Advanced Installation

Deploy Erugo on a production server with Docker, SSL certificates, and a reverse proxy. This guide covers the full setup from server creation to secure HTTPS access.

Overview

This guide walks through deploying Erugo on a VPS with Docker, Nginx Proxy Manager for reverse proxy and SSL, and persistent storage for uploaded files.

By the end, you'll have a production-ready Erugo instance accessible over HTTPS with automatic SSL certificate renewal.

Hardware Requirements

Erugo doesn't have officially published hardware requirements, but based on its technology stack (PHP, Laravel, Vue.js) and typical usage scenarios, here are the recommended minimum specs:

Creating Your Server

You'll need a VPS (Virtual Private Server) from a cloud provider. Popular options include Hetzner, DigitalOcean, Linode, or Vultr. This guide uses Ubuntu 24.04 as the operating system.

Server Configuration

• Location: Choose a region close to your users
• Image: Ubuntu 24.04
• Type: Shared vCPU (x86 Intel/AMD)
• Size: 2 vCPUs, 4GB RAM, 40GB SSD (or larger)
• Networking: Public IPv4 and IPv6

Erugo Sponsor

The Erugo website and demo instance are hosted on Box To Play VPS servers. They've provided reliable hosting for over a year, with reasonably priced VPS options that we'd recommend regardless of their sponsorship.

SSH Key Configuration

For security, use an Ed25519 SSH key which offers better security and efficiency compared to RSA and ECDSA.

Generate SSH Key

On your local machine, generate a new SSH key:

ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_erugo

Add the contents of ~/.ssh/id_ed25519_erugo.pub (the public key) to your cloud provider's SSH key settings when creating the server.

Connecting to Your Server

Once your server is created, note the IP address and connect via SSH:

ssh -i ~/.ssh/id_ed25519_erugo root@YOUR_SERVER_IP

Replace YOUR_SERVER_IP with your server's actual IP address.

Creating a Non-Root User

For security best practices, create a dedicated non-root user to run Docker instead of using the root account. This limits privileges and reduces potential attack vectors.

Create the User

Run these commands as root to create a user named erugo:

# Create the erugo user
adduser --disabled-password --gecos "" erugo

# Add erugo user to sudo group
usermod -aG sudo erugo

# Set up SSH key authentication
mkdir -p /home/erugo/.ssh
cp /root/.ssh/authorized_keys /home/erugo/.ssh/authorized_keys
chown -R erugo:erugo /home/erugo/.ssh
chmod 700 /home/erugo/.ssh
chmod 600 /home/erugo/.ssh/authorized_keys

# Configure passwordless sudo for erugo user
echo "erugo ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/erugo
chmod 440 /etc/sudoers.d/erugo

Switch to the New User

Log out and reconnect as the new user:

ssh -i ~/.ssh/id_ed25519_erugo erugo@YOUR_SERVER_IP

Installing Docker

Install Docker using the official convenience script:

bash <(wget -qO- https://get.docker.com)

Add User to Docker Group

To avoid using sudo for every Docker command:

sudo usermod -aG docker $USER

Verify Installation

After logging back in, verify Docker is working:

docker run hello-world

You should see a success message confirming Docker is installed correctly.

DNS Configuration

Configure DNS records to access your Erugo instance via a custom domain. You'll need access to your domain's DNS settings (e.g., through Cloudflare, your registrar, etc.).

Create an A Record

• Navigate to your DNS settings
• Add a new A record
• Set the Name to your desired subdomain (e.g., erugo or files)
• Set the Content to your server's IP address
• Set TTL to Auto or a low value during setup

For example, if your domain is example.com and you use the subdomain files, you'll access Erugo at files.example.com.

Nginx Proxy Manager

Nginx Proxy Manager provides an easy way to manage reverse proxy hosts with automatic SSL certificate generation via Let's Encrypt.

Create Directory

mkdir nginx-proxy-manager
cd nginx-proxy-manager

Docker Compose Configuration

Create a docker-compose.yml file:

services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '443:443'
      - '81:81'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    networks:
      - nginx_internal_network

networks:
  nginx_internal_network:
    name: nginx_internal_network
    driver: bridge

Start Nginx Proxy Manager

docker compose up -d && docker compose logs -f

Press Ctrl+C to stop following logs once the container is running.

Access the Admin Interface

Open your browser and navigate to:

Default login credentials:

• Email: [email protected]
• Password: changeme

Docker Compose Configuration

Create a dedicated directory for Erugo:

cd ~
mkdir erugo
cd erugo

Create the docker-compose.yml file:

services:
  app:
    image: wardy784/erugo:latest
    restart: always
    container_name: erugo
    volumes:
      - /home/erugo/Erugo-Storage:/var/www/html/storage
    deploy:
      resources:
        limits:
          memory: 2G
        reservations:
          memory: 1G
    networks:
      - nginx_internal_network

networks:
  nginx_internal_network:
    external: true

Persistent Storage Setup

The volume mount ensures uploaded files are stored on your host system, not just inside the container. This means:

• Files won't be lost if the container is recreated
• You can easily back up or inspect uploaded files from the server

Create the Storage Directory

mkdir -p /home/erugo/Erugo-Storage
chown -R $(id -u):$(id -g) /home/erugo/Erugo-Storage

Start Erugo

docker compose up -d && docker compose logs -f

Press Ctrl+C to stop following logs once the container is running.

Configure Proxy Host

Now configure Nginx Proxy Manager to route traffic to your Erugo container.

Add a New Proxy Host

1. Access Nginx Proxy Manager at http://YOUR_SERVER_IP:81
2. Click Hosts → Proxy Hosts
3. Click Add Proxy Host

Details Tab Settings

SSL Certificate Setup

Configure SSL to secure your Erugo instance with HTTPS.

SSL Tab Settings

1. Click the SSL tab in the proxy host settings
2. Select Request a new SSL Certificate
3. Enable Force SSL
4. Enable HTTP/2 Support
5. Enter your email address for Let's Encrypt notifications
6. Agree to the Let's Encrypt Terms of Service
7. Click Save

Wait a few seconds for the SSL certificate to be issued. Once complete, you can access Erugo securely at https://files.example.com (using your actual domain).

Understanding Docker Networking

In this setup, Nginx Proxy Manager and Erugo are both connected to the same user-defined bridge network named nginx_internal_network.

Why This Works

Docker's user-defined bridge networks include automatic DNS-based service discovery:

• Each container can reach others by using the container name as a hostname
• When NPM routes traffic to Erugo, it forwards to http://erugo:80
• No need to expose port 80 on the host or look up internal container IPs

Everything is handled transparently inside the Docker network, providing both security and convenience.

Acknowledgments

This guide is based on the excellent tutorial by Pierluigi Montinaro, who writes about self-hosting and DevOps on his blog DevOps Chronicles.