Introduction

Plausible is an open-source analytics tool that provides insights into website traffic without compromising user privacy. While Plausible offers a hosted service, self-hosting can significantly reduce costs, especially for sites with moderate to high traffic. The hosted version starts at €9/month, but the cost ramp up significanly with higher traffic. By self-hosting on Hetzner Cloud, you can run it for as little as €4.74/month, regardless of your traffic volume.

This guide will walk you through setting up a server on Hetzner Cloud and installing Plausible CE using Ubuntu 24.04 and Docker. Support the author by visiting their blog at sadi.kayas.dk.

Pre-requisites

Before you begin, ensure you have the following:

• Hetzner Cloud: Set up a server, such as the CX22 type, which costs approximately €4.74/mo.
• Ubuntu 24.04: Select Ubuntu 24.04 as your operating system.
• SSH Key: Have an SSH key ready for secure login.
• Ubuntu Pro Account: Optional, but recommended for Livepatch.

Basic Security Setup

Step 1: Create a new user

Once you've logged into your server as the

root

root

Create a new user: (Replace

sadi

$ adduser sadi

When creating the user, you'll be prompted for a password and optional additional information. Enter a strong password and fill in any other details as desired.

Example Output:

info: Adding user `sadi' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `sadi' (1000) ...
info: Adding new user `sadi' (1000) with group `sadi (1000)' ...
info: Creating home directory `/home/sadi' ...
info: Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for sadi
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] y
info: Adding new user `sadi' to supplemental / extra groups `users' ...
info: Adding user `sadi' to group `users' ...

Step 2: Grant root privileges

To perform administrative tasks without constantly switching between the

root

sudo

$ usermod -aG sudo sadi

Create an

.ssh

authorized_keys

$ mkdir /home/sadi/.ssh
$ cp .ssh/authorized_keys /home/sadi/.ssh
$ chown -R sadi:sadi /home/sadi/.ssh

After setting up the new user, log out of the

root

Step 3: Disable root SSH login

To enhance security, disable SSH login for the

root

$ sudo nano /etc/ssh/sshd_config

Find the line that says

#PermitRootLogin prohibit-password

no

PermitRootLogin no

Tip: To save the file, press

CTRL+X

Y

ENTER

Restart the SSH service to apply the changes.

$ sudo systemctl restart ssh

(Optional) Set up firewall

Consider setting up a firewall using Hetzner Cloud to restrict incoming traffic to only your SSH port, ports 80 and 443.

Step 4: Enable unattended upgrades

Ensure that automatic updates are enabled to keep your server secure.

$ sudo systemctl status unattended-upgrades.service

This service should be active and running.

Example Output:

● unattended-upgrades.service - Unattended Upgrades Shutdown
     Loaded: loaded (/usr/lib/systemd/system/unattended-upgrades.service; enabled; preset: enabled)
     Active: active (running) since Sun 2025-03-16 08:50:45 UTC; 53min ago
       Docs: man:unattended-upgrade(8)
   Main PID: 954 (unattended-upgr)
      Tasks: 2 (limit: 4540)
     Memory: 11.0M (peak: 11.3M)
        CPU: 159ms
    CGroup: /system.slice/unattended-upgrades.service

(Optional) Enable Livepatch

If you have an Ubuntu Pro Account, enable Livepatch for automatic kernel updates without reboots.

$ sudo pro attach

Follow the prompts to complete the setup.

Example Output:

Initiating attach operation...

Please sign in to your Ubuntu Pro account at this link:
https://ubuntu.com/pro/attach
And provide the following code: [CODE]

Attaching the machine...
Enabling Ubuntu Pro: ESM Apps
Ubuntu Pro: ESM Apps enabled
Enabling Ubuntu Pro: ESM Infra
Ubuntu Pro: ESM Infra enabled
Enabling Livepatch
Livepatch enabled
This machine is now attached to 'Ubuntu Pro'

SERVICE          ENTITLED  STATUS       DESCRIPTION
anbox-cloud      yes       disabled     Scalable Android in the cloud
esm-apps         yes       enabled      Expanded Security Maintenance for Applications
esm-infra        yes       enabled      Expanded Security Maintenance for Infrastructure
landscape        yes       disabled     Management and administration tool for Ubuntu
livepatch        yes       enabled      Canonical Livepatch service
realtime-kernel  yes       disabled     Ubuntu kernel with PREEMPT_RT patches integrated
usg              yes       disabled     Security compliance and audit tools

Installing Plausible

Plausible CE is managed using Docker, so you need to install Docker first.

$ sudo apt update
$ sudo apt install apt-transport-https ca-certificates curl software-properties-common
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
$ sudo apt install docker-ce

To run Docker commands without using

sudo

docker

sudo usermod -aG docker sadi

Log out and back in to apply the group change.

We're now ready to clone and setup Plausible.

$ git clone -b v2.1.5 --single-branch https://github.com/plausible/community-edition plausible-ce
$ cd plausible-ce
$ touch .env
$ echo "BASE_URL=https://plausible.example.com" >> .env
$ echo "SECRET_KEY_BASE=$(openssl rand -base64 48)" >> .env
$ echo "HTTP_PORT=80" >> .env
$ echo "HTTPS_PORT=443" >> .env

Replace

https://plausible.example.com

Create an override file to expose Plausible to the web:

$ cat > compose.override.yml << EOF
services:
  plausible:
    ports:
      - 80:80
      - 443:443
EOF

Start the Plausible service:

$ docker compose up -d

Your Plausible instance is now running and is accessible at the specified

BASE_URL