Show HN: A CLI tool I made to self-host any app with two commands on a VPS (opens in new tab)

This looks really nice, congrats!

1) I see Kamal was an inspiration; care to explain what differs from it? I'm still rocking custom Ansible playbooks, but I was planning on checking out Kamal after version 2 is released soon (I think alongside Rails 8).

2) I see databases are in your roadmap, and that's great.

One feature that IMHO would be game changer for tools like this (and are lacking even in paid services like Hatchbox.io, which is overall great) is streaming replication of databases.

Even for side projects, a periodic SQL dump stored in S3 is generally not enough nowadays, and any project that gains traction will need to implement some sort of streaming backup, like Litestream (for SQLite) or Barman with streaming backup (for Postgres).

If I may suggest this feature, having this tool to provision a Barman server in a different VPS, and automate the process of having Postgres stream to it would be game changer.

One barman server can actually accommodate multiple database backups, so N projects could do streaming backup to one single barman server.

Of course, there would need to be a way to monitor if the streaming is working correctly, and maybe even help the user with the restoration process. But that effectively brings RTO down to near 0 (so no data loss) and can even allow point in time restoration.

I like what I'm seeing, though I'm not sure I have a use case. On a VPS, I'll typically run a cloudflared container and configure a Cloudflare tunnel to that VPS. Then, I can expose any port and point it to a subdomain I configure in the CF dashboard. This gives https for free. I can expose services in containers or anything else running on the VPS.

I'll concede there's probably a little more hands on work doing things this way, but I do like having a good grip on how things are working rather than leaning on a convenient tool. Maybe you could convince me Sidekick has more advantages?

Love this! That said, I achieve the same thing manually using Docker Compose & some shell scripts. It takes a bike longer, but it has forced me to learn the lower level tools that helpers like Sidekick use.

Also, all of these tools have great documentation on getting up and running, but SIGNIFICANTLY LESS INFO ON HOW TO MAINTAIN OVER THE LONG TERM. If I was going to start using a tool like Sidekick, Kamal, or Dokku I would want clear answers to the following:

- How do I keep my VPS host up and running with latest security updates? - How do I update to more recent versions of Docker? - How do I update services that maintain state (eg. update to a new Postgres version) - How do I seamlessly migrate to a new host (perhaps as a way to solve the above)? - How should I manage and serve static resources & user media? (store on host or use cloud storage?) - How do I manage database migrations during an update, and how do I control that process to avoid downtime during an update?

I just spent an entire evening transferring a side project to a new VPS because I needed to update Postgres. The ideal self-hosting solution would make that a 20 min task.

This looks good, and I’m a target user in this space.

One thing I’ve noticed is the prevalence of Docker for this type of tool, or the larger self-managed PaaS tools. I totally get it, and it makes sense. I’m just slow to adapt. I’ve been so used to Go binary deployments for so long. But I also don’t really like tweaking Caddyfiles and futzing with systemd unit files, even though the pattern is familiar to me now. Been waffling on this for quite a while…

I'd also suggest people to take a look at Dokku, it's a very mature project with a similar scope and was discussed here a few weeks ago:

https://news.ycombinator.com/item?id=41358020

I wrote up my own experiences too (https://blog.notmyhostna.me/posts/selfhosting-with-dokku-and...) and I can only recommend it. It is ~3 commands to set up an app, and one push to deploy after that.

This is super nice, and I'm a big fan of the detailed readme with screenshots.

I'll definitely be trying it out, although I do have a pretty nice setup now which will be hard to pull away from. It's ansible driven, lets me dump a compose file in a directory, along with a backup and restore shell script, and deploys it out to my server (hetzner dedicated via server auction).

It's really nice that this handles TLS/SSL, that was a real pain for me as I've been using nginx and automating cerbot wasn't the most fun in the world. This looks a lot easier on that front!

Nice, I'm working in the same space as you (not opensource, personal project). We landed on the same solution, encoding the commands inside Golang and distributing those via SSH.

I'm somewhat surprised not to see this more often. I'm guessing supporting multiple linux versions could get unwieldy, I focused on Ubuntu as my target.

Differences that I see.

* I modeled mine on-top of docker-plugins (these get installed during the bootstrapping process)

* I built a custom plugin for deploying which leveraged https://github.com/Wowu/docker-rollout for zero-downtime deployments

Your solution looks much simpler than mine. I started off modeling mine off fly.io CLI, which is much more verbose Go code. I'll likely continue to use mine, but for any future VPS I'll have to give this a try.

This looks fantastic TBH! Can't wait to give it a go. Congratulations. I've long thought something like this should be possible. The only thing I've done is document carefully my own steps:

https://www.nhatcher.com/post/a-cto-on-a-shoestring/

Looks nice! Something I'd want in front is some sort of basic app firewall like fail2ban or CrowdSec to ban vuln scanners and other intrusion attempts. It is a nice thing about Cloudflare since they provide some of this protection.

Nice, you should probably explain what traefik, sops and age will do. First time I've heard of sops, very handy!

These are great. Having tooling to get stuff out fast and as safely as possible to get to iterating openly.

Here’s a bash script I posted a while back on a different thread that does similar thing if of interest for anyone. It’s probably less nice than op’s for ex it only works with digitalocean (which is great!) - but it’s simple small and mostly readable. also assumes docker - but all via compose, with some samples like nginx w auto-ssl via le.

https://github.com/thomaswilley/tide.sh

"to self-host any app"

Docker != app. Perhaps it'd be more accurate to say, "to host any Docker container"?

What about this is highly available? On a single VPS?

Does this only support a single app?

Nice project but the claims (production ready? Load balance on a single server?) are a bit ridiculous.

