Skip to main content

Open Easypanel templates

Self-hosted PaaS guide using Easypanel app services, PostgreSQL, and the Manifest Docker image.

Overview

Easypanel can run Manifest as a Docker image app service, proxy the dashboard over HTTPS, and provision PostgreSQL in the same project. The Manifest repository includes Easypanel template files that provision the app, database, generated secrets, and proxy port. Until that template is accepted into the Easypanel catalog, you can create the same services manually.

Prerequisites

  • A self-hosted Easypanel instance.
  • A project with a server destination.
  • A domain or generated Easypanel domain for the app.
This stack runs on infrastructure you control through Easypanel. Your server, storage, and bandwidth costs depend on your provider.

Template deploy

If Manifest is available in your Easypanel template catalog:
  1. Open your Easypanel project.
  2. Choose Templates.
  3. Search for Manifest.
  4. Keep the default image manifestdotbuild/manifest:6 unless you need another version.
  5. Deploy the template.
The template provisions Manifest, PostgreSQL, generated secrets, and a domain proxy on port 2099.

Manual deploy

Create a PostgreSQL service named manifest-db, then create an App service from Docker image manifestdotbuild/manifest:6. Set the proxy port to 2099, add a domain, and mark it as the primary domain. Set the Manifest environment:
PORT=2099
BIND_ADDRESS=0.0.0.0
DATABASE_URL=postgresql://postgres:<postgres-password>@$(PROJECT_NAME)_manifest-db:5432/$(PROJECT_NAME)
BETTER_AUTH_SECRET=<openssl-rand-hex-32>
MANIFEST_ENCRYPTION_KEY=<different-openssl-rand-hex-32>
BETTER_AUTH_URL=https://$(PRIMARY_DOMAIN)
MANIFEST_MODE=selfhosted
NODE_ENV=production
SEED_DATA=false
DB_POOL_MAX=10
AUTH_DB_POOL_MAX=5
MANIFEST_TELEMETRY_DISABLED=0
Generate two different 64-character secrets with openssl rand -hex 32. Use an alphanumeric or hex PostgreSQL password in DATABASE_URL. If your password contains URL-reserved characters such as @, :, /, %, or #, percent-encode them before pasting the connection string. AUTH_DB_POOL_MAX is read by Manifest’s Better Auth database pool. Set MANIFEST_TELEMETRY_DISABLED=1 if you want to disable anonymous self-hosted telemetry.

Open Manifest

Open the Easypanel domain and create the first admin account. Fresh installs redirect to /setup; the first account you create becomes the admin. Verify the deployment:
curl -fsS https://<your-easypanel-domain>/api/v1/health

Smoke test checklist

Before submitting a template upstream, verify:
  • The app starts cleanly.
  • PostgreSQL connection and migrations succeed.
  • /api/v1/health returns OK.
  • /setup opens on the generated domain.
  • First admin account creation works.
  • Login works on the Easypanel domain without an invalid-origin error.
  • Restarting the app and database keeps data persisted in PostgreSQL.

Production notes

  • Back up the PostgreSQL service through Easypanel or your server provider.
  • Use a real HTTPS domain before enabling OAuth providers.
  • Keep BETTER_AUTH_SECRET and MANIFEST_ENCRYPTION_KEY as separate values.
  • If you deploy more than one Manifest replica, lower database pool sizes or upgrade PostgreSQL connection capacity.
Relevant Easypanel docs: