Setup with a reverse proxy and custom domain
In this guide we will cover the setup of Grimoire with a simple reverse proxy. We will use Traefik as an example, but you can use any other reverse proxy of your choice.
What we want to achieve is to have Grimoire and PocketBase running behind the reverse proxy, so that we can access them using the same domain name, but different paths.
Thanks to that, we can have the following URLs:
https://grimoire.[your-domain.com]/pb
- for PocketBase APIhttps://grimoire.[your-domain.com]/pb/_/
- for PocketBase admin panelhttps://grimoire.[your-domain.com]
- for Grimoire
Disclaimer: This guide is not meant to be used in production. It's just a simple example of how you can run Grimoire and PocketBase behind a reverse proxy. If you want to use it in production, please make sure to secure your installation properly.
Prerequisites
All prerequisites are meant for the machine that will be running the reverse proxy.
Steps
1. Clone the repository
For the sake of simplicity, we will clone the repository to the same machine that will be running the reverse proxy. If you really want to get as few files as possible, you can just copy the docker-compose.yml
file, the .env.example
file and the whole pb_migrations/
directory.
git clone https://github.com/goniszewski/grimoire
2. Rename the .env.example
file to .env
and update it
mv .env.example .env
Then update the .env
file to set the initial admin user credentials and the domain name you want to use:
PUBLIC_POCKETBASE_URL=https://grimoire.[your-domain.com]/pb
ROOT_ADMIN_EMAIL=[your-email]
ROOT_ADMIN_PASSWORD=[secure-password]
PUBLIC_ORIGIN=https://grimoire.[your-domain.com]
PUBLIC_HTTPS_ONLY=false
PORT=5173
PUBLIC_SIGNUP_DISABLED=false # set to true if you want to disable public signup
3. Update the docker-compose.yml
file to add reverse proxy
If you want to use an already existing Traefik installation, you can skip this step.
Under services:
add the following:
reverse-proxy:
image: traefik:v2.10
container_name: reverse-proxy
command:
- --api.insecure=true
- --providers.docker
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- pocketbase
- grimoire
4. Add labels and network mode to the grimoire
and pocketbase
services
After the env_file: .env
for Pocketbase
add the following:
labels:
- traefik.http.routers.grimoire-pocketbase.rule=Host(`grimoire.[your-domain.com]`) && PathPrefix(`/pb/`)
- traefik.http.middlewares.grimoire-pocketbase.stripprefix.prefixes=/pb
- traefik.http.routers.grimoire-pocketbase.middlewares=grimoire-pocketbase
# network_mode: bridge # uncomment this line if you're using external Traefik installation
And similarly, after the env_file: .env
for Grimoire
add the following:
labels:
- traefik.http.routers.grimoire.rule=Host(`grimoire.[your-domain.com]`)
# network_mode: bridge # uncomment this line if you're using external Traefik installation
5. Let's review the docker-compose.yml
file
Depending on your setup, your docker-compose.yml
file should look similar to this:
version: '3.7'
services:
reverse-proxy:
image: traefik:v2.10
container_name: reverse-proxy
command:
- --api.insecure=true
- --providers.docker
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
ports:
- '80:80'
- '443:443'
- '8080:8080'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- pocketbase
pocketbase:
image: spectado/pocketbase:0.19.2
container_name: grimoire-pocketbase
restart: unless-stopped
ports:
- '8090:80'
volumes:
- ./pb_data:/pb_data
- ./pb_migrations:/pb_migrations/
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:80/api/health || exit 1
interval: 5s
timeout: 5s
retries: 5
env_file: .env
# network_mode: bridge
labels:
- traefik.http.routers.grimoire-pocketbase.rule=Host(`grimoire.[your-domain.com]`) && PathPrefix(`/pb/`)
- traefik.http.middlewares.grimoire-pocketbase.stripprefix.prefixes=/pb
- traefik.http.routers.grimoire-pocketbase.middlewares=grimoire-pocketbase
grimoire:
image: goniszewski/grimoire:latest
container_name: grimoire
restart: unless-stopped
env_file: .env
# network_mode: bridge
labels:
- traefik.http.routers.grimoire.rule=Host(`grimoire.[your-domain.com]`)
build:
context: .
dockerfile: Dockerfile
ports:
- '$PORT:$PORT'
depends_on:
- pocketbase
If everything looks good, let's move on to the next step!
6. Pull and run the containers
Now we'll use the Docker Compose to pull the containers and run the application:
docker compose up
Or if you want to run it in the background:
docker compose up -d
7. Open the application in your browser
Well done! Now go to https://grimoire.[your-domain.com]
and check if everything works as expected.
More information
This guide was made while setting up Grimoire to use a custom domain with Cloudflare. Every step was thoroughly tested, including the use of an existing Traefik installation on a Debian server.