Coolify on AWS User Guide
Overview
This image runs Coolify, the open source, self-hosted platform as a service for deploying and managing applications, databases and services on your own server. Coolify gives you a single dashboard from which you deploy from a Git repository, a Dockerfile or a Docker Compose file, with a built in reverse proxy, automatic HTTPS, one-click managed databases, environment and secret management, scheduled backups and live build and runtime logs, all without per-seat fees or vendor lock in.
Coolify 4.1.2 is installed from the official installer as a Docker compose stack and runs under a systemd service that brings the stack up on boot. The stack is made up of the Coolify application (a Laravel app), a PostgreSQL database, a Redis cache and a realtime websocket server. The entire Coolify state tree, which holds the application database, your per-application build state, managed SSH keys and the configuration, lives at /data/coolify, a dedicated, independently resizable EBS data volume that survives instance replacement.
Coolify provides its own first-party authentication. The dashboard is published directly on port 8000 and has its own email and password login. Coolify also runs its own built in Traefik reverse proxy, which owns ports 80 and 443 and routes HTTP and HTTPS traffic to the applications you deploy, so this image does not run any reverse proxy of its own in front of the dashboard. The initial root administrator login is generated on the first boot of every deployed instance, so two instances launched from the same Amazon Machine Image never share a login, and open self-registration is disabled once the administrator is seeded. The login is written to /root/coolify-credentials.txt with mode 0600 so that only the root user can read it.
Prerequisites
Before you deploy this image you need:
- An Amazon Web Services account where you can launch EC2 instances
- IAM permissions to launch instances, create security groups, and subscribe to AWS Marketplace products
- An EC2 key pair in the target Region for SSH access to the instance
- A VPC and subnet in the target Region, with a security group allowing inbound port 22 from your management network, port 8000 for the dashboard, and ports 80 and 443 for the applications you deploy
- The AWS CLI (version 2) installed locally if you plan to deploy from the command line
Step 1: Launch the Instance from the AWS Marketplace
Sign in to the AWS Management Console, open the EC2 service, and select Launch instance. Under Application and OS Images choose AWS Marketplace AMIs and search for Coolify. Select the cloudimg listing and choose Select, then Continue on the subscription summary.
Pick an instance type of t3.large or larger. Coolify itself, the database, the cache and the realtime server all run as containers, and you will also be running the applications you deploy on this host, so size the instance for your intended workload. Choose your EC2 key pair under Key pair (login). Under Network settings select your VPC and subnet, and either create or select a security group that opens port 22 from your management network, port 8000 for the dashboard, and ports 80 and 443 for the applications you deploy. Leave the root volume at the default size or larger.
Select Launch instance. First boot initialisation takes a short while after the instance state becomes Running and the status checks pass; this is when the per instance administrator login is generated and the Coolify stack finishes coming up.
Step 2: Launch the Instance from the AWS CLI
The following block launches an instance from the cloudimg Coolify Marketplace AMI into an existing subnet and security group. Replace <ami-id> with the AMI ID shown on the Marketplace listing, <key-name> with your EC2 key pair name, <subnet-id> with your subnet ID, and <security-group-id> with a security group that opens ports 22 and 80 as described above.
aws ec2 run-instances \
--image-id <ami-id> \
--instance-type t3.large \
--key-name <key-name> \
--subnet-id <subnet-id> \
--security-group-ids <security-group-id> \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=coolify}]'
When the instance reaches the Running state and its status checks pass, note its public IP address or DNS name from the EC2 console or with aws ec2 describe-instances.
Step 3: Connect to Your Instance
Connect over SSH using your key pair and the login user for your operating system variant.
| OS variant | SSH login user |
|---|---|
| Ubuntu 24.04 | ubuntu |
ssh -i <key-name>.pem ubuntu@<public-ip>
Step 4: Retrieve the Administrator Login
The dashboard administrator login is unique to your instance and was generated on first boot. Read the credentials file as root:
sudo cat /root/coolify-credentials.txt
The file lists the dashboard URL, the administrator email and the generated password. Self-registration is disabled, so this root administrator is the only login until you invite more users from inside the dashboard. Keep these credentials somewhere safe.
Step 5: Sign In to the Dashboard
The Coolify dashboard is served directly on port 8000. In a browser, go to:
http://<instance-public-ip>:8000/
You are presented with the Coolify sign in page. Sign in with the administrator email and password from the credentials file. The dashboard then loads, showing your projects and the local server.

