lift doctor
Run diagnostic checks on the server to verify all requirements. Use --cutover to run additional pre-handover safety checks.
lift doctor
Run diagnostic checks on the server to verify all requirements for running Lift are met. Performs 16 core health checks and reports pass/warn/fail for each. Additionally checks deployed app containers and (if a domain is configured) DNS and SSL status.
Diagnostic Checks
Infrastructure
| Check | Pass | Warn | Fail |
|---|---|---|---|
| Docker | Installed, version shown | - | Not installed |
| Docker Compose | Plugin installed, version shown | - | Not installed |
| Docker Daemon | Running | - | Not running |
| Disk Space | >= 5 GB available | 2-5 GB available | < 2 GB available |
| Memory | >= 1024 MB total | 512-1024 MB total | < 512 MB total |
| Git | Installed, version shown | - | Not installed |
| Docker Network | onelift-network exists | Not found (will be created) | - |
| OS Info | OS name displayed | - | - |
Security
| Check | Pass | Warn | Fail |
|---|---|---|---|
| UFW Firewall | Active | Not installed or inactive | - |
| Fail2ban | Installed and running | Not installed or not running | - |
| SSH Hardening | Root login disabled, password auth off | Insecure settings detected | - |
| Unattended Upgrades | Installed and enabled | Not installed or not enabled | - |
| Kernel Hardening | All sysctl rules set | Missing sysctl rules | - |
Services
| Check | Pass | Warn | Fail |
|---|---|---|---|
| Traefik | Running, accessible | - | Not running or unhealthy |
| PostgreSQL | Running, accepting connections | Not found (skip) | Not responding |
| Redis | Running, PONG response | Not found (skip) | Not responding |
Example
$ lift doctor
Running server diagnostics...
✓ Docker 27.1.1
✓ Docker Compose v2.29.1
✓ Docker daemon is running
✓ 42GB available
✓ 4096MB total memory
✓ git version 2.43.0
✓ onelift-network exists
✓ Ubuntu 24.04 LTS
✓ UFW active
✓ Fail2ban running (2 jails)
✓ SSH hardening OK
✓ Unattended upgrades enabled
✓ Kernel hardening OK
✓ Traefik running
✓ PostgreSQL accepting connections
✓ Redis responding (PONG)
All 16 checks passed
Cutover Pre-Handover Checks
Use --cutover to run 5 additional checks that verify your server is ready for handover. These checks ensure you won't lose access after OneLift removes its platform SSH key.
$ lift doctor --cutover
| Check | Pass | Warn | Fail |
|---|---|---|---|
| User SSH Key | At least 1 non-platform key found | - | No user key — cutover would lock you out |
| All Services Healthy | All containers running | - | Stopped or exited containers found |
| Cron Jobs Installed | Backup/cleanup cron entries found | No cron jobs found | - |
| Backup Recent | Last backup < 60 minutes ago | Last backup > 60 minutes ago | - |
| Disk Usage (<80%) | Usage below 70% | Usage 70-80% | Usage above 80% |
Example
$ lift doctor --cutover
Running server diagnostics...
✓ Docker 27.1.1
✓ Docker Compose v2.29.1
✓ Docker daemon is running
✓ 42GB available
✓ 4096MB total memory
✓ git version 2.43.0
✓ onelift-network exists
✓ Ubuntu 24.04 LTS
Running cutover pre-handover checks...
✓ User SSH Key 1 user SSH key(s) found
✓ All Services Healthy All containers running
✓ Cron Jobs Installed 3 cron job(s) configured
✓ Backup Recent Last backup 5 minutes ago
✓ Disk Usage (<80%) Disk usage: 42%
All 13 checks passed
Run lift doctor --cutover before starting the handover from the dashboard. If any check fails, resolve it first — especially the SSH key check. Without your own SSH key, you will be locked out after cutover.
Related
- Cutover (Handover) - Full cutover documentation
- lift status - Check container status
- lift push - Deploy your application
- lift init - Initialize a new project