Self-Hosting changedetection.io on a Tiny VPS (DigitalOcean 512MB)

After experimenting with various website change detection tools, I decided to self-host changedetection.io — a fantastic open-source app that lets you monitor specific elements on websites, including JavaScript-heavy ones, using CSS or XPath selectors.

This post outlines how I deployed it on a tiny 512MB DigitalOcean droplet, hardened the server, and set up Pushover notifications — all without relying on bloated stacks. It comes at a small cost of $4.80 (at the time of writing). I did look around for a free tier, but most didn’t offer persistent storage and had sleep timers; I wanted this running 24/7. Considering most paid services have fewer features and cost more than this, I decided it’s worth it.

☁️ Step 1: Droplet Setup

I created a basic 512MB RAM / 1vCPU droplet (the cheapest one) on DigitalOcean. Select Ubuntu 22.04 LTS.
Once running, I SSH’d in and installed Docker:

sudo apt update
sudo apt install docker.io -y

Before you save your droplet, it will ask you if you want to use passwords or keys, I strongly suggest keys (see step 2 below), otherwise, skip step 2.

🔑 Step 2: Setting Up SSH Access with PuTTY (No Passwords, All Keys)

For secure, password-less access to your droplet, I used PuTTY and PuTTYgen to generate and manage SSH keys. Here’s how to do it right:

🧰 Tools Needed:

  • PuTTY
  • PuTTYgen (included in the full PuTTY installer)

🛠️ Generate the SSH Key Pair

  1. Open PuTTYgen
  2. Under Key type, leave as RSA
  3. Set 2048 or 4096 bits for better security
  4. Click Generate, then move your mouse around the window
  5. (Optional) Add a passphrase for extra protection

⚠️ Don’t close the window yet — you’ll need the public key to enter into the droplet creation window where you select key authentication. Paste it in and create the droplet. While that’s starting up you can continue with the rest of the key steps.

💾 Save Your Keys

  • Click Save private key → save as do_rsa.ppk
  • Copy the entire contents of the “Public key for pasting into OpenSSH” field at the top

🖥️ Connect Using PuTTY

  1. Open PuTTY
  2. In Host Name, enter your droplet IP
  3. In the left pane, go to Connection → SSH → Auth
  4. Under “Private key file for authentication”, select your .ppk file
  5. Go back to Session, give it a name, and click Save
  6. Click Open to connect
  7. The username is root
  8. The password is the one you set when you created the key and is used to access the key.

You should now be logged in securely using your SSH key.

Step 2: Deploying changedetection.io (with Resource Limits)

To prevent out-of-memory crashes on the tiny VPS, I capped the container’s resources and enabled automatic restarts:

bashCopyEditdocker run -d \
  --name changedetection \
  -p 5000:5000 \
  -v ~/changedetection-data:/datastore \
  --memory="300m" \
  --memory-swap="512m" \
  --restart unless-stopped \
  dgtlmoon/changedetection.io

The volume ensures settings and monitored sites are persisted even if the container is recreated.

🔐 Change the password

Browse to the app and set a password, as currently, anyone visiting your server has full access to the app

http://droplet-ip:5000/

🧠 Add Swap Space

Just in case memory spikes:

bashCopyEditsudo fallocate -l 1G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile swap swap defaults 0 0' | sudo tee -a /etc/fstab

This adds 1GB of swap space, reducing the chance of memory-related crashes.

🔐 Step 3: Hardening the Server

To reduce attack surface:

✅ I enabled UFW:

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22
sudo ufw allow 5000
sudo ufw enable

✅ I also applied a DigitalOcean Cloud Firewall:

  • allowed ports 22 (SSH)
  • Added custom rule for port 5000 to my IP address (if this doesn’t suit you then keep in mind the whole world can access your system, so you better keep it patched).
  • Blocked all other inbound traffic

✅ Disabled password SSH login:

sudo nano /etc/ssh/sshd_config

⚠️ WARNING: You risk locking yourself out of your droplet if you haven’t setup key based access (you should have done this above) but if for whatever reason you are still using passwords, then skip this next step. If you do lock yourself out you will need to use the recovery tools in Digital Ocean to get back in. It’s not a big deal.

Set:

PasswordAuthentication no

Then restart SSH:

sudo systemctl restart ssh

🔔 Step 4: Enabling Pushover Notifications

To get mobile alerts when specific website elements change:

  1. Created a new app at pushover.net
  2. Got my User Key and API Token
  3. In the changedetection.io settings, added this under Notification URLs:
pover://user@token

Worked perfectly for real-time push alerts.

There’s tons of supported notification services see AppRise

✅ Done! Lean, Fast, and Private

Now I have a fully self-hosted, lightweight website change detection platform running smoothly on minimal hardware — no cloud lock-in, no unnecessary bloat, and complete control over what gets monitored and how I’m notified.

It works great, much better than ChangeTower, Wachete, etc.

Tags

Related Posts

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.