(no title)

We also have a separate repository with examples and code for how to host Plausible Analytics with docker-compose: https://github.com/plausible/hosting

The hosting repo includes everything you need including databases, MaxMind GeoIP database, reverse proxy for SSL, etc.

We don't host with docker-compose ourselves because we want to scale our databases independently from the app server.

I'm not sure I understand your question. Secrets should never be committed to source control, whether the repo is public or not. Being open source does not change how we manage secrets in the slightest.

Does that answer your question?