[DEPRECATED] How to setup Firefly III in 10 min with NGINX and auto-renewal SSL

FireflyIII-in-10-min.md

I would like to tell how to setup Firefly III with auto-renewal SSL in docker-compose.

We will use jwilder.

This is NGINX which will be follow all containers and issue Let's encrypt certificates for them.

0. Prepare server or rent VPS. I use hostens VPS, you can use my referral link, plus google some promotional code and it will be very cheap and good VPS.

I use Ubuntu 18.04.

You also need the domain name with А DNS record pointed to your server.

1. Install docker and docker-compose

2. Create folder nginx-proxy and docker-compose.yml inside this folder

mkdir nginx-proxy
cd nginx-proxy
vim docker-compose.yml

docker-compose.yml

version: '3'
services:
  nginx-proxy:
    image: jwilder/nginx-proxy:alpine
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./current/public:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro
      - ./vhost:/etc/nginx/vhost.d
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./pass:/etc/nginx/htpasswd:ro
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    environment:
      NGINX_PROXY_CONTAINER: nginx-proxy
      NGINX_DOCKER_GEN_CONTAINER: nginx-proxy
    volumes:
      - ./certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./vhost:/etc/nginx/vhost.d
      - ./current/public:/usr/share/nginx/html
networks:
  default:
    external:
      name: nginx-proxy

3. Create external network first and than you can start this docker-compose

docker network create nginx-proxy
docker-compose up -d

4. Return to your home folder and create firefly-iii folder. And docker-compose.yml in it. Copy content of official docker-compose.yml file and paste it.

cd
mkdir firefly-iii
cd firefly-iii
vim docker-compose.yml

change this block:

ports:
      - 80:8080

to this:

expose:
      - 8080

Also add this block in the end of file:

networks:
  default:
    external:
      name: nginx-proxy

It means that firefly instance will be running in one network with nginx-proxy.

Reference: official documentation about Firefly III in docker and cron.

5. Create .env file near your docker-compose.yml file. Copy content of .env file from official link and paste it.

vim .env

Add this block to the .env file:

VIRTUAL_HOST=your_domain
VIRTUAL_PORT=8080
LETSENCRYPT_HOST=your_domain
LETSENCRYPT_EMAIL=info@your_domain

Replace your_domain with domain pointed to this server.

Please note, that these environment variables required for nginx-proxy jwilder.

firefly-iii and jwilder will work in the same network.

And in order to proxy firefly-iii jwilder need to see these envs.

Also edit TRUSTED_PROXIES variable to be TRUSTED_PROXIES=** Check other variables in file.

6. You can now start your Firefly III instance

docker-compose up -d

Just after this command jwilder will proxy Firefly III instance with your domain and auto issue SSL for you. It also will check expiration date for SSL cert and auto-renew it when necessary.

BONUS

7. Update to the latest version of Firefly III in one command!

This command will connect your VPS via SSH, update your Firefly III and delete unused docker images.

ssh YOU_SERVER_USER@YOUR_SERVER_IP "cd firefly-iii && docker-compose down && docker-compose pull && docker-compose up -d && docker system prune --all"

8. Backup your DB every day.

8.1 In your docker-compose.yml change MYSQL_RANDOM_ROOT_PASSWORD=yes to MYSQL_ROOT_PASSWORD=SomeStrongPass.

Restart you docker-compose with docker-compose up -d --force-recreate

8.2 Create create_backup.sh file and chmod it with command chmod +x create_backup.sh. Create db-backup folder for backups.

8.3 Paste this to create_backup.sh file:

#!/bin/bash
ls -1 ~/firefly-iii/db-backup/backup_* | sort -r | tail -n +6 | xargs rm > /dev/null 2>&1
docker exec -it firefly-iii_fireflyiiidb_1 mysqldump -p'SomeStrongPass' firefly > ~/firefly-iii/db-backup/backup_$(date +"%m-%d-%y").sql

8.4 Setup cronjob.

crontab -e

Paste this: 0 0 * * * bash /home/vigrid/firefly-iii-v/create_backup.sh

add empty line in the end of file.

8.5 This will automaticaly creates backups every day and keeps last 6 backups.

While starting the docker for nginx-proxy, i get the following error

ERROR: Network nginx-proxy declared as external, but could not be found. Please create the network manually using docker network create nginx-proxy and try again.

I tried running the command given and it started; but after starting firefly i get 503 errors.

After some searching, this was in my /etc/nginx/conf.d/default.conf

server {
server_name _; # This is just an invalid value which will never trigger
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}

@adrianviegas

1. cd to your nginx-proxy folder and check the logs
   docker-compose logs or docker-compose logs -f or docker-compose logs --tail=200
   check both logs of nginx-proxy and letsencrypt service.
2. make sure you domain is resolve your public IP.
   dig YOUR_IP
3. make sure your 80 and 443 ports are open to the internet.
   nmap -p 80,443 YOUR_IP
4. Check status and logs of Firefly, maybe it is down or restarting.
5. Find out the name of your nginx container and check the full nginx.conf
   docker exec -it nginx-proxy_nginx-proxy_1 nginx -T
   note the private ip of Firefly container.
6. Try to rich your Firefly with local IP from one of the docker, you can use curl
   docker exec -it nginx-proxy_nginx-proxy_1 apk add curl
docker exec -it nginx-proxy_nginx-proxy_1 curl PRIVATE_IP_OF_FIREFLY_CONTAINER:80

Any reason I would be getting a 503 Service Temporarily Unavailable?

Any reason I would be getting a 503 Service Temporarily Unavailable?

Basically suggestions the same.
Please, check my answer above.

