This post is part of a small series about the use of Coolify.

In a first post, I went back over the reasons for my migration to Coolify.

In a second post, I explained how to run a Kotlin application on Coolify.

Today, we're going to talk about databases and backups on Coolify. Because it's really nice running a Kotlin application, but chances are you'll also need to manipulate data.

Add a database

Adding a database is pretty straightforward. As with adding applications, you need to go to a project, then click on "New Resource", and you'll see that there are a whole bunch of choices already available to us:

For my part, I clicked on Postgresql. Installation is self-explanatory.
The configuration page then gives you all the values you usually need to connect: instance name, username, password, etc...

Note, however, that if you want your application to see the database, you'll need to make sure that your two applications are on the same network.

By default, however, this is the case:

Then, in your Kotlin application, simply use the username, password etc. values to configure your database connection.

(It seems trivial to me, so I won't go into detail, but if you need to, don't hesitate to let me know).

Administering your database

Disclaimer, on this chapter you may not agree on the approach. Feel free to adapt.

I like to be able to access my database, ideally in read mode, but sometimes in write mode.

In principle, write access is a bad thing on a database in production, but here, I'm going to consider that it's not the point.

Traditionally, for a pgsql database, you install software such as pgAdmin. And, objectively speaking, it's not very complicated to do, since Coolify lets you deploy any application running in a Docker container.

And just as well, there are Dockerfiles for pgAdmin.

However, I have to admit that I wasn't too keen on the idea. Software such as pgAdmin, PhpMyAdmin etc... can sometimes contain security holes.

If you're using them on an internal network, you can get away with it.
But in my case, putting a pgAdmin exposed on the Internet is out of the question.

For me, this is one of the big problems with most PAAS on the market. Databases are publicly exposed on the Internet, and sometimes you have an admin console, hopefully correctly managed. Hopefully...

So here I've taken another option.

• Expose the database on a public port
• Have a firewall rule in place to prohibit access to this port, except for one IP address only.
• use an administration software on my workstation only

This way, I can rely on the security of the firewall, and of course on the security of my database password. As for the firewall, it's managed by my cloud provider, Hetzner.

By default, and this is a good thing, your database is not publicly exposed on the Internet. To do this, check the following box:

For the firewall rule, it depends on your hosting, so I'll skip that part.

However, I strongly recommend that you have one....

Why not a managed database with a cloud provider?

That's also an option, you could connect to a managed database. By the time I migrated completely to coolify, I was doing just that. I had my database on Clever Cloud and the Coolify server on Hetzner.

It has a lot of advantages. Data is pretty critical, and delegating its management to a third-party service can be worth it.

But beware of price and latency.

Managed databases are very expensive. So, in my small independent project logic, it didn't fit.

And latency can be a real pain. During the migration period, I had penalties running into the hundreds of milli seconds. Acceptable for a migration, not acceptable in the long term.

Setting up backups

As I said above, a managed database is expensive, but losing that data is priceless.

So, a database without backups is very playful...

So, we're going to solve this problem.

Whether for Coolify itself (the Coolify instance), databases or applications, there's always a way to configure a backup.

So here I have daily backups, with a 7-day retention period.

Except that this configuration is... not crazy...

Because simply making a backup on the same machine as the database itself is like shooting yourself in the foot.

Instead, we'll check the box: S3 Enabled

S3 is a de facto industry standard. I won't go into the details, but you've got a whole host of service providers offering you Cloud storage whose API is compatible with S3 (even if S3 was originally only AWS).

You'll notice that my S3 storage is called Scaleway, because Scaleway offers S3 storage up to 75 Gb for free...

For a small project like mine, this is very, very good.

End of this little blog post.

It's not the end of this series yet, because we'll no doubt be discussing further monitoring and giving examples of some interesting third-party services running on Coolify.

Don't hesitate to sign up for our newsletter to make sure you don't miss any future posts.

a+