CapRover controls deployments, service configuration, and secrets across your cluster. Security should focus on dashboard access, Docker Swarm control-plane hardening, and strict service-level isolation.
¶ 1) Lock down admin dashboard and server access
- Expose CapRover dashboard only over HTTPS with trusted certificates.
- Restrict dashboard access by network (VPN/IP allowlist) where possible.
- Enforce strong admin credentials and rotate after staff changes.
- Disable root SSH login and use key-based SSH only for host access.
¶ 2) Harden service deployment and runtime
- Use Service Update Override to apply security controls per app (read-only filesystems, limited capabilities, network constraints) when supported.
- Restrict container privileges and avoid broad host mounts.
- Keep Docker socket access tightly controlled.
- Separate critical workloads into dedicated services/networks.
¶ 3) Protect secrets and backup data
- Store app secrets in CapRover environment settings, not in source repos.
- Rotate SMTP/API/database credentials on schedule.
- Encrypt backup archives and test restore procedures.
- Monitor deploy logs and admin actions for anomaly detection.
- CapRover docs: https://caprover.com/docs/
- CapRover service update override: https://caprover.com/docs/service-update-override.html
- CapRover source repository: https://github.com/caprover/caprover
Any questions?
Feel free to contact us. Find all contact information on our contact page.