Like Vercel, but open source and for all language

An open-source and self-hostable alternative to Vercel, Render, Netlify and the likes. It allows you to build and deploy any app (Python, Node.js, PHP, ...) with zero-downtime updates, real-time logs, team management, customizable environments and domains, etc.

• Git-based deployments: Push to deploy from GitHub with zero-downtime rollouts and instant rollback.
• Multi-language support: Python, Node.js, PHP... basically anything that can run on Docker.
• Environment management: Multiple environments with branch mapping and encrypted environment variables.
• Real-time monitoring: Live and searchable build and runtime logs.
• Team collaboration: Role-based access control with team invitations and permissions.
• Custom domains: Support for custom domain and automatic Let's Encrypt SSL certificates.
• Self-hosted and open source: Run on your own servers, MIT licensed.

• Contribute code
• Report issues
• Sponsor me
• Star the project on GitHub
• Join the Discord chat

• User documentation: devpu.sh/docs
• Technical documentation: ARCHITECTURE

⚠️ Supported on Ubuntu/Debian. Other distros may work but aren't officially supported (yet).

Log in your server, run the following command and follow instructions:

You user must have sudo privileges.

You will need a fresh Ubuntu/Debian server you can SSH into with sudo privileges. We recommend a CPX31 from Hetzner.

You can use the provisioning script to get a server up and running:

1. Sign in or sign up for a Hetzner account: Hetzner Cloud Console
2. Generate an API token: Creating an API token
3. Provision a server (requires --token; optional: --user, --name, --region, --type):
   curl -fsSL https://raw.githubusercontent.com/hunvreus/devpush/main/scripts/prod/provision-hetzner.sh | bash -s -- --token <hetzner_api_key> [--user <login_user>] [--name <hostname>] [--region <fsn1|nbg1|hel1|ash|hil|sin>] [--type <cpx11|cpx21|cpx31|cpx41|cpx51>]
   Tip: run curl -fsSL https://raw.githubusercontent.com/hunvreus/devpush/main/scripts/prod/provision-hetzner.sh | bash -s -- --help to list regions and types (with specs). Defaults: region hil, type cpx31.
4. Configure DNS Records: Go to your DNS provider and create two A records pointing at the server IP for APP_HOSTNAME (e.g. app.devpu.sh) and a wildcard on subdomains of DEPLOY_DOMAIN (e.g. *.devpush.app). If you're using Cloudflare, set SSL/TLS to "Full (strict)" and keep the records proxied.
5. SSH into your new server: The provision script will have created a user for you.
   ssh <login_user>@<server_ip>
6. Run hardening for system and SSH:

Even if you already have a server, we recommend you harden security (ufw, fail2ban, disabled root SSH, etc). You can do that using scripts/prod/harden.sh.

1. SSH into the server:
   ssh <login_user>@<server_ip>
2. Install /dev/push:
   curl -fsSL https://raw.githubusercontent.com/hunvreus/devpush/main/scripts/prod/install.sh | sudo bash
3. Switch to devpush user:

4. Edit .env:

Tip: you will need to fill in at least the following: LE_EMAIL, APP_HOSTNAME, DEPLOY_DOMAIN, EMAIL_SENDER_ADDRESS, RESEND_API_KEY and your GitHub app settings (see [environment-variables] for details). SERVER_IP, SECRET_KEY, ENCRYPTION_KEY, POSTGRES_PASSWORD should be pre-filled. You can ignore all commented out environment variables. 5. Start services:

6. Visit your URL: https://<APP_HOSTNAME>

The follwing commands must be run as devpush user (su - devpush).

In most cases, you can run an update with:

Alternatively, you can force a full upgrade (with downtime) using:

You can update specific components:

⚠️ Development scripts target macOS for now.

1. Install Colima and the Loki Docker plugin:
2. Set up environment variables:
3. Start the stack (streams logs):
   • Add --prune to prune dangling images before build
   • Add --cache to use the build cache (default is no cache)
4. Initialize your database once containers are up:
   scripts/dev/db-migrate.sh

See the scripts section for more dev utilities.

• The app is mounted inside containers, so code changes reflect immediately. Some SSE endpoints may require closing browser tabs to trigger a reload.
• The workers require a restart:
  docker-compose restart worker-arq
• To apply migrations:
  scripts/dev/db-migrate.sh

You will need to configure a GitHub App with the following settings:

• Identifying and authorizing users:
  • Callback URL: add two callback URLs with your domain:
    • https://example.com/api/github/authorize/callback
    • https://example.com/auth/github/callback
  • Expire user authorization tokens: No
• Post installation:
  • Setup URL: https://example.com/api/github/install/callback
  • Redirect on update: Yes
• Webhook:
  • Active: Yes
  • Webhook URL: https://example.com/api/github/webhook
• Permissions:
  • Repository permissions
    • Administration: Read and write
    • Checks: Read and write
    • Commit statuses: Read and write
    • Contents: Read and write
    • Deployments: Read and write
    • Issues: Read and write
    • Metadata: Read-only
    • Pull requests: Read and write
    • Webhook: Read and write
  • Account permissions:
    • Email addresses: Read-only
• Subscribe to events:
  • Installation target
  • Push
  • Repository

Provide an access rules file to restrict who can sign up/sign in.

• Development: edit ./access.json. If missing, running scripts/dev/start.sh will sed an allow‑all file.
• Production: edit /srv/devpush/access.json on the server.

Rules format (any/all may be used):

Globs use shell-style wildcards; regex are Python patterns. If the file is missing or empty, all valid emails are allowed.

Additionally, if you set the ACCESS_DENIED_WEBHOOK environment variable, denied sign-in attempts will be posted to the provided URL with the following payload:

MIT