Skip to main content

Operating your instance

Day-two care: keeping it current, keeping copies of your data, and the three things that most often go wrong.

Updating

docker compose pull && docker compose up -d

It pulls any newer images and recreates the containers; database migrations run automatically when the api container starts.

Backups

Your data lives in bind-mounted folders under ./data/ (Postgres, uploaded files, installed modules, Caddy certs). Copy the whole ./data/ tree and you have a complete backup. For a database-only dump:

docker compose exec db pg_dumpall -U cobblr | gzip > cobblr-backup-$(date +%F).sql.gz

Workspace-level backups (restorable snapshots of one workspace, and off-box destinations like Google Drive) are covered in Backup and export.

Troubleshooting

  • A device can't reach it (Tailscale). Confirm that device is signed into the same tailnet and that tailscale serve status on the box shows the app on 127.0.0.1:8088. If you meant to reach it from off the tailnet, that needs tailscale funnel, not serve.
  • Phone can't reach the DuckDNS or Cloudflare name, laptop can. Some routers and Pi-hole setups block public names that resolve to private IPs ("DNS rebind protection"). Add an exception for the name, or add a local DNS entry mapping it to the LAN IP. This only applies to the internet-facing paths; Tailscale doesn't use public DNS at all.
  • Certificate didn't issue (DuckDNS or Cloudflare). Check docker compose logs caddy. The usual causes: a wrong DUCKDNS_TOKEN or CLOUDFLARE_API_TOKEN, a blank COBBLR_ACME_EMAIL (the log shows a parse error on a bare email line; the builder fills it from your email), or the box has no outbound internet. Certificates are cached under ./data/caddy once issued, so this is a first-run problem, not a recurring one.
  • Camera still blocked. Confirm the address bar shows https:// with no warning. On the offline CA option, the certificate must be trusted, not just installed; on iOS that's the extra toggle under Certificate Trust Settings.