Building a Production-Ready ARM64 VPS Platform with Docker, Reverse Proxy, and Monitoring

සුභ අලුත් අවුරුද්දක් වේවා! இனிய புத்தாண்டு வாழ்த்துக்கள்! Happy Sinhala and Tamil New Year to everyone celebrating.

April 14 marks the Sinhala and Tamil New Year in Sri Lanka, and since this is April 15, I wanted to start this post with warm Aurudu wishes to all of you and your families. Wishing you peace, prosperity, and a year full of meaningful progress.

Modern apps do not just need code. They need infrastructure that is reliable, secure, observable, and easy to operate.

Instead of depending only on managed platforms, I wanted to understand how real production systems are built from the ground up.

So I gave myself a challenge:

Build a production-ready server environment from scratch using a free ARM-based VPS.

This is how I transformed a single Oracle Cloud instance into a scalable and maintainable hosting platform for multiple apps and APIs.

Server setup

I used an Oracle Cloud ARM instance (Ampere) with:

• 4 OCPU
• 24 GB RAM
• Block storage

This configuration is seriously capable for self-hosting. With proper isolation and routing, it can comfortably run multiple production services.

Architecture overview

I avoided installing apps directly on the host and containerized everything with Docker.

Core principles:

• Every service runs in isolation
• Deployments are reproducible
• Scaling and maintenance stay clean

Final request flow:

Internet
   |
   v
Reverse Proxy (Nginx Proxy Manager)
   |
   +-- Portainer (container operations)
   +-- Netdata (infrastructure monitoring)
   +-- Uptime Kuma (availability checks)
   +-- Web applications
   +-- Backend APIs

Why Docker

Docker gave me a practical way to operate many services on one server without dependency conflicts.

What I gained immediately:

• Isolation between workloads
• Fast deployment and rollback
• Reproducible environments
• Cleaner migration path to multi-node setups later

Reverse proxy and domain routing

I used Nginx Proxy Manager as the front door for every service.

It handled:

• Multiple domains and subdomains on a single server
• Automatic SSL certificates with Let's Encrypt
• Centralized traffic routing and TLS termination

Example subdomains:

• netdata.mydomain.com
• portainer.mydomain.com
• app.mydomain.com

With this pattern, one VPS can host many independent apps while keeping operations simple.

Security hardening

At first, I exposed service ports directly. That worked, but it was not production-safe.

I then tightened the setup:

• Removed direct public exposure for internal services
• Routed all traffic through the reverse proxy layer
• Enforced HTTPS for all public endpoints
• Added authentication where appropriate

Final public exposure:

Only ports 80 and 443 are open to the internet.

That single change reduced the attack surface significantly.

Monitoring and observability

A production environment without visibility is risky. I added both system-level and service-level monitoring.

Netdata

• Real-time CPU, RAM, disk, and network metrics
• Container-level health visibility
• Fast anomaly detection during spikes

Uptime Kuma

• Endpoint availability checks
• Incident visibility when services go down
• Alerting-ready foundation

Container management with Portainer

I used Portainer as an operations dashboard for day-to-day management.

It simplified:

• Container lifecycle control
• Log inspection
• Volume and network management

For quick troubleshooting, this was much faster than doing every operation via CLI.

Multi-domain hosting on one VPS

One of the best outcomes from this architecture:

A single server can reliably host multiple websites and APIs.

Examples:

• example1.com
• example2.com
• api.example2.com

Each endpoint is routed at the proxy layer while keeping backend containers isolated.

Key learnings

• ARM64 servers are absolutely production-capable
• Docker makes infrastructure easier to reason about and operate
• Reverse proxies are foundational for multi-app hosting
• Security decisions should come early, not after launch
• Monitoring is mandatory for reliability, not optional

What is next

My next upgrades are:

• CI/CD pipelines for automated deployment
• Data layer services (PostgreSQL and Redis)
• Horizontal scaling across multiple nodes

Final thoughts

This project helped me close the gap between writing software and running software in production.

Instead of depending entirely on platforms, I now have a self-managed hosting environment with clearer control, stronger reliability, and better operational insight.

If you are learning backend engineering or DevOps, I strongly recommend building a platform like this at least once. You will learn lessons that tutorials rarely teach.

සුභ අලුත් අවුරුද්දක් වේවා! இனிய புத்தாண்டு வாழ்த்துக்கள்! Happy Aurudu again to everyone celebrating.