[DEPRECATED] How to setup Firefly III in 10 min with NGINX and auto-renewal SSL

FireflyIII-in-10-min.md

I would like to tell how to setup Firefly III with auto-renewal SSL in docker-compose.

We will use jwilder.

This is NGINX which will be follow all containers and issue Let's encrypt certificates for them.

0. Prepare server or rent VPS. I use hostens VPS, you can use my referral link, plus google some promotional code and it will be very cheap and good VPS.

I use Ubuntu 18.04.

You also need the domain name with А DNS record pointed to your server.

1. Install docker and docker-compose

2. Create folder nginx-proxy and docker-compose.yml inside this folder

mkdir nginx-proxy
cd nginx-proxy
vim docker-compose.yml

docker-compose.yml

version: '3'
services:
  nginx-proxy:
    image: jwilder/nginx-proxy:alpine
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./current/public:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro
      - ./vhost:/etc/nginx/vhost.d
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./pass:/etc/nginx/htpasswd:ro
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    environment:
      NGINX_PROXY_CONTAINER: nginx-proxy
      NGINX_DOCKER_GEN_CONTAINER: nginx-proxy
    volumes:
      - ./certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./vhost:/etc/nginx/vhost.d
      - ./current/public:/usr/share/nginx/html
networks:
  default:
    external:
      name: nginx-proxy

3. Create external network first and than you can start this docker-compose

docker network create nginx-proxy
docker-compose up -d

4. Return to your home folder and create firefly-iii folder. And docker-compose.yml in it. Copy content of official docker-compose.yml file and paste it.

cd
mkdir firefly-iii
cd firefly-iii
vim docker-compose.yml

change this block:

ports:
      - 80:8080

to this:

expose:
      - 8080

Also add this block in the end of file:

networks:
  default:
    external:
      name: nginx-proxy

It means that firefly instance will be running in one network with nginx-proxy.

Reference: official documentation about Firefly III in docker and cron.

5. Create .env file near your docker-compose.yml file. Copy content of .env file from official link and paste it.

vim .env

Add this block to the .env file:

VIRTUAL_HOST=your_domain
VIRTUAL_PORT=8080
LETSENCRYPT_HOST=your_domain
LETSENCRYPT_EMAIL=info@your_domain

Replace your_domain with domain pointed to this server.

Please note, that these environment variables required for nginx-proxy jwilder.

firefly-iii and jwilder will work in the same network.

And in order to proxy firefly-iii jwilder need to see these envs.

Also edit TRUSTED_PROXIES variable to be TRUSTED_PROXIES=** Check other variables in file.

6. You can now start your Firefly III instance

docker-compose up -d

Just after this command jwilder will proxy Firefly III instance with your domain and auto issue SSL for you. It also will check expiration date for SSL cert and auto-renew it when necessary.

BONUS

7. Update to the latest version of Firefly III in one command!

This command will connect your VPS via SSH, update your Firefly III and delete unused docker images.

ssh YOU_SERVER_USER@YOUR_SERVER_IP "cd firefly-iii && docker-compose down && docker-compose pull && docker-compose up -d && docker system prune --all"

8. Backup your DB every day.

8.1 In your docker-compose.yml change MYSQL_RANDOM_ROOT_PASSWORD=yes to MYSQL_ROOT_PASSWORD=SomeStrongPass.

Restart you docker-compose with docker-compose up -d --force-recreate

8.2 Create create_backup.sh file and chmod it with command chmod +x create_backup.sh. Create db-backup folder for backups.

8.3 Paste this to create_backup.sh file:

#!/bin/bash
ls -1 ~/firefly-iii/db-backup/backup_* | sort -r | tail -n +6 | xargs rm > /dev/null 2>&1
docker exec -it firefly-iii_fireflyiiidb_1 mysqldump -p'SomeStrongPass' firefly > ~/firefly-iii/db-backup/backup_$(date +"%m-%d-%y").sql

8.4 Setup cronjob.

crontab -e

Paste this: 0 0 * * * bash /home/vigrid/firefly-iii-v/create_backup.sh

add empty line in the end of file.

8.5 This will automaticaly creates backups every day and keeps last 6 backups.

Just go to your firefly url and add /profile
your-firefly-url.com/profile

But in the stage where you have to put the Token, the FireflyIII is not yet available

Just go to your firefly url and add /profile
your-firefly-url.com/profile

But in the stage where you have to put the Token, the FireflyIII is not yet available

Ok 😃
Start FireFly and then configure token.

