Firefly III Docker
Self-hosted financial manager.
This setup will focus on creating a docker-based reverse proxy, enforcing SSL for all connections to docker containers using Let’s Encrypt.
See Firefly Docker and Documentation.
Ports
Firefly Ports
Port
Protocol
Type
Purpose
443
TCP
PUBLIC
HTTPS connections
80
TCP
PRIVATE
Firefly web UI
5432
TCP
PRIVATE
Postgres SQL
Updated: None
Files
Firefly Files
Location
Purpose
/var/www/firefly-iii/storage/export
Exported data location
/var/www/firefly-iii/storage/upload
Uploaded docs location
/var/lib/postgresql/data
Postgres DB
Updated: None
Docker Creation
Firefly runs a frontend webservice with a backend postgres SQL database. Local storage should be locked down to prevent sensitive data from leaking.
firefly:
image: jc5x/firefly-iii
restart: unless-stopped
environment:
- FF_DB_HOST=firefly_iii_db
- FF_DB_NAME=firefly
- FF_DB_USER={DB USER}
- FF_DB_PASSWORD={DB PASS}
- FF_APP_KEY={32 CHAR APP KEY WITHOUT %*#$&}
- FF_APP_ENV=local
- FF_DB_CONNECTION=pgsql
- TZ=America/Los_Angeles
- APP_URL=https://firefly.{DOMAIN}
- TRUSTED_PROXIES={PROXY IP ADDRESS}
- APP_LOG_LEVEL=debug
volumes:
- /data/services/firefly/export:/var/www/firefly-iii/storage/export
- /data/services/firefly/upload:/var/www/firefly-iii/storage/upload
- /etc/localtime:/etc/localtime:ro
firefly_db:
image: postgres:10
restart: unless-stopped
environment:
- POSTGRES_PASSWORD={DB PASS}
- POSTGRES_USER={DB USER}
- TZ=America/Los_Angeles
volumes:
- /data/services/firefly/db:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
Docker container should be run in an isolated network given the sensitive nature of the data.
TRUSTED_PROXIESshould be set to the known proxy IP address so all other connections are denied by default. Setting to**will enable all connections (insecure).Additional environment settings here.
Reverse Proxy Setup
Allows you to isolate your containers as well as wrap connections in SSL. See NGINX for more details. See Setup Base Proxy Control for basic proxy configuration.
Using Subdomains
nginx/conf.d/reverse-proxy.confserver {
listen 443 ssl http2;
server_name firefly.{DOMAIN} firefly;
location / {
proxy_bind {PROXY IP ON FIREFLY NETWORK};
proxy_pass http://firefly/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
See subdomain reference.
Postgress Backend
Just include the external network and remove the DB docker definition if using an external Postgres backend. Use external DB credentials in firefly DB config section.
networks:
db:
external: True
firefly:
image: jc5x/firefly-iii
networks:
- db
Initial Setup
Start firefly and setup the initial database. This only needs to be done on initial container creation.
docker-compose up -d
docker-compose exec firefly php artisan migrate --seed
docker-compose exec firefly php artisan firefly:upgrade-database
docker-compose exec firefly php artisan firefly:verify
docker-compose exec firefly php artisan cache:clear
Login to Site, first user created is an administrator.
Verify Password Security
Administration › Configuration
☑
Verify password security
Updated: None
Note
Verifying password security checks that the password used is not in known password dumps. See linked documentation for more details.
Firefly Gotchas
Attachment Disappears
There is a hard 2MB limit from lavarel. This will be displayed as
uploading successfully but will be sliently dropped.
References