Ohhhh I like this. I really enjoy the flyctl CLI tools from Fly.io, which simplifies in a similar manner, but it's platform specific. Good work

Really like this! Funnily enough I was just rabbit holing into terraform + ansible in an effort to do essentially this but with an anycast network. The thinking was to mirror apps across locations with a single deploy. I don't suppose you're plannning something similar with this one?

This looks great. Just bookmarked and then had to double check that I did not just bookmark it a few weeks ago. Turns out I had bookmarked Caddy which is similar but does not deploy the app and don’t think supports Docker. It was the auto CERT that was what I was interested in and what had stuck out in my mind. Have certbot setup and never think about it again, until my server needed to be rebuilt, and I started researching. Good to go for a few months, but my hosting will be up here in a year and going to switch providers and upgrade my setup to 2+ gig so I can run docker reliably. Thanks for posting this one just moved to the top of the list.

Its a simple cli in go It uses docker There is no k8s Handles certs Zero down time

I would love for it to support docker-compose as some of my side projects needs a library in python but I like having my service be in go, so I will wrap the python library in a super simple service.

Overall this is awesome and I love the simplicity, with the world just full of serverless, AI and a bunch of other "stuff". Paralysis through analysis is really an issue and when you are just trying to create a service for yourself or an MVP, it can be a real hinderance.

I have been gravitating towards Taskfile to perform similar tasks to this. God speed to you and keep up the great work.

What's the purpose of encrypting the env file with sops, when the age secret key is stored on the VPS? If someone has access to the encrypted env file, they will also have access to the secret key, and can decrypt it.

Given the choice of Docker and Traefik I would love to know what's the exact difference to Kamal? And btw Kamal will soon have a new improved version with a custom proxy.

I don't know about you but I find the single command $ sudo apt install $x to be much faster, offers wider range of software, more reliable, less fragile, easier to network, and more secure when it comes to running applications on an Ubuntu VPS. The only thing the normal way of running applications is less good at (compared to this dependency manager manager) is "Zero downtime".

This could be great for my projects, but I'm confused about one thing: why does it need to push to a Docker registry? The Dockerfile is local, and each image is built locally. Can't the images be stored purely locally? Perhaps I'm missing something obvious. Not using a registry would reduce the number of moving parts.

this looks amazing!

i’m building https://www.plainweb.dev and i’m looking for the simplest way to deploy a plainweb/plainstack project.

looks like sidekick has the same spirit when it comes to simplicity.

in the plainstack docs i’ve been embracing fly.io, but reliability is an issue. and sqlite web apps (which is the core of plainstack) can’t have real zero downtime deployments, unless you count the proxy holding the pending request for 30 seconds while the fly machine is deployed.

i tried kamal but it felt like non-ruby and non-rails projects are second class citizens.

i was about to document deploying plainstack to dokku, but provisioning isn’t built-in.

my dream deployment tool would be dokku + provisioning & setup, sidekick looks very close to that.

definitely going to try this and maybe even have it in the blessed deploy path for plainstack if it works well!

Wow this is super handy! I have paid tools that function like this for a couple of specific stacks but this seems like an amazing general purpose tool.

Considering the ease of setup the README purports, a few hours of dealing with this might save me a couple hundred bucks a month in service fees.

This looks amazing, congrats on the release! Really looking forward for the database hosting feature as well (and probably networking and mounting data dirs).

As a side note, any reason why you decided against using docker in swarm mode as it should have all these features already built it?

Any possibility you’d add support for a Mac Mini deployment? I think the extra complexity would be from changing the Docker images, but of course the devil is in the details. I just have a Mac Mini and it would be great to self-host some stuff.

Nice work.

I wonder, though. Why Ubuntu? Why not Debian?

With all due respect to Cannonical, Ubuntu is not really suitable. It is not aimed at developers

Unless it has changed since I left it in a fury, it takes too much control away from you with the Snap system.

Looks great! I similarly got frustrated about the complexity of doing side-project ops stuff and messed around with Kamal, but this goes the extra mile by automatically setting up TLS as well. I'll give it a try!

I made something similar sometime ago (without using docker): http://github.com/thebigbone/deploypot

Awesome! Love that it's written in Go—I've recently tested the language for some use cases at work and find it great. I'll dive into your repo to see if I can learn anything new :)

Author of PTerm here, nice work! Let me know if you ever need help or have feedback about PTerm :)

tools like this are pretty sweet but I would rather just run it myself.

docker-compose with a load balancer (traefik) is fairly straightforward and awesome. the TLS setup is nice but I wildcard that and just run certgen myself.

The main thing I think that's missing is some sort of authentication or zero trust system, maybe vpn tunnel provisioner. Most services I self host I do not want to be made public due to security concerns.

"Wow, this really looks significantly better than my own CLI tools"

I'm going to have to look into this pterm thing.

Very interesting. The similarity to the sidekiq is a bit confusing, but it doesn't really matter.

Can I run more than one app on the same VPS with this solution?

I now run more than one app into one single VPS.

How does it compare to ansible? I didn't immediately find a link

I just tried this out on DO and Linode. Worked great!

Very cool stack.

Have used caprover. Good that more tools enter this space.

Very well presented, the README.md looks great.

Gorgeous tool! Thanks for making this.

I consider myself bit techsavy knowing Linux and basic scripting.

But does anyone have a resource or link that explains the idea to make a service which OP shared here?

Because frankly, I'd feel lost reading the code from one file at a time without knowing where to start.

Plus it's written in Go which I have I am not familiar with.

Looks really good, going to test it out.

I would love this, but with Nix.

This really looks nice! Congrats!

Can’t wait to try this out..!