VPS (systemd)
Run Conloca directly on a Linux VPS as a systemd service. This is a lightweight alternative to Docker for servers where you want to run Bun natively.
Prerequisites
- A Linux server (Ubuntu, Debian, RHEL, etc.)
- Bun installed (bun.sh)
- A built Astro site with Conloca configured (
bun run buildcompleted)
Setup
1. Create a system user
Create a dedicated user for running the CMS:
sudo useradd -r -m -d /home/conloca -s /usr/sbin/nologin conloca
2. Deploy the application
Copy your built application to /opt/conloca:
sudo mkdir -p /opt/conloca
sudo cp -r dist node_modules package.json /opt/conloca/
sudo cp -r content /opt/conloca/
sudo chown -R conloca:conloca /opt/conloca
3. Create the systemd unit file
Create /etc/systemd/system/conloca.service:
[Unit]
Description=Conloca CMS
After=network.target
[Service]
Type=simple
User=conloca
WorkingDirectory=/opt/conloca
ExecStart=/home/conloca/.bun/bin/bun run ./dist/server/entry.mjs
Restart=always
RestartSec=3
Environment=NODE_ENV=production
Environment=HOST=0.0.0.0
Environment=PORT=4321
[Install]
WantedBy=multi-user.target
If Bun is installed system-wide (e.g., via a package manager), adjust the ExecStart path accordingly:
ExecStart=/usr/local/bin/bun run ./dist/server/entry.mjs
4. Add environment variables
For authentication with Cloudflare Access, add these environment variables to the unit file:
Environment=CF_ACCESS_TEAM_NAME=YOUR_TEAM_NAME
Environment=CF_ACCESS_AUD=YOUR_APPLICATION_AUD_TAG
Or use an environment file for better security:
EnvironmentFile=/opt/conloca/.env
See the Cloudflare Access guide for how to obtain these values.
5. Enable and start
sudo systemctl daemon-reload
sudo systemctl enable --now conloca
Managing the service
Check status:
sudo systemctl status conloca
View logs:
journalctl -u conloca -f
Restart after an update:
sudo systemctl restart conloca
Updating
To deploy a new version:
# Build on your local machine
bun run build
# Copy to server
scp -r dist package.json node_modules user@server:/opt/conloca/
# Restart
ssh user@server 'sudo systemctl restart conloca'
Reverse proxy
For HTTPS, place a reverse proxy in front of Conloca. Here are examples for Caddy and nginx.
Caddy
Install Caddy and create /etc/caddy/Caddyfile:
cms.YOUR_DOMAIN.com {
reverse_proxy localhost:4321
}
Caddy automatically provisions TLS certificates via Let’s Encrypt.
sudo systemctl enable --now caddy
nginx
Install nginx and create /etc/nginx/sites-available/conloca:
server {
listen 80;
server_name cms.YOUR_DOMAIN.com;
location / {
proxy_pass http://127.0.0.1:4321;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support for live content updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Enable the site and use certbot for TLS:
sudo ln -s /etc/nginx/sites-available/conloca /etc/nginx/sites-enabled/
sudo certbot --nginx -d cms.YOUR_DOMAIN.com
sudo systemctl reload nginx
Next steps
- Cloudflare Tunnel — Expose without opening ports
- Docker deployment — Alternative container-based deployment
- Getting Started — Set up your first Conloca site