Step 1: Secure Your VPS

Before installing CapRover, it’s important to secure your VPS by implementing a firewall, brute-force protection, and automatic security updates.

1.1. Configure Firewall (UFW – Uncomplicated Firewall)

UFW helps control access to your server by allowing only necessary ports.

1.1.1. Install UFW

sudo apt update && sudo apt install ufw -y

1.1.2. Allow Necessary Ports

For CapRover and general server access, allow the following ports:

sudo ufw allow 22/tcp      # SSH (Modify if using a custom SSH port)
sudo ufw allow 80/tcp      # HTTP
sudo ufw allow 443/tcp     # HTTPS
sudo ufw allow 3000/tcp    # CapRover Web UI (temporary, can be closed later)

1.1.3. Enable and Check UFW Status

sudo ufw enable
sudo ufw status verbose

1.2. Install Fail2Ban (Protect Against Brute-Force Attacks)

Fail2Ban monitors login attempts and bans IPs with too many failed attempts.

1.2.1. Install Fail2Ban

sudo apt install fail2ban -y

1.2.2. Enable Fail2Ban

sudo systemctl enable --now fail2ban

1.2.3. Verify Fail2Ban Status

sudo fail2ban-client status

1.3. Enable Automatic Security Updates

Security updates should be installed automatically to keep the system secure.

1.3.1. Install Unattended Upgrades

sudo apt install unattended-upgrades -y

1.3.2. Enable Automatic Updates

sudo dpkg-reconfigure --priority=low unattended-upgrades

Step 2: Install Docker (Required for CapRover)

CapRover runs on Docker, so install Docker before proceeding.

2.1. Install Docker

sudo apt update && sudo apt install -y curl jq
curl -fsSL https://get.docker.com | sudo bash

2.2. Verify Docker Installation

docker --version

Step 3: Install CapRover

Now that Docker is installed, install CapRover on your VPS.

3.1. Run CapRover in a Docker Container

sudo docker run -p 80:80 -p 443:443 -p 3000:3000 \
-e ACCEPTED_TERMS=true \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /captain:/captain caprover/caprover

3.2. Verify CapRover is Running

Check running containers:

sudo docker ps

Once the CapRover is initialized, you can visit http://[IP_OF_YOUR_SERVER]:3000 in your browser and login to CapRover using the default password captain42. You can change your password later.


Step 4: Set Up CapRover with a Domain and SSL

After installing CapRover, configure it with your domain (e.g., app.gethostx.com) using Cloudflare.

4.1. Configure DNS in Cloudflare

  1. Go to Cloudflare Dashboard → Select gethostx.com.
  2. Open the DNS tab.
  3. Add a new A Record:
    • Type: A
    • Name: app
    • IPv4 Address: <your-server-ip>
    • Proxy Status: DNS Only (⚪ Grey Cloud, enable proxy after SSL setup)
  4. Add a wildcard subdomain:
    • Type: A
    • Name: *.app
    • IPv4 Address: <your-server-ip>
    • Proxy Status: DNS Only

4.2. Set Root Domain in CapRover

  1. Access CapRover Admin Panel: http://<your-server-ip>:3000/.
  2. Login with:
    • Username: captain
    • Password: Run the following to get the password:(captain42)
      sudo docker service logs captain-captain | grep "App Token"
  3. In CapRover Root Domain Configurations, enter:
    yoursubdomain.yourdomain.com
  4. Click Update Domain.

CapRover will restart its services to apply the changes.


4.3. Enable HTTPS (SSL via Let’s Encrypt)

  1. In CapRover, go to Apps → HTTP Settings.
  2. Click Enable HTTPS.
  3. Select Let’s Encrypt and enable Force HTTPS.

4.4. Enable Cloudflare Proxy

  1. Return to Cloudflare → DNS.
  2. Change yoursubdomain.yourdomain.com and *.yoursubdomain.yourdomain.com Proxy Status to Proxied (🟠 Orange Cloud).
  3. Wait a few minutes for DNS propagation.

Now CapRover is fully set up and accessible at:

https://yoursubdomain.yourdomain.com

Step 5: Post-Installation Recommended Steps

Now that CapRover is installed, take additional steps to optimize and secure your server.

5.1. Nginx Configurations

  • CapRover uses Nginx internally, but you can fine-tune settings if needed.
  • Check logs for errors:
    sudo docker logs captain-nginx
  • If necessary, manually adjust Nginx settings in CapRover’s advanced settings.

5.2. Enable Monitoring

Install Netdata for real-time monitoring:

curl -sL https://packagecloud.io/netdata/netdata/gpgkey | sudo apt-key add -
sudo add-apt-repository 'deb https://packagecloud.io/netdata/netdata/ubuntu/ focal main'
sudo apt install netdata -y
sudo systemctl enable --now netdata

Access Netdata:

http://<your-server-ip>:19999/

5.3. Set Up Backups

Use Restic for automated backups to Google Drive:

sudo apt install restic -y
restic init --repo <backup-location>

5.4. Update System and Clean Disk

Regularly update and remove unnecessary files:

sudo apt update && sudo apt upgrade -y
sudo apt autoremove -y
sudo apt clean