Sidekick — Bare Metal to Production in Minutes on Your VPS

Introduction

Sidekick is an open-source CLI tool that takes a bare VPS and configures it into a production-ready deployment target with Docker, automatic TLS certificates, and zero-downtime deployments. It targets indie developers and small teams who want the convenience of a PaaS like Fly.io or Heroku but on their own infrastructure, without the complexity of Kubernetes.

What Sidekick Does

• Provisions a fresh VPS with Docker, a reverse proxy, and TLS certificate automation in one command
• Deploys applications from a Dockerfile with zero-downtime rolling updates
• Manages environment variables, secrets, and per-app configuration securely
• Sets up automatic SSL via Let's Encrypt with renewal handled transparently
• Supports multiple applications on a single server with domain-based routing

Architecture Overview

Sidekick is a single Go binary that runs on your local machine and communicates with the target VPS over SSH. During initialization, it installs Docker, configures a Traefik reverse proxy for routing and TLS, and sets up the directory structure for app deployments. Each deploy builds the Docker image on the server from the application's Dockerfile, starts a new container, health-checks it, then swaps traffic from the old container to the new one for zero-downtime cutover.

Self-Hosting & Configuration

• Requires a VPS running Ubuntu or Debian with SSH access and a non-root sudo user
• Run sidekick init with the server IP to provision Docker, Traefik, and firewall rules
• Point your domain's DNS A record to the VPS IP before deploying for automatic TLS
• Configure app-specific environment variables via sidekick env set commands
• Deploy updates with sidekick deploy from the project directory containing a Dockerfile

Key Features

• Single-command server setup from bare metal to production-ready in under five minutes
• Zero-downtime deployments with automatic health checking and traffic cutover
• Built-in TLS via Let's Encrypt with no manual certificate management
• Multi-app support on one server with Traefik handling domain-based routing
• No lock-in: standard Docker containers mean you can migrate away at any time

Comparison with Similar Tools

• Dokku — mini-Heroku PaaS with buildpack support; Sidekick is a thinner layer that relies on Dockerfiles and does not require Heroku-style buildpacks
• Coolify — self-hosted PaaS with a web UI; Sidekick is CLI-only and leaner for developers comfortable in the terminal
• CapRover — web-based PaaS with a dashboard; Sidekick avoids running a persistent control plane on the server
• Kamal — Basecamp's Docker deploy tool for Rails; Sidekick is language-agnostic and optimized for single-server setups
• Fly.io — managed platform with global edge deployment; Sidekick gives you the same developer experience on your own VPS

FAQ

Q: Does Sidekick support multi-server deployments? A: Currently Sidekick targets single-server setups. For multi-server orchestration, tools like Kamal or Kubernetes are a better fit.

Q: What cloud providers work with Sidekick? A: Any provider offering a VPS with SSH access works, including Hetzner, DigitalOcean, Linode, Vultr, and AWS EC2.

Q: Can I deploy non-Docker applications? A: Sidekick requires a Dockerfile in your project root. Any application that can be containerized, regardless of language, is supported.

Q: How does zero-downtime deployment work? A: Sidekick starts the new container, waits for its health check to pass, updates the Traefik routing to point to the new container, then stops the old one.

Sources

• https://github.com/MightyMoud/sidekick
• https://sidekick.dev