Hi,
Would you explain what the token is for the docker-compose.yml file? The link you posted no longer works. I am not sure what to do at this step. Thank you for your time.

Hi,
Would you explain what the token is for the docker-compose.yml file? The link you posted no longer works. I am not sure what to do at this step. Thank you for your time.

I update links to official documentation, please check it.

Thank you for the reply. I found the documentation but still do not understand. I am not familiar with /profile or where this command line token header is. Could you walk me through this step? Thank you.

Of course you must replace the URL with the URL of your own Firefly III installation. The value can be found on your /profile under the "Command line token" header. This will prevent others from spamming your cron job URL.

Thank you for the reply. I found the documentation but still do not understand. I am not familiar with /profile or where this command line token header is. Could you walk me through this step? Thank you.

Of course you must replace the URL with the URL of your own Firefly III installation. The value can be found on your /profile under the "Command line token" header. This will prevent others from spamming your cron job URL.

Just go to your firefly url and add /profile
your-firefly-url.com/profile

Just go to your firefly url and add /profile
your-firefly-url.com/profile

But in the stage where you have to put the Token, the FireflyIII is not yet available

Just go to your firefly url and add /profile
your-firefly-url.com/profile

But in the stage where you have to put the Token, the FireflyIII is not yet available

Ok 😃
Start FireFly and then configure token.

Hi Optimistic5, I am now struggling with latest update, Firefly III now uses port 8080, instead of 80. Can you tell me how to update to keep it working?
Using the update script gives the following error in Nginx:
nginx-proxy_1 | nginx.1 | 2020/07/27 08:46:07 [error] 33#33: *4 connect() failed (111: Connection refused) while connecting to upstream, client: , server: , request: "GET / HTTP/2.0", upstream: "http://172.18.0.6:80/", host: ""

Hi Optimistic5, I am now struggling with latest update, Firefly III now uses port 8080, instead of 80. Can you tell me how to update to keep it working?
Using the update script gives the following error in Nginx:
nginx-proxy_1 | nginx.1 | 2020/07/27 08:46:07 [error] 33#33: *4 connect() failed (111: Connection refused) while connecting to upstream, client: , server: , request: "GET / HTTP/2.0", upstream: "http://172.18.0.6:80/", host: ""

Hi.
Please, explore my latest revision of this gist.
I just changed exported port from 80 to 8080.
It should works.

Thanks for your quick response, I changed the docker-compose.yml, executed:
cd firefly-iii && docker-compose stop firefly_iii_app && docker-compose rm && docker-compose pull firefly_iii_app && docker-compose up -d
did a reboot of the vps
but nginx still gives the same error. Do I need to change something in nginx to point it to the new port?

Thanks for your quick response, I changed the docker-compose.yml, executed:
cd firefly-iii && docker-compose stop firefly_iii_app && docker-compose rm && docker-compose pull firefly_iii_app && docker-compose up -d
did a reboot of the vps
but nginx still gives the same error. Do I need to change something in nginx to point it to the new port?

I updated gist, please check it.
after this execute the following command inside firefly-iii and nginx-proxy folder
docker-compose up -d --force-recreate

it will reboot the containers, not need to reboot your vps.
check the logs of nginx one more time.
make sure this is new log (check timestamp).

Perfect! Thank you very much!

Any suggestions for how to deal with this error?

ERROR: for fireflyiii  Cannot start service fireflyiii: driver failed programming external connectivity on endpoint firefly_fireflyiii_1 (deb6981efa5f6cd2c68a3d7fdcd3673a5af2a0bc8393a214dc71c9e3c66cb750): Bind for 0.0.0.0:80 failed: port is already allocated

only thing running on that port 80 is the nginx proxy

Any suggestions for how to deal with this error?

I update my gist, please, check this chages

Both nginx and firefly wants to run on 80 port.
There are no need to expose port of firefly to your host, expose will be enough.

hi, could you please also provide some direction on how to integrate FIDI into this setup, using the same docker setup; official site does have the documentation that I had working, but not sure how it should play out with the nginx-proxy addition into the mix, specially if I want to use the same domain name with a different port for FIDI.

thanks

i attemped to add the below to my .fidi.env
it get's the main FIDI page, but missing scripts so it doesn't render completely, and then gets stuck on https://domainname/token (bad gateway)

VIRTUAL_HOST=<same domain as FireflyIII>
VIRTUAL_PORT=8080
VIRTUAL_PATH=/fidi
VIRTUAL_DEST=/

Great, by following those steps i broke my working instance...

I created a fork of this gist. It uses the recent Firefly version and the structure is simplified. Also added some additional explanations and minor improvements.

I want to run three application behind NGINX as a reverse proxy. Firefly III, PiHole and HomeAssistant. I've been trying it just with NGINX image and the other applications images, but I can't reach my goal.
Also, I want to run it just locally, in a local server, and I'll export the access to these applications through a VPN (Tailscale), so, I won't have a public domain, I just want to use virtual hosts that will work like domains for my local network and to the devices connected in my VPN.
Do you have some ideia whether is it possible using this approach with the nginx-proxy container?

Thanks in advance, great work!

I marked this gist as deprecated due to the reason that currently mariadb is recommended DB.

Do you have some ideia whether is it possible using this approach with the nginx-proxy container?

You can use official documentation for local setup. Add nginx-proxy (by the way image path now is nginxproxy/nginx-proxy and it should work.

For backwards compatibility jjwilded/nginx-proxy now is an alias to nginxproxy/nginx-proxy, so there is no difference between them, but yes using nginxproxy/nginx-proxy is preferable, I updated my version of the gist, thanks @optimistic5

thank you guys @optimistic5 @vpkopylov , I got it, I'm following the version forked by @vpkopylov