From the Servers view you manage the local Docker host that Coolify deploys to, and you can connect additional servers over SSH to spread deployments across more than one machine.

To deploy something, choose New to open the resource catalogue. From here you deploy applications from a public or private Git repository, a Dockerfile or a Docker Compose file, provision one-click managed databases such as PostgreSQL, MySQL, MariaDB, MongoDB and Redis, or deploy a ready made service from the catalogue.

Coolify manages the build, the container lifecycle and a reverse proxy with automatic Let's Encrypt certificates for the applications you deploy, and the dashboard streams live build and runtime logs over its websocket connection.
Step 6: Confirm Coolify Is Running
Over SSH, confirm the stack service is active, that the dashboard answers its health endpoint on port 8000, and that the Coolify containers are up:
sudo systemctl is-active coolify
curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1:8000/api/health
sudo docker ps --format 'table {{.Names}}\t{{.Status}}'
The first command reports the service as active. The health check returns 200. The container list shows the coolify, coolify-db, coolify-redis, coolify-realtime and coolify-proxy containers running.
Step 7: The Docker Compose Stack
Coolify runs as a Docker compose stack under /data/coolify. The coolify.service systemd unit is a thin wrapper that brings the stack up on boot and takes it down on stop. The stack definition lives in /data/coolify/source alongside the .env configuration file. You can inspect the running stack with the standard Docker tooling:
sudo docker compose --env-file /data/coolify/source/.env -f /data/coolify/source/docker-compose.yml -f /data/coolify/source/docker-compose.prod.yml ps
To restart the whole stack, restart the service rather than calling Docker directly, so systemd stays in sync:
sudo systemctl restart coolify
The application database lives in the coolify-db Docker volume, the cache in coolify-redis, and your deployed applications, provisioned databases and managed SSH keys live under /data/coolify.
Step 8: The Data Volume
The Coolify state tree lives on a dedicated EBS volume mounted at /data/coolify. This keeps the application database, your per-application build state, managed SSH keys and the configuration off the operating system disk and lets you resize or snapshot them independently. Confirm the mount with:
df -h /data/coolify
To grow the state tree, expand the EBS volume in the AWS console, then grow the filesystem on the instance with sudo resize2fs on the underlying device. Because this volume holds the database and all of your deployment state, snapshotting it captures the complete state of your Coolify installation.
Step 9: Enable HTTPS
The dashboard is served over plain HTTP on port 8000. For production use, place it behind TLS. The simplest path is Coolify's own proxy: set the instance domain under Settings in the dashboard and Coolify will request a Let's Encrypt certificate and serve the dashboard over HTTPS through its built in Traefik proxy on port 443. Alternatively, put the instance behind an Application Load Balancer with a managed certificate that forwards to port 8000. Restrict the security group so the dashboard port is reachable only from the networks that need it, and keep ports 80 and 443 open for the applications you deploy.
Step 10: Backup and Maintenance
Back up your deployment by snapshotting the /data/coolify EBS volume, which captures the application database and all of your deployment state. Coolify also has built in scheduled backups for the managed databases it provisions, configurable from the dashboard. Apply operating system security updates with sudo apt-get update && sudo apt-get upgrade and reboot when a new kernel is installed; the Coolify stack starts automatically on boot. Coolify can update itself to newer releases from the Settings area of the dashboard when you are ready to upgrade.
Support
This image is published and supported by cloudimg. Support covers deployment, connecting Git providers and servers, application and database deployment, the reverse proxy and HTTPS, environment and secret management, backups and runtime tuning. Contact cloudimg through the support channel listed on the AWS Marketplace listing.
All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.