Coolify manages app deployment, secrets, and infrastructure connectivity via SSH and container runtimes. Harden host access and Coolify control ports first, then secure deployment workflows.
¶ 1) Harden host and network exposure
- Open only required ports for your deployment model.
- When using a custom domain and reverse proxy, close non-essential direct dashboard/terminal ports as documented.
- Restrict SSH with key auth only and disable password login.
- Keep firewall and fail2ban rules active on management hosts.
¶ 2) Protect dashboard and deployment credentials
- Enforce strong dashboard admin credentials and enable MFA when available.
- Use dedicated deploy keys/tokens for Git providers.
- Rotate SSH keys and API tokens on a fixed schedule.
- Restrict who can add servers and production environments.
¶ 3) Secure runtime and backups
- Avoid privileged containers unless explicitly required.
- Keep Docker/Swarm/Kubernetes hosts patched.
- Encrypt automatic backups and test restore reliability.
- Monitor deployment logs for suspicious build/deploy behavior.
- Coolify docs: https://coolify.io/docs
- Coolify firewall guidance: https://coolify.io/docs/knowledge-base/server/firewall
- Coolify source repository: https://github.com/coollabsio/coolify
Any questions?
Feel free to contact us. Find all contact information on our contact page.