There’s a moment many of us reach: monthly hosting bills creep up, limits start to pinch, and you wonder, “Could I just run this myself?” Good news—you absolutely can. This article walks you, calmly and thoroughly, through moving to a self-managed VPS and deploying WordPress and n8n (workflow automation) using Coolify, a friendly open-source platform that gives you one-click deployments on your own server.
We’ll go deeper than demo videos typically do. Not just “click here” but why each step matters, where the common landmines are, and what to do if something misbehaves. I’ll also fix a couple of name mix-ups from the original script (explained below), add security hardening, backup strategies, and a Q&A to make this truly production-ready.
Official, non-promotional links for the tools we’ll mention:
• Coolify – open-source self-hosted PaaS: https://coolify.io
• WordPress – CMS: https://wordpress.org
• n8n – workflow automation: https://n8n.io
• Ubuntu – Linux distribution we’ll use: https://ubuntu.com
• Termius (SSH client): https://termius.com
• PuTTY (Windows SSH client alternative): https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
• OpenSSH (built into macOS/Linux & Windows 10/11): https://www.openssh.com
• Let’s Encrypt (free SSL/TLS): https://letsencrypt.org
• Example DNS registrars: GoDaddy https://www.godaddy.com and Cloudflare https://www.cloudflare.com
• Example VPS providers (choose what suits you): Contabo https://contabo.com, Hetzner https://www.hetzner.com, DigitalOcean https://www.digitalocean.com, Linode https://www.linode.com, Vultr https://www.vultr.com
What we’ll build (and why it’s worth it)
You’ll provision a VPS (virtual private server), secure it, install Coolify, and then deploy WordPress (on your domain) and n8n (on a subdomain) with automatic HTTPS via Let’s Encrypt. You’ll end with a setup that’s flexible, scriptable, and upgrade-friendly—often for a fraction of the cost of stacked managed plans—while learning enough to feel truly in control.
A quick note about names from the transcript you shared:
- The SSH client referred to as “Terus” is Termius.
- The platform called “Koolifi/Coolifi/curify” is Coolify.
We’ll use the correct names here and include equivalent alternatives where helpful.
Take a breath; we’ll go step by step. So far, so good—let’s move to the plan.
1) Self-managed hosting: is it for you?
Before we touch a terminal, here’s a quick gut-check. Running your own VPS is like opting to cook at home. You pick ingredients (Linux, apps), season to taste (performance/security), and save money—but you also wash the dishes (updates/backups). If this balance excites you, you’ll love the control you gain.
Pros (why people switch):
- Cost efficiency for multiple sites/apps compared with stacked “per-site” managed plans.
- No arbitrary limits—spin up WordPress, n8n, APIs, databases as you need.
- Performance tuning (RAM/CPU, caching, PHP, image processing).
- Ownership & portability—you’re not locked into a panel’s ecosystem.
Cons (real talk):
- You’re responsible for security updates, backups, and recovery.
- Some learning curve—but we’ll smooth that with sensible defaults and checklists.
If you’re nodding along, great. Let’s choose a server.
2) Pick a VPS & plan your stack (Ubuntu LTS recommended)
We’ll use Ubuntu 22.04 LTS (or newer LTS when available). It’s stable, well-documented, and widely supported.
Choosing a provider & plan
Use any reputable VPS provider. The script mentioned Contabo as an example (https://contabo.com), but Hetzner, DigitalOcean, Linode, Vultr, etc., are all fine—compare vCPU, RAM, disk (prefer SSD/NVMe), and data center region close to your users.
Resource guidance (starting point):
- Small WordPress + n8n: 2 vCPU / 4 GB RAM / 60–80 GB SSD
- More traffic / multiple sites: 4 vCPU / 8 GB RAM / 120+ GB SSD
- Region: closest to your primary audience (lower latency)
When ordering the server:
- OS: Ubuntu LTS (22.04 or 24.04 LTS)
- Set a strong root password temporarily (we’ll switch to key-based auth soon).
- Take note of the server IP the moment it’s provisioned.
Nice touch: Give the server a meaningful hostname (e.g., atlas-01 or panel.example.com). We’ll set it shortly.
So far we’ve picked the kitchen and ingredients. Next up: unlocking the door (SSH) securely.
3) First connection: SSH keys, users, and basic hardening
This is where most guides cut corners. We won’t.
3.1 Install or use an SSH client
- Windows: You already have OpenSSH now (
sshin PowerShell). Or install Termius (https://termius.com) or PuTTY if you prefer GUIs. - macOS/Linux: Terminal +
sshbuilt-in.
