Deploying CapRover Self-Hosted PaaS for Docker Applications on Ubuntu 24.04

CapRover is an open-source, self-hosted Platform-as-a-Service that automates application deployment with Docker Swarm, Nginx, and automatic Let's Encrypt certificates. This guide deploys CapRover on Ubuntu 24.04 using Docker Compose, opens the required firewall ports, enables HTTPS for the dashboard, and deploys a sample app from the one-click marketplace. By the end, you'll have a CapRover PaaS running apps on subdomains of your wildcard root domain.

Prerequisite: A wildcard DNS A record (e.g. *.apps.example.com) pointing at the server's IP. Don't use a proxying DNS (Cloudflare orange-cloud), or the ACME challenge will fail.

Set Up the Directory Structure

1. Create the project directory:

$ mkdir -p ~/caprover
$ cd ~/caprover

2. Create the environment file:

$ nano .env

ACCEPTED_TERMS=true
DEFAULT_PASSWORD=StrongPassword-321
CAPROVER_ROOT_DOMAIN=apps.example.com

Deploy with Docker Compose

1. Create the Docker Compose manifest:

$ nano docker-compose.yml

services:
  caprover:
    image: caprover/caprover:1.14.1
    ports:
      - "80:80"
      - "443:443"
      - "3000:3000"
    environment:
      ACCEPTED_TERMS: "${ACCEPTED_TERMS}"
      DEFAULT_PASSWORD: "${DEFAULT_PASSWORD}"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /captain:/captain

Configure the Firewall

1. Allow SSH and the CapRover ports:

$ sudo ufw allow OpenSSH
$ sudo ufw allow 80,443,996,7946,4789,2377/tcp
$ sudo ufw allow 3000/tcp
$ sudo ufw allow 7946,4789,2377,443/udp

2. Enable and verify the firewall:

$ sudo ufw enable
$ sudo ufw status

Port 3000 is the initial dashboard and will be closed after HTTPS is forced.

Start CapRover

1. Launch the stack in detached mode:

$ docker compose up -d

2. Verify Swarm services and tail the init logs:

$ docker service ls
$ docker service logs captain-captain --tail 20

Wait until the log prints Captain is initialized and ready to serve you.

Configure the Dashboard

1. Sign in:

Open http://YOUR_SERVER_IP:3000 and authenticate with DEFAULT_PASSWORD from .env.

2. Set the root domain:

Enter apps.example.com, click Update Domain, and reopen http://YOUR_SERVER_IP:3000 once CapRover confirms DNS resolution.

3. Enable and force HTTPS:

Click Enable HTTPS, enter the Let's Encrypt email, then click Force HTTPS. The dashboard now lives at https://captain.apps.example.com.

4. Close port 3000 and change the password:

$ sudo ufw delete allow 3000/tcp

Change the dashboard password from Settings in the sidebar.

Deploy a Sample App

1. From the dashboard, open Apps → One-Click Apps/Databases.

1. Search Uptime Kuma.
2. Set the App Name to uptime-kuma and the version to latest.
3. Click Deploy.

5. Enable HTTPS for the app:

Go to Apps → uptime-kuma, confirm Websocket Support is enabled, click Enable HTTPS, check Force HTTPS, and click Save & Restart. The app is live at https://uptime-kuma.apps.example.com.

If a deploy fails, check:

$ docker service logs captain-captain --tail 50

Next Steps

CapRover is running with HTTPS for the dashboard and a sample app deployed. From here you can:

• Deploy your own apps via the CapRover CLI (captain-cli) or tar.gz upload
• Wire git push deploys with GitHub/GitLab webhooks
• Cluster multiple servers into a single Swarm for horizontal scaling

For the full guide with additional tips, visit the original article on Vultr Docs.