Skip to content

Instantly share code, notes, and snippets.

@andyklimczak

andyklimczak/gist:50880c8dfa336d009b255dc64bc0969d

Last active September 6, 2025 02:48
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save andyklimczak/50880c8dfa336d009b255dc64bc0969d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save andyklimczak/50880c8dfa336d009b255dc64bc0969d to your computer and use it in GitHub Desktop.
Download ZIP
New dokku setup stuff
Raw
gistfile1.md

ssh in (typically ubuntu digital ocean dokku marketplace image)

$ ssh root@host

Create user other than root to log in to with sudo and dokku groups

# adduser somename
# usermod -aG sudo somename
# usermod -aG dokku somename

Copy ssh key from local to server

$ ssh-copy-id -i ~/.ssh/mykey.pub somename@host

or if ssh key from digitalocean worked:

mkdir /home/somename/.ssh
cp /root/.ssh/authorized_keys /home/somename/.ssh/
chown somename:somename -R /home/somename/.ssh
chmod 700 /home/shomename/.ssh
chmod 600 /home/somename/.ssh/authorized_keys

Add to .ssh/config

Host servername
  HostName host
  User somename
  IdentityFile /home/someuser/.ssh/id_key

ssh in as user using config and ssh key (shouldn't ask for password)

ssh servername

then exit root ssh

Upgrade system

sudo apt update
sudo apt dist-upgrade

Install dokku update

$ sudo apt install dokku-update
$ sudo dokku-update run

Then reboot

sudo reboot

Secure ssh (simple)

$ sudo vim /etc/ssh/sshd_config

Change:

PermitRootLogin no
PasswordAuthentication no

Uncomment/change:

PermitEmptyPasswords no
MaxAuthTries 3
X11Forwarding no 
AllowTcpForwarding no

Restart ssh

sudo systemctl restart ssh

then try to login as root, shouldn't work

Add swap (if memory low)

Helps with deploying faster if you don't need a lot of storage space

# create a 4G file
sudo fallocate -l 4G /swapfile

# secure it
sudo chown root:root /swapfile
sudo chmod 600 /swapfile

# make and enable swap
sudo mkswap /swapfile
sudo swapon /swapfile

# persist on reboot if not already present
grep -q '^/swapfile ' /etc/fstab || echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

# verify
ls -l /swapfile    # should show -rw-------
swapon --show

Dokku stuff

$ echo 'PUB KEY' | sudo dokku ssh-keys:add somename
$ dokku apps:create someapp

Done?

Should be good to create dokku apps now. Set git remote to dokku instance and push branch

git remote add dokku dokku@servername:appname // use servername from ~/.ssh/config setup
git push dokku master

CI Steps

Add ssh private key to repo secrets Add to ci.yml

  deploy:
    runs-on: ubuntu-latest
    needs: test-lint # DOUBLE CHECK THIS
    if: github.ref == 'refs/heads/master'
    steps:
      - name: Cloning repo
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Push to dokku
        uses: dokku/github-action@master
        with:
          git_remote_url: 'ssh://dokku@host/app'
          ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment