Managed services
DollarDeploy installs and configures services directly on your server with one click. No external providers, no separate billing, no network latency—everything runs on your infrastructure.
We use native packages (not Docker) for better performance, security, and easy access via SSH.
Databases
PostgreSQL
The world's most advanced open-source relational database. Perfect for most web applications, with full SQL support, JSON fields, and excellent performance.
- Version: Latest stable from the server distribution.
- Access: Local socket + TCP on localhost:5432
- Management: Full
psqlaccess via SSH, run it as:psql -U postgres
Exposed Environment variables (available for your apps):
# For usage in native apps
POSTGRES_URL=postgresql://postgres:password@localhost:5432/postgres
# For usage in docker apps
POSTGRES_DOCKER_URL=postgresql://postgres:password@host.docker.internal:5432/postgresCustomize with POSTGRES_PASSWORD, POSTGRES_DATABASES in host settings. Read more here.
Redis
In-memory data store for caching, sessions, queues, and real-time features. Extremely fast with sub-millisecond latency.
- Version: Latest stable from the server distribution.
- Access: localhost:6379
- Use cases: Session storage, caching, pub/sub, job queues (BullMQ, Sidekiq)
Exposed Environment variables (available for your apps):
# For usage in native apps
REDIS_URL=redis://localhost:6379
# For usage in Docker apps
REDIS_DOCKER_URL=redis://host.docker.internal:6379MongoDB
Document-oriented NoSQL database. Great for flexible schemas, rapid prototyping, and apps with evolving data structures.
- Version: Latest stable from official MongoDB repositories
- Access: localhost:27017
- Use cases: Content management, catalogs, real-time analytics
Environment variables:
# For locally running, native apps
MONGODB_URL=mongodb://localhost:27017
# For apps running in Docker
MONGODB_DOCKER_URL=mongodb://localhost:27017
MariaDB
MySQL-compatible database with improved performance and additional features. Drop-in replacement for MySQL.
- Version: Latest stable from server distribution
- Access: localhost:3306
- Use cases: WordPress, Laravel, legacy MySQL apps
Environment variables:
MARIADB_URL=mysql://root:password@localhost:3306/mysqlInfrastructure
Docker
Container runtime for running Docker Compose apps or custom containers alongside native apps.
- Version: Latest stable from official Docker repositories
- Includes: Docker Engine + Docker Compose
- Use cases: Complex multi-container setups, apps that require Docker
Note: Most apps don't need Docker—native deployment is faster and simpler. Use Docker only when your app specifically requires it.
Firewall (UFW + fail2ban)
Security hardening for your server. Automatically configured to allow only necessary traffic.
- UFW rules: SSH (22), HTTP (80), HTTPS (443) allowed; everything else blocked.
- fail2ban: Monitors SSH and bans IPs after failed login attempts.
- Auto-updates: Rules updated when you add new apps or services.
DDAgent
Optional monitoring agent that sends metrics, logs, and health data to DollarDeploy for better visibility.
- Collects: CPU, memory, disk, network metrics
- Sends: Application logs and health status
- Dashboard: View in DollarDeploy web interface
LUKS
DollarDeploy includes a built-in LUKS service that sets up a fully encrypted volume on your server — no SSH, no manual cryptsetup commands needed. If your app handles sensitive data — user files, database backups, secrets — storing it unencrypted on a cloud volume is a risk. If the underlying disk is ever extracted or the provider is compelled to hand over a snapshot, plaintext data is exposed. LUKS (Linux Unified Key Setup) encrypts the block device itself, so data is unreadable without the key, regardless of how the disk is accessed.
Set these host environment variables before preparing the host:
ENCRYPTED_DEVICE- (required) Block device path, e.g. /dev/sdbENCRYPTED_NAME- Default:encrypted-data. Device name.ENCRYPTED_MOUNT- Default:/mnt/encrypted. Mount point.ENCRYPTED_KEYFILE- Default:/root/.luks-keyfile. Keyfile location.
