Skip to main content

Deployments & App Management

Managed services

DollarDeploy installs and configures services directly on your server with one click. No external providers, no separate billing, no network latency—everything runs on your infrastructure.

We use native packages (not Docker) for better performance, security, and easy access via SSH.

Databases

PostgreSQL

The world's most advanced open-source relational database. Perfect for most web applications, with full SQL support, JSON fields, and excellent performance.

  • Version: Latest stable from the server distribution.
  • Access: Local socket + TCP on localhost:5432
  • Management: Full psql access via SSH, run it as:
    psql -U postgres

Exposed Environment variables (available for your apps):

# For usage in native apps
POSTGRES_URL=postgresql://postgres:password@localhost:5432/postgres

# For usage in docker apps
POSTGRES_DOCKER_URL=postgresql://postgres:password@host.docker.internal:5432/postgres

Customize with POSTGRES_PASSWORD, POSTGRES_DATABASES in host settings. Read more here.

Redis

In-memory data store for caching, sessions, queues, and real-time features. Extremely fast with sub-millisecond latency.

  • Version: Latest stable from the server distribution.
  • Access: localhost:6379
  • Use cases: Session storage, caching, pub/sub, job queues (BullMQ, Sidekiq)

Exposed Environment variables (available for your apps):

# For usage in native apps
REDIS_URL=redis://localhost:6379

# For usage in Docker apps
REDIS_DOCKER_URL=redis://host.docker.internal:6379

MongoDB

Document-oriented NoSQL database. Great for flexible schemas, rapid prototyping, and apps with evolving data structures.

  • Version: Latest stable from official MongoDB repositories
  • Access: localhost:27017
  • Use cases: Content management, catalogs, real-time analytics

Environment variables:

# For locally running, native apps
MONGODB_URL=mongodb://localhost:27017

# For apps running in Docker
MONGODB_DOCKER_URL=mongodb://localhost:27017

MariaDB

MySQL-compatible database with improved performance and additional features. Drop-in replacement for MySQL.

  • Version: Latest stable from server distribution
  • Access: localhost:3306
  • Use cases: WordPress, Laravel, legacy MySQL apps

Environment variables:

MARIADB_URL=mysql://root:password@localhost:3306/mysql

Infrastructure

Docker

Container runtime for running Docker Compose apps or custom containers alongside native apps.

  • Version: Latest stable from official Docker repositories
  • Includes: Docker Engine + Docker Compose
  • Use cases: Complex multi-container setups, apps that require Docker

Note: Most apps don't need Docker—native deployment is faster and simpler. Use Docker only when your app specifically requires it.

Firewall (UFW + fail2ban)

Security hardening for your server. Automatically configured to allow only necessary traffic.

  • UFW rules: SSH (22), HTTP (80), HTTPS (443) allowed; everything else blocked.
  • fail2ban: Monitors SSH and bans IPs after failed login attempts.
  • Auto-updates: Rules updated when you add new apps or services.

DDAgent

Optional monitoring agent that sends metrics, logs, and health data to DollarDeploy for better visibility.

  • Collects: CPU, memory, disk, network metrics
  • Sends: Application logs and health status
  • Dashboard: View in DollarDeploy web interface

LUKS

DollarDeploy includes a built-in LUKS service that sets up a fully encrypted volume on your server — no SSH, no manual cryptsetup commands needed. If your app handles sensitive data — user files, database backups, secrets — storing it unencrypted on a cloud volume is a risk. If the underlying disk is ever extracted or the provider is compelled to hand over a snapshot, plaintext data is exposed. LUKS (Linux Unified Key Setup) encrypts the block device itself, so data is unreadable without the key, regardless of how the disk is accessed.

Set these host environment variables before preparing the host:

  • ENCRYPTED_DEVICE - (required) Block device path, e.g. /dev/sdb
  • ENCRYPTED_NAME - Default: encrypted-data. Device name.
  • ENCRYPTED_MOUNT - Default: /mnt/encrypted. Mount point.
  • ENCRYPTED_KEYFILE - Default:/root/.luks-keyfile. Keyfile location.

Change services to use encrypted storage

Before installing services to the server, add following environment variables to the server so it will automatically use encrypted storage:

  • POSTGRES_DATA_PATH=/mnt/encrypted/postgres
  • REDIS_DATA_PATH=/mnt/encrypted/redis

Press Prepare to get LUKS configured and enabled to automatically decrypt after server restart.

