---
type: resource
status: verified
tags: [infra, self-hosting, devops]
---
# 🖥️ Self-Hosting
> How I run my own infrastructure. Battle-tested across [[Tia]], [[obsidian-stack]], [[Position Tracker]].

## The setup
- **Dokploy** (v0.29.5) — Docker-based PaaS on a single server; Compose apps
- **Reverse proxy:** Traefik (LetsEncrypt certs, basicAuth middleware)
- **Networking:** Tailscale (server at `100.75.128.45`; public IP times out externally)
- **Git:** self-hosted **Forgejo** at `git.manohargupta.com` — **SSH on port 2222**
- **Storage:** Cloudflare R2 (S3 API)

## Hard-won lessons
- Secrets only in **Dokploy env tab**, never git ([[Decision Log#TD-006]]); bcrypt `$` must be doubled `$$`
- CouchDB: run as `5984:5984` to skip the chown-on-readonly-ini crash
- Forgejo SSH = **2222** (host sshd owns 22)
- `git config --global --add safe.directory <path>` for container-owned dirs (uid 1000)
- R2 `*.r2.dev` 503s cross-origin imgs → proxy server-side ([[Decision Log#TD-004]])
- LiveSync "remote rebuilt/corrupted" → **Unlock the remote database** then replicate ([[obsidian-stack]])

## Hosted services
[[Tia]] (`tia.`) · Obsidian ([[obsidian-stack]]: `notes.` + `couchdb.`) · [[Position Tracker]] · portfolio

## Related
[[Docker]] · [[Deployment Checklist]] · [[Operations Overview]] · [[MOC - Software]]