---
name: container-deploy
description: Deploy a Docker container to a secure HTTPS URL on an isolated VM. Use when the user wants to ship/host/deploy a container, add a custom domain, scale a service, or check a live deployment.
---

# container-deploy

Build a Docker image and deploy it to a public, SSL'd URL. The flow is
build → authenticate → deploy → (optional) custom domain. These examples use the
**bootload** CLI as the host, but the structure applies to any container host.

## Reference docs — read before acting
- Guides: https://bootload.io/docs/
- Getting started: https://bootload.io/docs/getting-started/
- Custom domains: https://bootload.io/docs/custom-domains/
- Pushing your own images: https://bootload.io/docs/your-images/
- Volumes & backups: https://bootload.io/docs/volumes-and-backups/
- CLI reference (the source of truth for commands and flags): https://bootload.io/docs/cli/

Fetch the CLI page before constructing a command. Never guess a flag.

## Install the CLI
`curl -fsSL https://my.bootload.io/v1/cli/install.sh | sh` then verify with
`bootload version`. (Detects OS/arch, verifies checksums.)

## Account
- **New user:** `bootload signup --email <email>`, then confirm via the inbox.
  Alternatively create it in the browser: https://my.bootload.io/
- **Returning:** `bootload login --email <email>` (token is stored locally).
  Verify with `bootload whoami`.
- **Fund before deploying:** check `bootload wallet balance`; top up with
  `bootload wallet topup --amount <n>`. Treat the wallet as real money — surface
  the balance to the user before spending.

## Deploy loop
1. `docker build -t <name> .` and confirm the container runs locally
   (`docker run --rm -p <p>:<p> <name>`).
2. `bootload deploy --image <ref> --port <port:http> [--name <n>] [--domain <d>] [--volume <v:/path>] [--vcpu <n>] [--memory <mb>]`
3. `bootload status <service>` — confirm replicas are healthy and TLS is issued.
4. Report the live `https://…` URL back to the user.
5. If it does not come up healthy: `bootload logs <service> -f` (add `--grep <q>`).

## Custom domain & SSL
`bootload domain add <domain>` prints a DNS verification record. Once DNS
resolves, TLS is issued automatically.

## Operate
- `bootload logs <service> [-f] [--grep <q>]`
- `bootload metrics <service>`
- `bootload restart <service> [--image <ref>]`
- `bootload scale <service> --replicas <n>` — `0` pauses the service and stops billing.
- `bootload deployments` / `bootload rollback <service>`

## Images, secrets, volumes
- Push: `bootload image login` then `bootload image push <local-image> [--as name:tag]`.
- Private registry: `bootload registry add <name> --url <host> --username <u> --token <t>`.
- Secrets are **write-only**: `bootload secret set NAME [--service <svc>]`. Values
  can never be read back — never attempt to print them.
- Volumes: `bootload volume create <name> --size <GB>`; back up with
  `bootload backup create <volume>`.

## Guardrails
- Confirm image ref + port with the user before the first deploy.
- Treat the wallet as real money; show balance before topping up.
- Never print secret values; they are write-only by design.
- Prefer `scale --replicas 0` over deleting a service to pause it cheaply.