3.2 Generate an SSH key (if you don’t have one)
Open a terminal on your local machine and run:
ssh-keygen -t ed25519 -C "yourname@yourmachine"
Accept defaults (or choose a path) and set a passphrase (adds protection if the key is copied).
Your public key will be at ~/.ssh/id_ed25519.pub. Copy its contents.
3.3 Log in as root (first time only)
ssh root@YOUR.SERVER.IP
Enter the temporary password your provider emailed you.
3.4 Create a non-root sudo user & add your SSH key
adduser deploy
usermod -aG sudo deploy
mkdir -p /home/deploy/.ssh
nano /home/deploy/.ssh/authorized_keysPaste your public key into that file, save, and then:
chmod 700 /home/deploy/.ssh
chmod 600 /home/deploy/.ssh/authorized_keys
chown -R deploy:deploy /home/deploy/.ssh3.5 Secure SSH & disable root/password logins
Open SSH config:
nano /etc/ssh/sshd_configFind and set:
PermitRootLogin no
PasswordAuthentication no
Optionally change the port from 22 to something non-standard (e.g., 2847) for fewer bot scans (security through obscurity isn’t a panacea, but it reduces noise):
Port 2847
Restart SSH:
systemctl restart ssh
Test in a new terminal window:
ssh -p 2847 deploy@YOUR.SERVER.IP
If you can connect as deploy, you’re good to close the root session.
3.6 Update the system, set hostname, and (optionally) swap
Run:
sudo apt update && sudo apt -y upgrade
sudo hostnamectl set-hostname atlas-01 # change name as you likeSwap (for small RAM VMs):
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
sudo swapon -a3.7 Basic firewall (UFW) and Fail2ban
sudo apt -y install ufw fail2ban
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 2847/tcp # your SSH port
sudo ufw enable
sudo systemctl enable --now fail2banNice—your front door is now locked like a grown-up’s server. Let’s move to the fun part: a modern way to run apps.
4) Install Coolify (the friendly way to run apps on your server)
What is Coolify?
Coolify (https://coolify.io) is an open-source, self-hosted PaaS: it installs Docker, Traefik (reverse proxy), and provides a web UI to deploy apps (WordPress, n8n, databases, APIs) in a few clicks—on your own VPS. Think “Heroku-style simplicity” without the rent.
4.1 Install Coolify with the official one-liner
Log in as your deploy user via SSH and run: curl -fsSL https://cdn.coollabs.io/coolify/install.sh -o install.sh
bash install.sh
(If you’d like to inspect first, open that URL in your browser to read the script.)
The installer sets up the Coolify stack via Docker. When it completes, it will show a URL/port for the dashboard (often https://YOUR.SERVER.IP:8000 initially, or it can auto-configure if you point a domain at it).
4.2 First login & admin account
Open the dashboard URL the installer prints, create your admin account, and log in. You can later point Coolify itself to a subdomain like panel.example.com from its settings (handy if you prefer not to remember a port).
If you want the panel under a domain now, create a DNS A record for
panel.example.com → YOUR.SERVER.IP, then set that as Coolify’s URL and enable SSL in settings—Coolify will obtain a Let’s Encrypt certificate for you automatically.
Take a quick breather—your platform is ready. Next up: domains and certificates.
5) Point your domains (DNS A/AAAA records) & automatic SSL
We’ll illustrate with GoDaddy (https://www.godaddy.com) since the source text mentioned it, but Cloudflare or any DNS host works the same way.
5.1 Create A/AAAA records
- Root domain (
example.com) → A record → your server’s IPv4 (e.g.,203.0.113.10) - www (
www.example.com) → CNAME →example.com(or its own A record) - WordPress site: if you’ll run at the root (
https://example.com), the above is sufficient. - n8n subdomain**:** create A record
n8n.example.com→ your server IP. - Coolify panel (optional):
panel.example.com→ server IP. - If your provider gives you IPv6, also create AAAA records.
TTL can be left at default; modern DNS propagates quickly (but allow up to an hour).
5.2 SSL/TLS via Let’s Encrypt (auto in Coolify)
In each app’s deployment settings (WordPress, n8n, or the panel itself), enable HTTPS. Coolify integrates with Let’s Encrypt, so it will request and renew certificates for you—as long as your DNS is pointed correctly and ports 80/443 are reachable.
If SSL issuance fails, double-check that your DNS is correct and your firewall allows 80/443 (we opened both earlier).