Custom services

Built-in services cover the common cases. When you need something else — a VPN agent, a message queue, a metrics exporter, an internal tool — you install it with a custom service: your own public GitHub or Gist repo containing a prepare.sh script.

You paste the repo URL on the server's Services tab, and on every Prepare DollarDeploy clones the repo onto the server and runs the script — no SSH, and no changes to DollarDeploy itself.

How it works

  1. Publish a public repo, e.g. github.com/<owner>/service-tailscale.
  2. On the server, open the Services tab → add a service of type Custom → paste the repo URL. (Via CLI/API: type: custom, customUrl: <repo-url>.)
  3. Press Prepare. DollarDeploy clones the repo into ~/services/<name>, runs prepare.sh, and flips the service to active.
  4. To remove it, delete the service and prepare again — the optional uninstall.sh runs and the directory is deleted.

A server can hold many custom services, but the same repo URL cannot be added twice to one server.

Repo layout

  • README.md — optional. The first # heading is the service name (use lowercase, e.g. # tailscale) and becomes the on-host folder ~/services/<name>. Falls back to the URL/id if missing.
  • prepare.shrequired, at the repo root. Runs on every prepare. Must be idempotent.
  • uninstall.sh — optional, at the repo root. Runs once when the service is removed, then the directory is deleted.

Naming convention: call the repo service-<name>, e.g. service-tailscale. The repo must be public — the server clones with no credentials, and only github.com/... and gist.github.com/... URLs are accepted.

The prepare.sh contract

  • Runs as the app user (not root) from inside the cloned directory, on Ubuntu/Debian. Use sudo for actions that need root.
  • SERVICE_ID is exported, along with the server's full deploy environment (host env vars, HOST_ID, and so on).
  • It re-runs on every prepare, so guard your installs (command -v, file checks). A non-zero exit fails the entire host prepare — use set -e and fail loudly on real errors.
  • Return values to DollarDeploy by echoing markers on their own line. They are stored on the service and re-injected as environment variables on the next prepare, so generated secrets persist. The SERVICE_CUSTOM_${SERVICE_ID}_ prefix is mandatory — only prefixed markers are persisted.
# Saved on the service; populates the app env as TAILSCALE_IP
echo "{{env:SERVICE_CUSTOM_${SERVICE_ID}_TAILSCALE_IP:$TS_IP}}"

Common mistakes

  • Private repo → the server clone fails. Keep it public.
  • No prepare.sh at the repo root → prepare errors out.
  • Forgetting the SERVICE_CUSTOM_${SERVICE_ID}_ prefix on markers → the values are dropped instead of saved.
  • Non-idempotent script → re-installs or errors on the second prepare. Always guard your steps.
  • README heading not lowercase, or not the first heading → wrong folder name, or a fallback to the raw id.

How to enable services

  1. Go to Servers in your Dashboard
  2. Click on your server
  3. Open the Services tab
  4. Add the service you need
  5. Press Prepare on the server

Services are installed and configured automatically. Environment variables are injected into all apps on that server.

DollarDeploy-provided custom services

We maintain a number of custom services which enhance your experience using DollarDeploy.

Tailscale

Allows host to join your tailnet. See configuration details in the service.

GitHub - dollardeploy/service-tailscale: Install on your host service for DollarDeploy
Install on your host service for DollarDeploy. Contribute to dollardeploy/service-tailscale development by creating an account on GitHub.

Postgres Audit

Records all change queries in postgres log for audit purposes.

GitHub - dollardeploy/service-pgaudit: Custom service to enable Postgres audit
Custom service to enable Postgres audit. Contribute to dollardeploy/service-pgaudit development by creating an account on GitHub.

Postgres squeeze (pgSqueeze)

Improved vacuum, not only removes deleted data but also frees up space used by database files.

GitHub - dollardeploy/service-pgsqueeze
Contribute to dollardeploy/service-pgsqueeze development by creating an account on GitHub.

Write your own custom service

Fork our example service https://github.com/dollardeploy/service-example/

Why run services on your server?

  • Zero latency — Database on localhost, not across the network
  • No extra billing — No managed database fees ($15-50+/month saved)
  • Full access — SSH in and run any command, inspect data, tune settings
  • Your data — Everything stays on your infrastructure
  • One-click backups — Back up everything to S3 with a single click

See also: All predefined environment variables