Setup with a reverse proxy and custom domain

In this guide we will cover the setup of Grimoire with a simple reverse proxy. We will use Traefik as an example, but you can use any other reverse proxy of your choice.

What we want to achieve is to have Grimoire and PocketBase running behind the reverse proxy, so that we can access them using the same domain name, but different paths.

Thanks to that, we can have the following URLs:

https://grimoire.[your-domain.com]/pb - for PocketBase API
https://grimoire.[your-domain.com]/pb/_/ - for PocketBase admin panel
https://grimoire.[your-domain.com] - for Grimoire

warning

Disclaimer: This guide is not meant to be used in production. It's just a simple example of how you can run Grimoire and PocketBase behind a reverse proxy. If you want to use it in production, please make sure to secure your installation properly.

Prerequisites

All prerequisites are meant for the machine that will be running the reverse proxy.

Steps

1. Clone the repository

For the sake of simplicity, we will clone the repository to the same machine that will be running the reverse proxy. If you really want to get as few files as possible, you can just copy the docker-compose.yml file, the .env.example file and the whole pb_migrations/ directory.

git clone https://github.com/goniszewski/grimoire

2. Rename the `.env.example` file to `.env` and update it

mv .env.example .env

Then update the .env file to set the initial admin user credentials and the domain name you want to use:

.env
PUBLIC_POCKETBASE_URL=https://grimoire.[your-domain.com]/pb
ROOT_ADMIN_EMAIL=[your-email]
ROOT_ADMIN_PASSWORD=[secure-password]
PUBLIC_ORIGIN=https://grimoire.[your-domain.com]
PUBLIC_HTTPS_ONLY=false
PORT=5173
PUBLIC_SIGNUP_DISABLED=false # set to true if you want to disable public signup

3. Update the `docker-compose.yml` file to add reverse proxy

note

If you want to use an already existing Traefik installation, you can skip this step.

Under services: add the following:

docker-compose.yml
  reverse-proxy:
    image: traefik:v2.10
    container_name: reverse-proxy
    command:
      - --api.insecure=true
      - --providers.docker
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    depends_on:
      - pocketbase
      - grimoire

4. Add labels and network mode to the `grimoire` and `pocketbase` services

After the env_file: .env for Pocketbase add the following:

docker-compose.yml
    labels:
      - traefik.http.routers.grimoire-pocketbase.rule=Host(`grimoire.[your-domain.com]`) && PathPrefix(`/pb/`)
      - traefik.http.middlewares.grimoire-pocketbase.stripprefix.prefixes=/pb
      - traefik.http.routers.grimoire-pocketbase.middlewares=grimoire-pocketbase
    # network_mode: bridge # uncomment this line if you're using external Traefik installation

And similarly, after the env_file: .env for Grimoire add the following:

docker-compose.yml
    labels:
      - traefik.http.routers.grimoire.rule=Host(`grimoire.[your-domain.com]`)
    # network_mode: bridge # uncomment this line if you're using external Traefik installation

5. Let's review the `docker-compose.yml` file

Depending on your setup, your docker-compose.yml file should look similar to this:

docker-compose.yml
version: '3.7'
services:
  reverse-proxy:
    image: traefik:v2.10
    container_name: reverse-proxy
    command:
      - --api.insecure=true
      - --providers.docker
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
    ports:
      - '80:80'
      - '443:443'
      - '8080:8080'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    depends_on:
      - pocketbase
  pocketbase:
    image: spectado/pocketbase:0.19.2
    container_name: grimoire-pocketbase
    restart: unless-stopped
    ports:
      - '8090:80'
    volumes:
      - ./pb_data:/pb_data
      - ./pb_migrations:/pb_migrations/
    healthcheck:
      test: wget --no-verbose --tries=1 --spider http://localhost:80/api/health || exit 1
      interval: 5s
      timeout: 5s
      retries: 5
    env_file: .env
    # network_mode: bridge
    labels:
      - traefik.http.routers.grimoire-pocketbase.rule=Host(`grimoire.[your-domain.com]`) && PathPrefix(`/pb/`)
      - traefik.http.middlewares.grimoire-pocketbase.stripprefix.prefixes=/pb
      - traefik.http.routers.grimoire-pocketbase.middlewares=grimoire-pocketbase
  grimoire:
    image: goniszewski/grimoire:latest
    container_name: grimoire
    restart: unless-stopped
    env_file: .env
    # network_mode: bridge
    labels:
      - traefik.http.routers.grimoire.rule=Host(`grimoire.[your-domain.com]`)
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - '$PORT:$PORT'
    depends_on:
      - pocketbase

If everything looks good, let's move on to the next step!

6. Pull and run the containers

Now we'll use the Docker Compose to pull the containers and run the application:

docker compose up

Or if you want to run it in the background:

docker compose up -d

7. Open the application in your browser

Well done! Now go to https://grimoire.[your-domain.com] and check if everything works as expected.

More information

This guide was made while setting up Grimoire to use a custom domain with Cloudflare. Every step was thoroughly tested, including the use of an existing Traefik installation on a Debian server.

Setup with a reverse proxy and custom domain

Prerequisites​

Steps​

1. Clone the repository​

2. Rename the .env.example file to .env and update it​

3. Update the docker-compose.yml file to add reverse proxy​

4. Add labels and network mode to the grimoire and pocketbase services​

5. Let's review the docker-compose.yml file​

6. Pull and run the containers​

7. Open the application in your browser​

More information​