Everything pointed? Perfect. Let’s deploy something real.
6) One-click: deploy WordPress with persistent storage
We’ll start with WordPress (https://wordpress.org) because it’s familiar, and it shows the pattern you’ll reuse for other apps.
6.1 Create a project & add WordPress
- In Coolify, click Create Project (e.g., “My Websites”).
- Add Resource → search WordPress → select the official one-click template.
Coolify will prefill sensible defaults: a WordPress container, a database (usually MariaDB), and a reverse proxy route.
6.2 Set your domain & SSL
- In the WordPress app settings, set Domain to
https://example.com(orwww.example.comif that’s your preference). - Tick Enable SSL. Coolify will handle the Let’s Encrypt certificate at deploy time.
6.3 Storage & environment variables (don’t skip)
- Ensure the WordPress container has persistent volumes mapped (Coolify templates usually do this). This keeps uploads & plugins safe across restarts.
- DB credentials are typically auto-generated; Coolify will wire them to WordPress via environment variables (e.g.,
WORDPRESS_DB_HOST,WORDPRESS_DB_USER,WORDPRESS_DB_PASSWORD). You can override, but defaults are fine.
6.4 Deploy
Hit Deploy. Coolify will pull images, create the database, request SSL, and bring the stack online. Open your domain—WordPress’ setup wizard should greet you. Complete the admin user creation, and you’re in.
Tip: For performance, later consider adding a caching plugin (e.g., WP Super Cache, or server-side caching) and offloading large media to object storage. You can do that as a phase-two tweak once the site is live.
So far we’ve set up a CMS. Let’s add power tools.
7) One-click: deploy n8n on a subdomain (with security tips)
n8n (https://n8n.io) is a powerhouse: build automations, connect APIs, transform data, schedule jobs.
7.1 Add n8n
- Add Resource → search n8n → pick the one-click template.
- Set Domain to
https://n8n.example.comand enable SSL.
7.2 Secure access
- Set N8N_BASIC_AUTH_ACTIVE=true with N8N_BASIC_AUTH_USER and N8N_BASIC_AUTH_PASSWORD (or use Coolify’s authentication fields if provided). This gives you a basic HTTP auth layer in front of the app.
- For webhooks, define WEBHOOK_URL to match your domain (
https://n8n.example.com/). This ensures callback URLs resolve correctly.
7.3 Persist data
- Confirm volumes are configured so flows and credentials persist (the template should map
/home/node/.n8n). - Deploy and log in.
Practical tip: If you’ll call n8n webhooks from external services, make sure firewall rules/Cloudflare settings allow them, and keep your webhook URLs secret. Consider IP allow-lists for sensitive endpoints.
We’ve got two real apps running. Now let’s make sure this setup remains smooth long-term.
8) Backups, updates, and scaling up (without drama)
A little routine saves a lot of heartache.
8.1 Backups (both data & configs)
- Database backups: Use Coolify’s features (if available) or schedule dumps via cron inside the DB container or host. E.g., nightly
mysqldumpto a/backupsvolume. - Files: WordPress uploads and n8n data directories should be on persistent volumes. Back up those volumes to remote storage (S3-compatible buckets work well).
- Snapshots: Periodically snapshot the entire VPS via your provider (especially before major upgrades).
8.2 Updates
- System:
sudo apt update && sudo apt -y upgradeweekly (or enable unattended upgrades). - Coolify: Update from its dashboard when notified.
- Containers: Redeploy apps to pull newer images. Check changelogs before major version jumps.
8.3 Monitoring
- Watch disk usage: logs and backups can fill disks silently (
df -h,docker system prunecautiously). - Track CPU/RAM: if swapping heavily, consider upping RAM or splitting workloads onto another VPS.
8.4 Scaling
- The easy path is vertical scaling (increase plan resources).
- For bigger fleets, Coolify can manage multiple servers; or separate your database onto its own VPS.
We’ve covered the lifecycle. If something’s not working right now, the next section will likely help.
9) Troubleshooting: DNS, SSL, ports, and container hiccups
A few issues come up again and again. Here’s a quick triage.
Domain not resolving?
- Verify the A record points to the correct IP (and AAAA if using IPv6).
- Check propagation (often minutes, occasionally ~1 hour).
SSL failed in deploy logs?
- Ensure ports 80/443 are open (
sudo ufw status). - Confirm the domain points to the server before enabling SSL.
- If using Cloudflare, make sure proxy settings match your setup (try “DNS only” for initial issuance).
