Modern stack for Chilean SMBs 2026 (Docker + Traefik + GitHub Actions)

A Chilean SMB that develops software does not have to choose between “shared hosting with cPanel” or “AWS with a dedicated sysadmin”. There is a modern, controllable, cheap and robust sweet spot that aGo uses for all of its products and client work. This post describes it.

The principles

Local-first: what runs in production must run the same on your laptop.
Reproducible: anyone with git clone and docker compose up brings the project online.
Versioned: infrastructure as code.
Automated: deploy to production is a git push.
Cheap: costs between USD 5 and USD 50 a month to keep several projects running.

The stack

Local (your machine)

Docker Compose: defines services (app, DB, cache, etc.) in a docker-compose.yml.
Local Traefik with .localhost subdomains: each project at its URL (project.localhost) without touching /etc/hosts.
.env per project: secrets and configuration outside the repo.

Repository (GitHub)

Private repo per project.
.github/workflows/deploy.yml: deploy pipeline.
Secrets managed with gh secret set.

Production (Hetzner or Hostinger VPS)

VPS with Ubuntu 22.04 or 24.04.
Docker + Traefik routing by subdomain.
Let’s Encrypt for automatic SSL.
Each project in its docker-compose.yml on a Docker network shared with Traefik.
Automated backups to S3-compatible storage (Cloudflare R2, Hetzner Object Storage).

The workflow

Day 1 — Local setup

mkdir my-project && cd my-project
git init
# create docker-compose.yml, Dockerfile, .env.example, .gitignore
docker compose up
# open http://my-project.localhost

Day 2 — Push and deploy

git add . && git commit -m "feat: initial"
gh repo create my-project --private --source=. --push
# configure GH Actions with VPS secret
gh secret set VPS_SSH_KEY < ~/.ssh/id_rsa
git push origin main  # Actions runs the deploy

Day 3 — Iteration

# you work locally
git push origin main  # every push deploys

Why Traefik and not nginx

Configuration by labels in docker-compose.yml, not by loose files.
Dynamic routing: bring up a new service and it appears online without restarting Traefik.
Automatic Let’s Encrypt.
Useful middleware (rate limiting, basic auth, HTTPS redirect) declarative.

Why Hetzner Cloud / Hostinger VPS and not AWS/GCP

Cost: Hetzner CX31 costs around USD 10/month for a VPS that can host several small projects.
Simplicity: you do not need complex IAM, VPC, security groups. One public IP, one firewall.
LATAM support: invoices in USD/EUR without complications, reasonable latency from Chile.

AWS/GCP make sense when your product needs serious horizontal scaling (>1M req/day) or specific managed services (RDS Multi-AZ, BigQuery, etc.). Before that, they add unnecessary complexity.

The base `.env`

aGo keeps a root .env with reusable credentials: R2 storage, Acumbamail SMTP, Flow Chile (payments), Browserless (rendering), multiple LLM providers. Each new project starts by taking what it needs instead of configuring everything from scratch.

Common mistakes

1. Editing code on the VPS

Temptation: “it’s a small fix, I’ll fix it on the server”. Result: VPS and repo diverge. Next deploy overwrites the fix. aGo rule: NEVER fix code on the VPS. Only .env, infrastructure, backups. Code is fixed locally, pushed, GitHub Actions deploys.

2. Secrets in the repo

Even if the repo is private, secrets live in .env (local) or in GitHub Secrets / Doppler / Vault (production). Never in versioned files.

3. No backups

Daily automated backup to R2 or S3-compatible. Without it, an accidental restore plus a bug equals total loss.

4. Over-engineering from day 1

Kubernetes for a site serving 100 req/min is overkill. Start with simple Docker Compose, scale when it hurts.

Concrete stack recommended for 90% of cases

# docker-compose.yml
services:
  app:
    image: your-image:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.app.rule=Host(`yourproject.cl`)"
      - "traefik.http.routers.app.tls.certresolver=letsencrypt"
    networks:
      - traefik-net
      - internal

  db:
    image: postgres:16
    volumes:
      - db_data:/var/lib/postgresql/data
    networks:
      - internal

  redis:
    image: redis:7
    networks:
      - internal

volumes:
  db_data:

networks:
  traefik-net:
    external: true
  internal:

GitHub Actions deploys with a simple workflow that sshs into the VPS, git pull, docker compose up -d.

Real cases

aGo uses this stack for:

hub.nubiq.ai (multi-tenant chatbot SaaS)
sign.datanubi.com (electronic signature)
finanzas.datanubi.com (IPSA analysis with ML)
quelicitar.cl (B2B public procurement)
linki.cl (URL shortener + event QR)

All run under the same pattern with variations on the internal stack (Django, Next.js, Go).

Frequently asked questions

Is it valid for a non-technical SMB?

A non-technical SMB probably hires someone who is technical. The point of the stack is that any dev/operator understands what happens, it is not a black box.

Does it work for high availability?

With a single VPS, no. For real HA you need multiple nodes, a load balancer and a replicated DB. When you reach that level of traffic, this stack falls short, but migration is gradual.

Are Cloudflare Pages / Vercel simpler?

For pure static sites, yes. For apps with backend, DB and queued processes, this stack gives you more control and less lock-in.

Who supports this if I do not want to deal with it?

aGo services cover a full setup of this stack for your project, maintenance and monitoring.

Conclusion

Docker Compose + Traefik + GitHub Actions + USD 10/month VPS covers 90% of the technical needs of a Chilean SMB that develops software. No lock-in, controllable, cheap, productive from day 1. It is the stack aGo uses internally and for clients.

Want us to assemble your setup? Let’s talk.