Change services to use encrypted storage
Before installing services to the server, add following environment variables to the server so it will automatically use encrypted storage:
POSTGRES_DATA_PATH=/mnt/encrypted/postgresREDIS_DATA_PATH=/mnt/encrypted/redis
Press Prepare to get LUKS configured and enabled to automatically decrypt after server restart.
Custom services
Built-in services cover the common cases. When you need something else — a VPN agent, a message queue, a metrics exporter, an internal tool — you install it with a custom service: your own public GitHub or Gist repo containing a prepare.sh script.
You paste the repo URL on the server's Services tab, and on every Prepare DollarDeploy clones the repo onto the server and runs the script — no SSH, and no changes to DollarDeploy itself.
How it works
- Publish a public repo, e.g.
github.com/<owner>/service-tailscale. - On the server, open the Services tab → add a service of type Custom → paste the repo URL. (Via CLI/API:
type: custom,customUrl: <repo-url>.) - Press Prepare. DollarDeploy clones the repo into
~/services/<name>, runsprepare.sh, and flips the service to active. - To remove it, delete the service and prepare again — the optional
uninstall.shruns and the directory is deleted.
A server can hold many custom services, but the same repo URL cannot be added twice to one server.
Repo layout
- README.md — optional. The first
# headingis the service name (use lowercase, e.g.# tailscale) and becomes the on-host folder~/services/<name>. Falls back to the URL/id if missing. - prepare.sh — required, at the repo root. Runs on every prepare. Must be idempotent.
- uninstall.sh — optional, at the repo root. Runs once when the service is removed, then the directory is deleted.
Naming convention: call the repo service-<name>, e.g. service-tailscale. The repo must be public — the server clones with no credentials, and only github.com/... and gist.github.com/... URLs are accepted.
The prepare.sh contract
- Runs as the app user (not root) from inside the cloned directory, on Ubuntu/Debian. Use
sudofor actions that need root. SERVICE_IDis exported, along with the server's full deploy environment (host env vars,HOST_ID, and so on).- It re-runs on every prepare, so guard your installs (
command -v, file checks). A non-zero exit fails the entire host prepare — useset -eand fail loudly on real errors. - Return values to DollarDeploy by echoing markers on their own line. They are stored on the service and re-injected as environment variables on the next prepare, so generated secrets persist. The
SERVICE_CUSTOM_${SERVICE_ID}_prefix is mandatory — only prefixed markers are persisted.
# Saved on the service; populates the app env as TAILSCALE_IP
echo "{{env:SERVICE_CUSTOM_${SERVICE_ID}_TAILSCALE_IP:$TS_IP}}"Common mistakes
- Private repo → the server clone fails. Keep it public.
- No prepare.sh at the repo root → prepare errors out.
- Forgetting the
SERVICE_CUSTOM_${SERVICE_ID}_prefix on markers → the values are dropped instead of saved. - Non-idempotent script → re-installs or errors on the second prepare. Always guard your steps.
- README heading not lowercase, or not the first heading → wrong folder name, or a fallback to the raw id.
How to enable services
- Go to Servers in your Dashboard
- Click on your server
- Open the Services tab
- Add the service you need
- Press Prepare on the server
Services are installed and configured automatically. Environment variables are injected into all apps on that server.
DollarDeploy-provided custom services
We maintain a number of custom services which enhance your experience using DollarDeploy.
Tailscale
Allows host to join your tailnet. See configuration details in the service.
Postgres Audit
Records all change queries in postgres log for audit purposes.
Postgres squeeze (pgSqueeze)
Improved vacuum, not only removes deleted data but also frees up space used by database files.
Write your own custom service
Fork our example service https://github.com/dollardeploy/service-example/
Why run services on your server?
- Zero latency — Database on localhost, not across the network
- No extra billing — No managed database fees ($15-50+/month saved)
- Full access — SSH in and run any command, inspect data, tune settings
- Your data — Everything stays on your infrastructure
- One-click backups — Back up everything to S3 with a single click
See also: All predefined environment variables