Application Infrastructure Azure

changedetection.io on Ubuntu 24.04 on Azure User Guide

| Product: changedetection.io on Ubuntu 24.04 LTS on Azure

Overview

changedetection.io is the open source, self-hosted website change monitor. Point it at any web page - a price, a stock level, a set of terms and conditions, a competitor page, a job board, a government notice - and it tells you the moment the content changes, showing you exactly what was added or removed and optionally alerting you through email, Slack, Discord, Telegram, webhooks and 80+ other channels. The cloudimg image installs Docker CE from the official Docker repository and runs changedetection.io 0.55.7 as a container (managed by Docker with a restart policy), bound to the loopback connector 127.0.0.1:5000 behind an nginx reverse proxy on port 80. nginx is configured with the WebSocket upgrade changedetection uses for its live watch list. changedetection's data lives on a dedicated Azure data disk, and a unique login password is generated on the first boot of every VM. Backed by 24/7 cloudimg support.

What is included:

  • changedetection.io 0.55.7 running as a container managed by Docker
  • Docker CE preinstalled from the official Docker apt repository
  • The changedetection web UI on :80, fronted by nginx with the WebSocket upgrade proxied
  • A unique login password generated on first boot and recorded in a root-only file
  • A dedicated Azure data disk at /var/lib/changedetection holding the watch list, change history and settings
  • docker.service + nginx.service as systemd units, enabled and active
  • An unauthenticated /healthz endpoint for Azure Load Balancer health probes
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet + subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a reasonable starting point; size up for hundreds of watches or more frequent checks. NSG inbound: allow 22/tcp from your management network and 80/tcp. changedetection serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain (see Maintenance).

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for changedetection.io by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create -> Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name changedetection \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

az vm open-port --resource-group <your-rg> --name changedetection --port 80 --priority 1010

Step 3 - Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 - Confirm the services are running

systemctl is-active docker.service nginx.service

Both report active. Docker manages the changedetection.io container (bound to the loopback connector 127.0.0.1:5000), and nginx fronts it on port 80 with the WebSocket upgrade the live watch list requires. changedetection's watch list, change history and settings live on the dedicated Azure data disk mounted at /var/lib/changedetection.

docker.service and nginx.service active, the changedetection container running on the loopback connector 5000, and the dedicated data disk mounted at /var/lib/changedetection

Step 5 - Retrieve your login password

changedetection.io uses a single shared login password (there is no username). It is generated uniquely on the first boot of your VM and written to a root-only file:

sudo cat /root/changedetection-credentials.txt

This file contains CHANGEDETECTION_PASSWORD and the URL to open. Store the password somewhere safe.

The Docker and changedetection versions and the per-VM credentials file with the generated login password and URL

Step 6 - Confirm the health endpoint

nginx serves an unauthenticated health endpoint for load balancers and probes:

curl -s http://localhost/healthz

It returns ok. This endpoint never requires authentication, so it is safe for an Azure Load Balancer health probe.

Step 7 - Confirm the login password is enforced

Because a password is set on first boot, an unauthenticated request to the app is redirected to the login page (HTTP 302), so nobody reaches your watches without the password:

curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/

It prints 302. A wrong password is rejected and only the per-VM password from Step 5 establishes a session - you can confirm this in the browser in the next step.

The nginx health endpoint returning ok, an unauthenticated request redirected to login, a wrong password rejected, and the per-VM password authenticating

Step 8 - Sign in to the console

Browse to http://<vm-public-ip>/. changedetection shows a sign-in page; enter the password from Step 5.

The changedetection.io sign-in page in the browser

Once signed in, the watch list is your home page. It shows every page you are monitoring, when each was last checked, when it last changed, and quick actions to recheck, edit, preview or view the history.

The changedetection.io watch list showing monitored pages with last-checked and last-changed times and the add-a-watch form

Step 9 - Add a watch

Paste a URL into Add a new web page change detection watch and click Watch, or open Edit on a watch to configure it in detail: the check frequency, a CSS/xPath filter to narrow the page to just the part you care about, trigger and ignore rules, and per-watch notifications.

The changedetection.io watch configuration form with the URL, processor, check frequency, filters and notifications tabs

Step 10 - View a diff

When a page changes, open its History to see a diff of exactly what changed - removed text in red, added text in green - with controls to compare any two snapshots by words or lines.

The changedetection.io diff view comparing two snapshots, with removed content in red and added content in green

Step 11 - Confirm data lives on the dedicated disk

changedetection's watch list, change history, snapshots and settings are stored under /var/lib/changedetection on the dedicated Azure data disk (bind-mounted into the container as /datastore), so they survive OS changes and can be resized independently:

findmnt /var/lib/changedetection

The mount is backed by a separate Azure data disk captured into the image and re-provisioned on every VM.

Maintenance

  • Password: the login password is set on first boot. To change or remove it, sign in and use Settings -> General in the console.
  • Notifications: configure Apprise notification URLs under Settings -> Notifications (or per watch) to get alerts by email, Slack, Discord, Telegram, webhooks and more.
  • JavaScript-rendered pages: the base image fetches pages with plain HTTP requests. To watch pages that build their content with JavaScript, run a browser fetcher sidecar (browserless/sockpuppetbrowser) and set the watch's fetch method to the Chrome/WebDriver fetcher.
  • Upgrades: changedetection runs as the changedetection container from the pinned ghcr.io/dgtlmoon/changedetection.io:0.55.7 image; to upgrade, pull a newer tag, remove the container and re-run it with the same -v /var/lib/changedetection:/datastore mount so your data is preserved.
  • Storage: all changedetection state lives under /var/lib/changedetection on the data disk; back up that volume to protect your watches and history.
  • TLS: changedetection serves plain HTTP on port 80; front it with TLS (e.g. certbot with your own domain) before production use.
  • Security patches: unattended-upgrades remains enabled so the OS continues to receive security updates automatically.

Support

cloudimg provides 24/7 expert support for this image. Contact support@cloudimg.co.uk.