Coolify - Self-Hosted PaaS

CRITICAL MUST: Secrets and .env

• NEVER store live .env files or credentials inside any skill folder.
• .env.template files belong only in templates/ within a skill.
• Store live secrets in ~/.admin/.env (or another non-skill location you control) and reference them from there.

Purpose: Install and operate Coolify on a single server, then deploy apps via Nixpacks, Dockerfile, or Docker Compose.

Step 0: Gather Required Information (MANDATORY)

STOP. Before ANY installation commands, collect ALL parameters from the user.

Copy this checklist and confirm each item:

Required Parameters:
- [ ] COOLIFY_SERVER_IP     - Target server IP address
- [ ] SSH_USER              - SSH username (default: ubuntu)
- [ ] SSH_KEY_PATH          - Path to SSH private key (default: ~/.ssh/id_rsa)
- [ ] COOLIFY_ROOT_USER_EMAIL    - Admin email address
- [ ] COOLIFY_ROOT_USER_PASSWORD - Admin password (see requirements below)
- [ ] COOLIFY_INSTANCE_DOMAIN    - Main Coolify URL (e.g., coolify.example.com)
- [ ] COOLIFY_WILDCARD_DOMAIN    - Base domain for apps (e.g., example.com)

Conditional Parameters (ask user):
- [ ] Using Cloudflare Tunnel for HTTPS? (Y/N)
      If Y: CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID
- [ ] Need OAuth callbacks or webhooks? (Y/N)
      If Y: Will configure origin certificates
- [ ] Additional SSH public keys to authorize? (optional)

Password Requirements (Coolify enforced)

• Minimum 8 characters
• At least one uppercase letter (A-Z)
• At least one lowercase letter (a-z)
• At least one number (0-9)
• At least one symbol (!@#$%^&*)

DO NOT proceed to Step 1 until ALL required parameters are confirmed.

Step 1: Determine Installation Path

Based on user answers, follow the appropriate workflow:

Path A: Full Automation (Recommended)

Use when: New server, Cloudflare Tunnel for HTTPS, standard setup.

1. Read references/ENHANCED_SETUP.md
2. Export all parameters collected in Step 0
3. Run enhanced setup script

Path B: Manual Installation

Use when: Existing server, custom requirements, or debugging.

1. Read references/INSTALLATION.md
2. Follow step-by-step SSH commands
3. Configure SSH keys for localhost management (critical step)

Step 2: Secure HTTPS Access

Determine access method based on Step 0 answers:

Step 3: Verify Installation

Run this verification checklist:

Verification:
- [ ] Coolify UI accessible at configured domain or IP:8000
- [ ] Login with COOLIFY_ROOT_USER_EMAIL and password works
- [ ] Servers → localhost shows "Connected" (green)
- [ ] If tunnel: HTTPS working at COOLIFY_INSTANCE_DOMAIN

If localhost not connected: The SSH key configuration failed. See references/INSTALLATION.md section "Configure Coolify SSH Access".

Navigation

Detailed references (one level deep):

• Manual SSH installation: references/INSTALLATION.md
• Fully automated setup: references/ENHANCED_SETUP.md
• Bundled scripts: references/BUNDLED_SCRIPTS.md
• Cloudflare Tunnel (wildcard): references/cloudflare-tunnel.md
• Origin certificates (OAuth/webhooks): references/cloudflare-origin-certificates.md
• Error 1033 troubleshooting: references/TROUBLESHOOTING_CF1033.md

Critical Rules

• Always install Docker CE with Compose plugin before Coolify.
• Do not expose port 8000 publicly without HTTPS (tunnel or reverse proxy).
• Keep /data/coolify intact; treat it as state.
• Always configure Coolify's SSH key for localhost management.

Logging Integration

Log major operations using centralized logging from admin:

log_admin "SUCCESS" "installation" "Installed Coolify" "version=4.x server=$SERVER_ID"
log_admin "SUCCESS" "system-change" "Configured Coolify" "domain=$DOMAIN"
log_admin "SUCCESS" "operation" "Deployed app via Coolify" "app=$APP_NAME"

Related Skills

• admin-devops for inventory and provisioning.
• admin-infra-* for provider-specific VM setup.
• admin-wsl for local Docker/CLI support when coordinating from WSL.

References

• Coolify docs: https://coolify.io/docs
• Coolify GitHub: https://github.com/coollabsio/coolify