live on dx03 · 103.30.246.131

VaCo — self-hosted PaaS
for projects that ship

A complete deploy stack on a single Ubuntu VM. Coolify for orchestration. Zot for images. Woodpecker for CI with Trivy + cosign supply-chain checks. Unified GitHub OAuth. Backed up to Wasabi nightly with verified restore scripts.

Open Panel Open Coolify
19
Services running
~1.7 GB
RAM used / 62 GB
8
Public URLs
4
Nightly backups
Architecture

The full stack

Edge
host nginxLet's EncryptCloudflare DNS
Deploy
Coolify v4Traefik
Build
Woodpecker CITrivycosign
Registry
Zot v2.1.17 (OCI)
Storage
rustfs (S3-compat)Wasabi backup
Observability
DozzleGlancescAdvisorLokiPrometheusUptime KumaHealthchecks
Notifications
AppriseAWS SES
Auth
oauth2-proxy + GitHub OAuth
What's inside

Production-ready by default

Secure-build pipeline

Every image is Trivy-scanned (fail on HIGH/CRITICAL) and cosign-signed before it reaches a container.

Cross-service observability

Logs (Loki + Dozzle), metrics (Prometheus + cAdvisor + Glances), uptime (Kuma), cron dead-man (HC) — unified at panel.val.id.

GitOps from day one

Every config tracked in /opt/colly. Deploy any new server with sync-configs-from-system + runbooks.

Backed up + DR-drilled

Nightly to local + Wasabi (Singapore). 4 dead-man's-switches. Restore scripts verified end-to-end.

Defense-in-depth auth

GitHub OAuth at edge via oauth2-proxy. Shared cookie across *.devx.val.id (8h, secure, samesite=lax).

Self-hosted on a single VM

dx03 — 12 vCPU, 62 GB RAM, Ubuntu 24.04, Indonesia. No cloud lock-in. ~1.7 GB of 62 GB used.

Services

Open any tool

Panel
Unified dashboard
Coolify
Deploy orchestrator
Woodpecker
CI/CD
Zot
Image registry
Healthchecks
Cron watch
Uptime Kuma
Status page