Step 1: Secure Your VPS
Before installing CapRover, it’s important to secure your VPS by implementing a firewall, brute-force protection, and automatic security updates.
1.1. Configure Firewall (UFW – Uncomplicated Firewall)
UFW helps control access to your server by allowing only necessary ports.
1.1.1. Install UFW
sudo apt update && sudo apt install ufw -y1.1.2. Allow Necessary Ports
For CapRover and general server access, allow the following ports:
sudo ufw allow 22/tcp # SSH (Modify if using a custom SSH port)
sudo ufw allow 80/tcp # HTTP
sudo ufw allow 443/tcp # HTTPS
sudo ufw allow 3000/tcp # CapRover Web UI (temporary, can be closed later)1.1.3. Enable and Check UFW Status
sudo ufw enable
sudo ufw status verbose1.2. Install Fail2Ban (Protect Against Brute-Force Attacks)
Fail2Ban monitors login attempts and bans IPs with too many failed attempts.
1.2.1. Install Fail2Ban
sudo apt install fail2ban -y1.2.2. Enable Fail2Ban
sudo systemctl enable --now fail2ban1.2.3. Verify Fail2Ban Status
sudo fail2ban-client status1.3. Enable Automatic Security Updates
Security updates should be installed automatically to keep the system secure.
1.3.1. Install Unattended Upgrades
sudo apt install unattended-upgrades -y1.3.2. Enable Automatic Updates
sudo dpkg-reconfigure --priority=low unattended-upgradesStep 2: Install Docker (Required for CapRover)
CapRover runs on Docker, so install Docker before proceeding.
2.1. Install Docker
sudo apt update && sudo apt install -y curl jq
curl -fsSL https://get.docker.com | sudo bash2.2. Verify Docker Installation
docker --versionStep 3: Install CapRover
Now that Docker is installed, install CapRover on your VPS.
3.1. Run CapRover in a Docker Container
sudo docker run -p 80:80 -p 443:443 -p 3000:3000 \
-e ACCEPTED_TERMS=true \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /captain:/captain caprover/caprover3.2. Verify CapRover is Running
Check running containers:
sudo docker psOnce the CapRover is initialized, you can visit http://[IP_OF_YOUR_SERVER]:3000 in your browser and login to CapRover using the default password captain42. You can change your password later.
Step 4: Set Up CapRover with a Domain and SSL
After installing CapRover, configure it with your domain (e.g., app.gethostx.com) using Cloudflare.
4.1. Configure DNS in Cloudflare
- Go to Cloudflare Dashboard → Select gethostx.com.
- Open the DNS tab.
- Add a new A Record:
- Type:
A - Name:
app - IPv4 Address:
<your-server-ip> - Proxy Status: DNS Only (⚪ Grey Cloud, enable proxy after SSL setup)
- Type:
- Add a wildcard subdomain:
- Type:
A - Name:
*.app - IPv4 Address:
<your-server-ip> - Proxy Status: DNS Only
- Type:
4.2. Set Root Domain in CapRover
- Access CapRover Admin Panel:
http://<your-server-ip>:3000/. - Login with:
- Username:
captain - Password: Run the following to get the password:(captain42)
sudo docker service logs captain-captain | grep "App Token"
- Username:
- In CapRover Root Domain Configurations, enter:
yoursubdomain.yourdomain.com - Click Update Domain.
CapRover will restart its services to apply the changes.
4.3. Enable HTTPS (SSL via Let’s Encrypt)
- In CapRover, go to Apps → HTTP Settings.
- Click Enable HTTPS.
- Select Let’s Encrypt and enable Force HTTPS.
4.4. Enable Cloudflare Proxy
- Return to Cloudflare → DNS.
- Change
yoursubdomain.yourdomain.comand*.yoursubdomain.yourdomain.comProxy Status to Proxied (🟠 Orange Cloud). - Wait a few minutes for DNS propagation.
✅ Now CapRover is fully set up and accessible at:
https://yoursubdomain.yourdomain.comStep 5: Post-Installation Recommended Steps
Now that CapRover is installed, take additional steps to optimize and secure your server.
5.1. Nginx Configurations
- CapRover uses Nginx internally, but you can fine-tune settings if needed.
- Check logs for errors:
sudo docker logs captain-nginx - If necessary, manually adjust Nginx settings in CapRover’s advanced settings.
5.2. Enable Monitoring
Install Netdata for real-time monitoring:
curl -sL https://packagecloud.io/netdata/netdata/gpgkey | sudo apt-key add -
sudo add-apt-repository 'deb https://packagecloud.io/netdata/netdata/ubuntu/ focal main'
sudo apt install netdata -y
sudo systemctl enable --now netdataAccess Netdata:
http://<your-server-ip>:19999/5.3. Set Up Backups
Use Restic for automated backups to Google Drive:
sudo apt install restic -y
restic init --repo <backup-location>5.4. Update System and Clean Disk
Regularly update and remove unnecessary files:
sudo apt update && sudo apt upgrade -y
sudo apt autoremove -y
sudo apt clean
