What problem will this feature address?
I chose self-hosting with Dokploy specifically to avoid PaaS costs (Railway, Heroku, etc.) while keeping the deployment simplicity. But that means the underlying VPS's OS-level security (package updates, patching) is entirely on me and I don't have sysadmin experience or the time to manage it properly. I already had an apt upgrade break Traefik/Dokploy compatibility once, and had to fix it under pressure with no real guidance. I suspect a lot of Dokploy users are in the same boat: people who pick self-hosting for cost control, not because they're experienced sysadmins.
Describe the solution you'd like
An opt-in setting (per server) letting Dokploy handle OS-level security updates on the servers it manages e.g. a pre-configured unattended-upgrades (or distro equivalent) that only applies security-tagged patches, explicitly excluding Docker/Traefik-related packages so it can't break the stack. Ideally with a notification before/after each run, a configurable maintenance window, and logs visible in the Dokploy UI so I know what changed.
Describe alternatives you've considered
- Setting up unattended-upgrades manually myself doable, but I have to figure out the right package exclusions (Docker, containerd, Traefik if applicable) on my own, with no guidance from Dokploy, and no visibility into it from the dashboard.
- Doing manual apt update && apt upgrade periodically this is what caused the breakage in the first place, since I have no way to know in advance if a package update conflicts with what Dokploy/Traefik expects.
Additional context
I understand this is outside Dokploy's traditional scope as a deployment platform, and that "you manage your own server" is the current model. But for users choosing self-hosting mainly for cost reasons rather than infrastructure expertise, this is a real security gap, an unpatched VPS is a bigger risk than the problem Dokploy is solving. Even a minimal version (just security-only patches, with a safe exclude-list) would go a long way.
Will you send a PR to implement it?
No
What problem will this feature address?
I chose self-hosting with Dokploy specifically to avoid PaaS costs (Railway, Heroku, etc.) while keeping the deployment simplicity. But that means the underlying VPS's OS-level security (package updates, patching) is entirely on me and I don't have sysadmin experience or the time to manage it properly. I already had an apt upgrade break Traefik/Dokploy compatibility once, and had to fix it under pressure with no real guidance. I suspect a lot of Dokploy users are in the same boat: people who pick self-hosting for cost control, not because they're experienced sysadmins.
Describe the solution you'd like
An opt-in setting (per server) letting Dokploy handle OS-level security updates on the servers it manages e.g. a pre-configured unattended-upgrades (or distro equivalent) that only applies security-tagged patches, explicitly excluding Docker/Traefik-related packages so it can't break the stack. Ideally with a notification before/after each run, a configurable maintenance window, and logs visible in the Dokploy UI so I know what changed.
Describe alternatives you've considered
Additional context
I understand this is outside Dokploy's traditional scope as a deployment platform, and that "you manage your own server" is the current model. But for users choosing self-hosting mainly for cost reasons rather than infrastructure expertise, this is a real security gap, an unpatched VPS is a bigger risk than the problem Dokploy is solving. Even a minimal version (just security-only patches, with a safe exclude-list) would go a long way.
Will you send a PR to implement it?
No