Can’t SSH after changing the port?
- Did you
sudo ufw allow NEWPORT/tcp? - Test from a new terminal window before closing the old one.
“Bad Gateway” or 502 for an app?
- Open app logs in Coolify to see container errors.
- Verify environment variables (DB host, credentials), and that DB container is healthy.
- Redeploy.
Disk full (mysterious failures):
df -handdocker system dfto assess.- Prune old images/containers with care:
docker system prune(read prompts carefully). - Move logs or backup archives off the root disk.
n8n webhooks not firing?
- Confirm WEBHOOK_URL and domain/SSL are set correctly.
- Check firewall/Cloudflare rules; some hosts block unusual ports or patterns.
If you’re stuck, deploy a minimal test app in Coolify (like “hello world”) to isolate whether the issue is DNS/SSL/proxy vs the app itself.
10) FAQ: email, “unlimited,” Windows servers, and more
Q1: Can I send “unlimited” emails from this server?
A: Be careful. Running your own SMTP reliably is non-trivial: set PTR (reverse DNS), SPF, DKIM, DMARC, manage IP reputation, and handle bounces/feedback loops. Many VPS IPs start with poor reputation. For transactional mail, it’s usually better to use Mailgun, Amazon SES, Postmark, etc., and wire those credentials into WordPress/n8n.
Q2: Can I use a Windows server instead of Ubuntu?
A: You can, but Coolify and most dev tooling are friendliest on Linux. Stick with Ubuntu LTS unless you have a strong reason.
Q3: Do I have to use GoDaddy for DNS?
A: No. Any registrar/DNS host works. Cloudflare offers fast DNS with extras (proxying, WAF, rules). Keep it simple at first; you can migrate DNS later in minutes.
Q4: Is password authentication OK for SSH?
A: Use SSH keys. We disabled password login in this guide for a reason. Keys + passphrase are safer and more convenient.
Q5: How do I move an existing WordPress site here?
A: Easiest route: install the Duplicator or All-in-One WP Migration plugin on the old site, export, then import on the new site after your WordPress is live here. Update DNS when you’re ready to switch traffic.
Q6: Can I put multiple sites on the same VPS?
A: Absolutely. Coolify handles many apps and domains. Just watch RAM/CPU/disk, and add swap for headroom. Separate high-traffic databases if needed.
Q7: What about backups for n8n workflows?
A: Ensure the /home/node/.n8n volume is on persistent storage and included in your off-server backups. Export critical workflows periodically, too.
Q8: My SSL renewals will “just work,” right?
A: Yes—as long as DNS still points to your server and ports 80/443 remain reachable. If renewals fail, Coolify’s logs will tell you why.
11) Security & responsibility disclaimer
Self-managed hosting gives you power and savings, but you are responsible for the server. That includes:
- Applying security updates regularly (OS, Coolify, app images)
- Maintaining backups and testing restores
- Following license terms of the software you run
- Respecting anti-abuse and privacy laws, especially for email and user data
- Avoiding misleading “unlimited” claims; bandwidth, CPU, and deliverability are always finite in practice
If your workloads become mission-critical and you prefer an expert to babysit the stack, consider paid management or a dedicated ops partner. There’s no shame in delegating ops when it matters.
Wrapping up (and where to go next)
You’ve:
- Secured a fresh Ubuntu VPS with key-based SSH, a locked-down firewall, and updates.
- Installed Coolify, your self-hosted control panel for apps.
- Pointed DNS and enabled automatic Let’s Encrypt certificates.
- Deployed WordPress at your domain and n8n at a subdomain.
- Learned how to back up, update, monitor, and scale—and how to fix the most common wrinkles.
From here, you can add more: staging WordPress sites, a Postgres API, Redis caching, or a headless CMS. The pattern stays the same—and your confidence grows with every deploy.
If any part of the original script felt unclear (the “Terus”/“Koolifi” naming, password-only SSH, skipping firewalls), we’ve corrected those and offered safer alternatives. If you have a different DNS host, a CentOS server, or plan to put multiple regions behind Cloudflare—say the word, and I’ll tailor the steps.
Tags
self managed hosting, vps guide, coolify tutorial, wordpress on vps, n8n automation, ubuntu server hardening, lets encrypt ssl, dns a record, server backups, docker apps, reverse proxy, ufw firewall, ssh keys, devops for beginners
Hashtags
#SelfHosted #VPS #Coolify #WordPress #n8n #Ubuntu #LetsEncrypt #DevOps #Docker #Privacy #SRE
