Self-hosted PaaS in a single binary.
An open-source, lightweight PaaS — small enough for a $5 VPS, simple enough to run for years.
- Idle RAM
- 20–40 MB
- Binary size
- ~15 MB
- Templates
- 35+
Features
Docker containers
Create, start, stop, restart, remove. Live logs and stats from the Docker Engine API via Bollard.
Compose stacks
Deploy any Docker Compose file with a built-in YAML editor. Auto-injected into pier-net.
Git to deploy
GitHub, GitLab and Bitbucket — webhooks, GitHub App flow, deploy keys. Build from Dockerfile, image, or Compose. Auto-deploy on push.
One-click templates
35+ curated services: PostgreSQL, Redis, ClickHouse, Cassandra, ScyllaDB, Qdrant, Grafana, Gitea, Supabase, Matrix, Minecraft and more.
Auto-build (Railpack)
Zero-config builds straight from a Git repo — Node, Python, Go, Rust, PHP, Java, Ruby, Vite/Astro and more. No Dockerfile, no buildpack config. Successor to Nixpacks, by the Railway team.
Automatic HTTPS
Traefik reverse proxy with Let's Encrypt. Custom domains, path-based routing, auto-generated service URLs.
Scheduled backups
Native pg_dump / mysqldump / mongodump / redis BGSAVE on a cron. Ship to any S3-compatible bucket — including Bunny.net.
Multi-server
Lightweight agents installed by curl | sh. Heartbeat, system metrics, location tracking — one dashboard for the whole fleet.
Real-time metrics
CPU, RAM, disk, and network for every container — live charts built on uPlot.
Encrypted secrets
AES-256-GCM on every environment variable at rest in SQLite. Key stored outside the database.
Alerts & notifications
10 preset rules — high CPU, RAM, disk, container crashes, deploy or backup failures, agent offline, SSL expiring. Routed to Telegram, Discord, Slack and email with cooldowns.
Load balancing & replicas
Scale any service from 1 to N replicas. Three strategies — round-robin, weighted, sticky-cookie. Replicas distribute across servers; Traefik routes with health checks.
Two-factor auth (TOTP)
bcrypt password hashing, TOTP 2FA, JWT session tokens with revocation, and bearer API tokens. Single-admin today, role-based access on the roadmap.
Private registries
Per-project and global registry credentials for Docker Hub, GHCR, GitLab CR, AWS ECR or your own Harbor. Encrypted at rest with AES-256-GCM, never echoed in the UI.
npm Registry
Private packages + transparent npmjs.org mirror in the same binary. npm 7-11, yarn 1/2/3/4, pnpm and bun all work against one URL — a Verdaccio alternative without the extra container.
Self-update
Check for new builds from the UI. Atomic binary swap with rollback if the new version fails.
Embedded SQLite
No external database. WAL mode for concurrent reads. Backed up daily with the Pier config.
HTMX + Alpine.js
~30 KB of JavaScript. Server-rendered, progressively enhanced, dark mode, responsive.
Built for small VPS
Same core experience. Less weight. Numbers from a fresh install on a $5 VPS.
Architecture
One binary. One database. One process. Pier embeds the API server, UI, Docker control plane, and federation — all driven by a single Rust process.
Pier — single Rust binary
- AxumHTTP API · WebSocket
- MiniJinjaHTML + HTMX
- rusqliteSQLite (WAL)
- AuthJWT · AES-256-GCM
- BollardDocker Engine API
- FederationPeer cores · Agent promote
- BackupsS3 · Cron · Restore
- AlertsTelegram · Slack · SMTP
- TraefikReverse proxy · Let's Encrypt
- Docker EngineContainers · Compose · Images
- Git providersGitHub App · GitLab
- S3 / BunnyBackups · Object storage
- SMTPEmail notifications
- Peer coresMulti-server federation
Tech stack
Frequently asked questions
What is Pier?
Pier is an open-source, self-hosted Platform-as-a-Service written in Rust. It packages container management, Docker Compose, reverse proxy with automatic HTTPS, Git-to-deploy, alerts and notifications, multi-server agents, scheduled S3 backups and 35+ one-click service templates into a single ~15 MB binary that uses 20–40 MB of RAM idle.
How is Pier different from Coolify?
Coolify is a Laravel/PHP application that runs 6+ support containers and needs 750 MB–1.2 GB RAM before you deploy anything. Pier delivers the same core features from a single Rust binary that uses 20–40 MB of RAM, making a $5/month VPS viable as a serious deployment target.
What are the minimum server requirements?
Pier runs on any Linux server with Docker installed. Minimum: 512 MB RAM and 1 vCPU. Recommended for active deployments: 1 GB RAM and 1 vCPU. Pier ships as a single static musl binary for x86_64 and aarch64.
Is Pier free?
Yes. Pier is licensed under AGPL-3.0 — free to self-host and modify. If you offer a modified version as a network service, you must share your modifications under the same license. Commercial licenses without AGPL obligations are available on request.
Where does Pier store my data?
Pier uses an embedded SQLite database with WAL mode stored alongside the binary. Environment variables and registry credentials are encrypted at rest with AES-256-GCM, with the encryption key stored outside the database. Daily backups of the database and key are written to the data directory.
Does Pier support multi-server / fleet management?
Yes. Pier installs lightweight agents on remote servers via a single curl | sh command. The Core dashboard tracks heartbeats, system metrics (CPU, RAM, disk, Docker version) and server location, and distributes deployments and load-balanced replicas across the fleet from one UI.
How do alerts and notifications work?
Pier ships 10 preset alert rules (high CPU, RAM, disk, container crashed, deploy failed, backup failed, agent offline, SSL expiring soon, etc.) with configurable thresholds and cooldown windows. Notifications are delivered to Telegram, Discord, Slack and Email channels — multiple channels per rule, with per-rule routing.
Can I deploy from a private Docker registry?
Yes. Pier supports per-project and global registry credentials for any Docker-compatible registry (Docker Hub, GHCR, GitLab Container Registry, AWS ECR, private Harbor, etc.). Credentials are encrypted with AES-256-GCM and injected at pull time without ever being exposed to the UI.
Does Pier support load balancing and replicas?
Yes. You can scale any service from 1 to N replicas with three load-balancing strategies — round-robin, weighted, and sticky-cookie session affinity. Replicas distribute across multiple servers when agents are connected, and Traefik routes requests transparently with health checks.
How does Pier compare to Dokku, Kamal and CapRover?
Dokku and Kamal are CLI-first and assume one box per project; CapRover is a heavier Docker Swarm UI. Pier sits between them: a single Rust binary with a full web UI, multi-server agents, alerts, encrypted secrets, registry auth, scheduled backups and a 35+ template catalog — without bringing along a Postgres, Redis or PHP runtime as a hard dependency.
Ready to deploy?
One command installs Pier on any Ubuntu or Debian VPS.
curl -fsSL https://pier.sh/install | sudo bash