Hi Optimistic5, I am now struggling with latest update, Firefly III now uses port 8080, instead of 80. Can you tell me how to update to keep it working?
Using the update script gives the following error in Nginx:
nginx-proxy_1 | nginx.1 | 2020/07/27 08:46:07 [error] 33#33: *4 connect() failed (111: Connection refused) while connecting to upstream, client: , server: , request: "GET / HTTP/2.0", upstream: "http://172.18.0.6:80/", host: ""

Hi Optimistic5, I am now struggling with latest update, Firefly III now uses port 8080, instead of 80. Can you tell me how to update to keep it working?
Using the update script gives the following error in Nginx:
nginx-proxy_1 | nginx.1 | 2020/07/27 08:46:07 [error] 33#33: *4 connect() failed (111: Connection refused) while connecting to upstream, client: , server: , request: "GET / HTTP/2.0", upstream: "http://172.18.0.6:80/", host: ""

Hi.
Please, explore my latest revision of this gist.
I just changed exported port from 80 to 8080.
It should works.

Thanks for your quick response, I changed the docker-compose.yml, executed:
cd firefly-iii && docker-compose stop firefly_iii_app && docker-compose rm && docker-compose pull firefly_iii_app && docker-compose up -d
did a reboot of the vps
but nginx still gives the same error. Do I need to change something in nginx to point it to the new port?

Thanks for your quick response, I changed the docker-compose.yml, executed:
cd firefly-iii && docker-compose stop firefly_iii_app && docker-compose rm && docker-compose pull firefly_iii_app && docker-compose up -d
did a reboot of the vps
but nginx still gives the same error. Do I need to change something in nginx to point it to the new port?

I updated gist, please check it.
after this execute the following command inside firefly-iii and nginx-proxy folder
docker-compose up -d --force-recreate

it will reboot the containers, not need to reboot your vps.
check the logs of nginx one more time.
make sure this is new log (check timestamp).

Perfect! Thank you very much!

Any suggestions for how to deal with this error?

ERROR: for fireflyiii  Cannot start service fireflyiii: driver failed programming external connectivity on endpoint firefly_fireflyiii_1 (deb6981efa5f6cd2c68a3d7fdcd3673a5af2a0bc8393a214dc71c9e3c66cb750): Bind for 0.0.0.0:80 failed: port is already allocated

only thing running on that port 80 is the nginx proxy

Any suggestions for how to deal with this error?

I update my gist, please, check this chages

Both nginx and firefly wants to run on 80 port.
There are no need to expose port of firefly to your host, expose will be enough.

hi, could you please also provide some direction on how to integrate FIDI into this setup, using the same docker setup; official site does have the documentation that I had working, but not sure how it should play out with the nginx-proxy addition into the mix, specially if I want to use the same domain name with a different port for FIDI.

thanks

i attemped to add the below to my .fidi.env
it get's the main FIDI page, but missing scripts so it doesn't render completely, and then gets stuck on https://domainname/token (bad gateway)

VIRTUAL_HOST=<same domain as FireflyIII>
VIRTUAL_PORT=8080
VIRTUAL_PATH=/fidi
VIRTUAL_DEST=/

Great, by following those steps i broke my working instance...

I created a fork of this gist. It uses the recent Firefly version and the structure is simplified. Also added some additional explanations and minor improvements.

I want to run three application behind NGINX as a reverse proxy. Firefly III, PiHole and HomeAssistant. I've been trying it just with NGINX image and the other applications images, but I can't reach my goal.
Also, I want to run it just locally, in a local server, and I'll export the access to these applications through a VPN (Tailscale), so, I won't have a public domain, I just want to use virtual hosts that will work like domains for my local network and to the devices connected in my VPN.
Do you have some ideia whether is it possible using this approach with the nginx-proxy container?

Thanks in advance, great work!

I marked this gist as deprecated due to the reason that currently mariadb is recommended DB.

Do you have some ideia whether is it possible using this approach with the nginx-proxy container?

You can use official documentation for local setup. Add nginx-proxy (by the way image path now is nginxproxy/nginx-proxy and it should work.

For backwards compatibility jjwilded/nginx-proxy now is an alias to nginxproxy/nginx-proxy, so there is no difference between them, but yes using nginxproxy/nginx-proxy is preferable, I updated my version of the gist, thanks @optimistic5

thank you guys @optimistic5 @vpkopylov , I got it, I'm following the version forked by @vpkopylov