Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to setup Firefly III in 10 min with NGINX and auto-renewal SSL

I would like to tell how to setup Firefly III with auto-renewal SSL in docker-compose.

We will use jwilder.

This is NGINX which will be follow all containers and issue Let's encrypt certificates for them.

  1. Prepare server or rent VPS. I use hostens VPS, you can use my referral link, plus google some promotional code and it will be very cheap and good VPS.

I use Ubuntu 18.04.

You also need the domain name with А DNS record pointed to your server.

  1. Install docker and docker-compose

  2. Create folder nginx-proxy and docker-compose.yml inside this folder

mkdir nginx-proxy
cd nginx-proxy
vim docker-compose.yml
docker-compose.yml
version: '3'
services:
  nginx-proxy:
    image: jwilder/nginx-proxy:alpine
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./current/public:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro
      - ./vhost:/etc/nginx/vhost.d
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./pass:/etc/nginx/htpasswd:ro
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    environment:
      NGINX_PROXY_CONTAINER: nginx-proxy
      NGINX_DOCKER_GEN_CONTAINER: nginx-proxy
    volumes:
      - ./certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./vhost:/etc/nginx/vhost.d
      - ./current/public:/usr/share/nginx/html
networks:
  default:
    external:
      name: nginx-proxy
  1. Create external network first and than you can start this docker-compose
docker network create nginx-proxy
docker-compose up -d
  1. Return to your home folder and create firefly-iii folder. And docker-compose.yml in it. Copy content of official docker-compose.yml file and paste it.
cd
mkdir firefly-iii
cd firefly-iii
vim docker-compose.yml

Add this block in the end of file:

networks:
  default:
    external:
      name: nginx-proxy

It means that firefly instance will be running in one network with nginx-proxy.

Reference: official documentation about Firefly III in docker and cron.

  1. Create .env file near your docker-compose.yml file. Copy content of .env file from official link and paste it.
vim .env

Add this block to the .env file:

VIRTUAL_HOST=your_domain
VIRTUAL_PORT=8080
LETSENCRYPT_HOST=your_domain
LETSENCRYPT_EMAIL=info@your_domain

Replace your_domain with domain pointed to this server.

Please note, that these environment variables required for nginx-proxy jwilder.

firefly-iii and jwilder will work in the same network.

And in order to proxy firefly-iii jwilder need to see these envs.

Also edit TRUSTED_PROXIES variable to be TRUSTED_PROXIES=** Check other variables in file.

  1. You can now start your Firefly III instance
docker-compose up -d

Just after this command jwilder will proxy Firefly III instance with your domain and auto issue SSL for you. It also will check expiration date for SSL cert and auto-renew it when necessary.

BONUS

  1. Update to the latest version of Firefly III in one command!

This command will connect your VPS via SSH, update your Firefly III and delete unused docker images.

ssh YOU_SERVER_USER@YOUR_SERVER_IP "cd firefly-iii && docker-compose down && docker-compose pull && docker-compose up -d && docker system prune --all"

  1. Backup your DB every day.

8.1 In your docker-compose.yml change MYSQL_RANDOM_ROOT_PASSWORD=yes to MYSQL_ROOT_PASSWORD=SomeStrongPass.

Restart you docker-compose with docker-compose up -d --force-recreate

8.2 Create create_backup.sh file and chmod it with command chmod +x create_backup.sh. Create db-backup folder for backups.

8.3 Paste this to create_backup.sh file:

#!/bin/bash
ls -1 ~/firefly-iii/db-backup/backup_* | sort -r | tail -n +6 | xargs rm > /dev/null 2>&1
docker exec -it firefly-iii_fireflyiiidb_1 mysqldump -p'SomeStrongPass' firefly > ~/firefly-iii/db-backup/backup_$(date +"%m-%d-%y").sql

8.4 Setup cronjob.

crontab -e

Paste this: 0 0 * * * bash /home/vigrid/firefly-iii-v/create_backup.sh

add empty line in the end of file.

8.5 This will automaticaly creates backups every day and keeps last 6 backups.

@adrianviegas

This comment has been minimized.

Copy link

@adrianviegas adrianviegas commented Dec 6, 2019

While starting the docker for nginx-proxy, i get the following error

ERROR: Network nginx-proxy declared as external, but could not be found. Please create the network manually using docker network create nginx-proxy and try again.

I tried running the command given and it started; but after starting firefly i get 503 errors.

After some searching, this was in my /etc/nginx/conf.d/default.conf

server {
server_name _; # This is just an invalid value which will never trigger
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}

@optimistic5

This comment has been minimized.

Copy link
Owner Author

@optimistic5 optimistic5 commented Dec 6, 2019

@adrianviegas

  1. cd to your nginx-proxy folder and check the logs
    docker-compose logs or docker-compose logs -f or docker-compose logs --tail=200
    check both logs of nginx-proxy and letsencrypt service.
  2. make sure you domain is resolve your public IP.
    dig YOUR_IP
  3. make sure your 80 and 443 ports are open to the internet.
    nmap -p 80,443 YOUR_IP
  4. Check status and logs of Firefly, maybe it is down or restarting.
  5. Find out the name of your nginx container and check the full nginx.conf
    docker exec -it nginx-proxy_nginx-proxy_1 nginx -T
    note the private ip of Firefly container.
  6. Try to rich your Firefly with local IP from one of the docker, you can use curl
    docker exec -it nginx-proxy_nginx-proxy_1 apk add curl
    docker exec -it nginx-proxy_nginx-proxy_1 curl PRIVATE_IP_OF_FIREFLY_CONTAINER:80
@AgentPurpleLord

This comment has been minimized.

