disclosure-bureau/infra/coolify/INSTALL.md

Coolify — VPS install

Coolify is the self-hosted PaaS that runs everything else. One curl command installs it.

Pre-reqs on the VPS

• Ubuntu 22.04+ or Debian 12+
• root or sudo
• Open ports: 22, 80, 443, 8000 (Coolify dashboard during install; can be locked behind subdomain later)
• A DNS A record like coolify.disclosure.top pointing at the VPS IP (any subdomain works)

Install

SSH into the VPS, then:

curl -fsSL https://cdn.coollabs.io/coolify/install.sh | sudo bash

This sets up:

• Docker + Docker Compose
• The Coolify control plane in /data/coolify/
• A built-in Traefik that handles TLS

Boot takes ~5 min. When done you'll see a URL like http://<your-ip>:8000 — open it, create the admin user.

Post-install — hardening

1. Point a subdomain at the panel in Coolify Settings → "Instance Domain": coolify.disclosure.top. Save. It auto-issues TLS via Let's Encrypt.

2. Disable port 8000 publicly — once subdomain works, edit firewall:

   ufw allow 22/tcp
   ufw allow 80/tcp
   ufw allow 443/tcp
   ufw deny 8000/tcp
   ufw enable
   

3. Add S3 backup destination in Coolify Settings → Backups (Backblaze B2 recommended — $0.005/GB/mo).

4. Optional: Cloudflare proxy — pointing the wildcard *.disclosure.top through Cloudflare as proxy adds DDoS mitigation + edge caching. Set DNS-only (grey cloud) for first TLS issuance, then re-enable proxy (orange) after the cert is issued.

What's next

Once you can log in to the Coolify dashboard at https://coolify.disclosure.top:

→ SUPABASE.md — create the first Supabase project