Redis bundled container [CONFIRM]

Credentials in Vault

Secret type Vault path / link Last rotated
Dokploy admin login [INFO NEEDED]
Database password [INFO NEEDED]
GitLab/GitHub deploy tokens [INFO NEEDED]
Per-app environment variables [INFO NEEDED] Dokploy stores them encrypted; the encryption key must be in Vault
SSH keys to managed hosts [INFO NEEDED]
Container registry credentials [INFO NEEDED]

5. Technology behind it

  • Type: off-the-shelf
  • Product: Dokploy (open-source PaaS, dokploy.com)
  • Stack: Node.js + PostgreSQL + Redis + Traefik; deploys via Docker / Docker Swarm

6. Data it handles

  • Source-code references (Git URLs, branches)
  • Environment variables for every managed app — including secrets if anything was set there directly
  • Build logs (which can leak secrets if not careful)
  • Deployment history

7. External dependencies

  • GitLab (or GitHub) for source pulls
  • Container registry
  • Traefik for routing
  • Let's Encrypt for TLS issuance on managed app domains
  • The host operating systems it deploys to

8. Authentication & access

  • End-user login: Dokploy local accounts [CONFIRM]
  • OIDC / Authentik integration? [INFO NEEDED]
  • MFA? [INFO NEEDED]
  • SSH access to managed hosts: [INFO NEEDED]

9. Maturity assessment

Dimension Status Evidence
Backups [INFO NEEDED] DB + env-var encryption key
Restore tested [INFO NEEDED]
Monitoring [INFO NEEDED]
Alerting [INFO NEEDED]
Redundancy [INFO NEEDED] typically single control-plane host
Patching cadence [INFO NEEDED]

10. Known risks & vulnerabilities

  • [CONFIRM] Single control plane — Dokploy is one server orchestrating many. If it dies, deploys stop and config can't be edited; running apps continue but you can't change anything.
  • [INFO NEEDED] Env-var encryption key — environment variables are stored encrypted in Dokploy's DB; without the key, a DB backup is unusable.
  • [INFO NEEDED] Public dashboard — exposed admin UI on the internet → brute-force surface.
  • [INFO NEEDED] Build environment can leak — Dockerfiles that COPY .env files into images push secrets to the registry.
  • [INFO NEEDED] Out-of-date Dokploy — relatively young project, releases often.
  • [INFO NEEDED] Apps deployed to host root — if managed apps run as root inside containers and the host is shared, lateral compromise risk grows.

11. Impact if it goes down

  • No deploys, no rollbacks, no env-var changes.
  • Running apps usually keep serving (because Traefik on the same/different host continues routing).
  • If Dokploy is also the reverse proxy (single Traefik), then yes — all managed apps go offline together.

12. Owner & on-call

  • Primary owner: [INFO NEEDED]

13. References & links

  • Public URL: https://platform.projecteidos.com
  • Vendor docs: https://docs.dokploy.com
  • Apps deployed via Dokploy: [INFO NEEDED] (likely Parallax, Teams Bot, others)
  • Domain: see domains.md