Copy link

@AgentPurpleLord AgentPurpleLord commented Feb 12, 2020

Any reason I would be getting a 503 Service Temporarily Unavailable?

@optimistic5

This comment has been minimized.

Copy link
Owner Author

@optimistic5 optimistic5 commented Feb 12, 2020

Any reason I would be getting a 503 Service Temporarily Unavailable?

Basically suggestions the same.
Please, check my answer above.

@nmosto

This comment has been minimized.

Copy link

@nmosto nmosto commented Feb 16, 2020

Hi,
Would you explain what the token is for the docker-compose.yml file? The link you posted no longer works. I am not sure what to do at this step. Thank you for your time.

@optimistic5

This comment has been minimized.

Copy link
Owner Author

@optimistic5 optimistic5 commented Feb 18, 2020

Hi,
Would you explain what the token is for the docker-compose.yml file? The link you posted no longer works. I am not sure what to do at this step. Thank you for your time.

I update links to official documentation, please check it.

@nmosto

This comment has been minimized.

Copy link

@nmosto nmosto commented Feb 18, 2020

Thank you for the reply. I found the documentation but still do not understand. I am not familiar with /profile or where this command line token header is. Could you walk me through this step? Thank you.

Of course you must replace the URL with the URL of your own Firefly III installation. The value can be found on your /profile under the "Command line token" header. This will prevent others from spamming your cron job URL.

@optimistic5

This comment has been minimized.

Copy link
Owner Author

@optimistic5 optimistic5 commented Feb 19, 2020

Thank you for the reply. I found the documentation but still do not understand. I am not familiar with /profile or where this command line token header is. Could you walk me through this step? Thank you.

Of course you must replace the URL with the URL of your own Firefly III installation. The value can be found on your /profile under the "Command line token" header. This will prevent others from spamming your cron job URL.

Just go to your firefly url and add /profile
your-firefly-url.com/profile
image

@marceldejongnl

This comment has been minimized.

Copy link

@marceldejongnl marceldejongnl commented May 26, 2020

Just go to your firefly url and add /profile
your-firefly-url.com/profile

But in the stage where you have to put the Token, the FireflyIII is not yet available

@optimistic5

This comment has been minimized.

Copy link
Owner Author

@optimistic5 optimistic5 commented May 27, 2020

Just go to your firefly url and add /profile
your-firefly-url.com/profile

But in the stage where you have to put the Token, the FireflyIII is not yet available

Ok 😃
Start FireFly and then configure token.

@marceldejongnl

This comment has been minimized.

Copy link

@marceldejongnl marceldejongnl commented Jul 28, 2020

Hi Optimistic5, I am now struggling with latest update, Firefly III now uses port 8080, instead of 80. Can you tell me how to update to keep it working?
Using the update script gives the following error in Nginx:
nginx-proxy_1 | nginx.1 | 2020/07/27 08:46:07 [error] 33#33: *4 connect() failed (111: Connection refused) while connecting to upstream, client: , server: , request: "GET / HTTP/2.0", upstream: "http://172.18.0.6:80/", host: ""

@optimistic5

This comment has been minimized.

Copy link
Owner Author

@optimistic5 optimistic5 commented Jul 28, 2020

Hi Optimistic5, I am now struggling with latest update, Firefly III now uses port 8080, instead of 80. Can you tell me how to update to keep it working?
Using the update script gives the following error in Nginx:
nginx-proxy_1 | nginx.1 | 2020/07/27 08:46:07 [error] 33#33: *4 connect() failed (111: Connection refused) while connecting to upstream, client: , server: , request: "GET / HTTP/2.0", upstream: "http://172.18.0.6:80/", host: ""

Hi.
Please, explore my latest revision of this gist.
I just changed exported port from 80 to 8080.
It should works.

@marceldejongnl

This comment has been minimized.

Copy link

@marceldejongnl marceldejongnl commented Jul 28, 2020

Thanks for your quick response, I changed the docker-compose.yml, executed:
cd firefly-iii && docker-compose stop firefly_iii_app && docker-compose rm && docker-compose pull firefly_iii_app && docker-compose up -d
did a reboot of the vps
but nginx still gives the same error. Do I need to change something in nginx to point it to the new port?

@optimistic5

This comment has been minimized.

Copy link
Owner Author

@optimistic5 optimistic5 commented Jul 28, 2020

Thanks for your quick response, I changed the docker-compose.yml, executed:
cd firefly-iii && docker-compose stop firefly_iii_app && docker-compose rm && docker-compose pull firefly_iii_app && docker-compose up -d
did a reboot of the vps
but nginx still gives the same error. Do I need to change something in nginx to point it to the new port?

I updated gist, please check it.
after this execute the following command inside firefly-iii and nginx-proxy folder
docker-compose up -d --force-recreate

it will reboot the containers, not need to reboot your vps.
check the logs of nginx one more time.
make sure this is new log (check timestamp).

@marceldejongnl

This comment has been minimized.

Copy link

@marceldejongnl marceldejongnl commented Jul 29, 2020

Perfect! Thank you very much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.