Container Infrastructure
A self-hosted Incus container architecture running 40+ projects on a single Hetzner server. Each application is fully isolated with its own container, from Laravel apps deployed via VitoDeploy to Python services managed with systemd — all fronted by Caddy.
How it works
+-----------------------------------------------+
| Hetzner Cloud |
| +-----------------------------------------+ |
| | Ubuntu + Incus Host | |
| | | |
| | +---------------------------------+ | |
| | | Caddy Reverse Proxy | | |
| | +------+----------+----------+----+ | |
| | | | | | |
| | +----v----++----v----++----v----+ | |
| | | App 1 || App 2 || App N | | |
| | | Laravel || FastAPI || ... | | |
| | +----+----++----+----++----+----+ | |
| | | | | | |
| | +----v----------v----------v----+ | |
| | | Shared Services | | |
| | | MySQL · Redis · Logs | | |
| | +-------------------------------+ | |
| | | |
| | +-------------------------------+ | |
| | | VitoDeploy Panel | | |
| | | Zero-downtime deploys | | |
| | +-------------------------------+ | |
| +-----------------------------------------+ |
+-----------------------------------------------+All HTTPS traffic hits the Caddy reverse proxy, which automatically provisions TLS certificates and routes requests to the correct isolated container. Each application runs in its own Incus container with dedicated resources, while shared services like MySQL and Redis are accessible across the internal network.
Technology Stack
Incus
Lightweight system containers
Caddy
Automatic HTTPS reverse proxy
FastAPI
Python API services via systemd
VitoDeploy
Zero-downtime PHP deployments
Ubuntu
Container base images
MariaDB
Shared database cluster
Redis
Shared caching layer
systemd
Service management per container
Restic
Encrypted backups to S3
Key Benefits
- Full isolation — Each project runs in its own container with dedicated resources
- Resource control — CPU and memory limits per container via Incus profiles
- Zero-downtime deploys — VitoDeploy handles atomic PHP releases, Python services run via systemd
- Automatic HTTPS — Caddy provisions and renews TLS certificates automatically
- Cost efficiency — 40+ projects on a single Hetzner server vs. per-project hosting
