A modern Kimai setup using docker-compose and nginx
This is the setup I use to run multiple productive kimai instances. In my example, I create the files in /opt/kimai-mydomain. The folder name is not critical, but it is helpful to distinguish multiple indepedent kimai instances.
First, let’s create /opt/kimai-mydomain/docker-compose.yml. You don’t need to modify anything in this file as every relevant configuration is loaded from .env using environment variables.
services:
mariadb:
image: mariadb:latest
environment:
- MYSQL_DATABASE=kimai
- MYSQL_USER=kimai
- MYSQL_PASSWORD=${MARIADB_PASSWORD}
- MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
volumes:
- ./mariadb_data:/var/lib/mysql
command: --default-storage-engine innodb
restart: unless-stopped
healthcheck:
test: mysqladmin -p${MARIADB_ROOT_PASSWORD} ping -h localhost
interval: 20s
start_period: 10s
timeout: 10s
retries: 3
kimai:
image: kimai/kimai2:apache-debian-master-prod
environment:
- APP_ENV=prod
- TRUSTED_HOSTS=localhost,${HOSTNAME}
- [email protected]
- ADMINPASS=${KIMAI_ADMIN_PASSWORD}
- DATABASE_URL=mysql://kimai:${MARIADB_PASSWORD}@mariadb/kimai
volumes:
- ./kimai_var:/opt/kimai/var
ports:
- '17919:8001'
depends_on:
- mariadb
restart: unless-stopped
Now we’ll create the configuration in /opt/kimai-mydomain/.env:
MARIADB_ROOT_PASSWORD=eishi5Pae3chai1Aeth2wiuCh7Ahhi
MARIADB_PASSWORD=su1aesheereithubo0iedootaeRooT
KIMAI_ADMIN_PASSWORD=toiWaeShaiz5Yeifohngu6chunuo6C
KIMAI_ADMIN_EMAIL=[email protected]
HOSTNAME=kimai.mydomain.com
Generate random passwords for .env ! Do NOT leave the default passwords in .env !
You also need to set KIMAI_ADMIN_EMAIL and HOSTNAME correctly.
We can now create the kimai data directory and set the correct permissions:
mkdir -p kimai_var
chown -R 33:33 kimai_var
(33 is the user ID and group ID of the www-data user inside the container)
Now, we will initialize the kimai database and the user:
docker-compose run kimai console kimai:install -n
Once you see a line like
[Sun Mar 07 23:53:35.986477 2021] [core:notice] [pid 50] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'
stop the process using Ctrl+Cas this means that Kimai has finished installing.
Now we can create a systemd service that automatically starts Kimai using TechOverflow’s method from Create a systemd service for your docker-compose project in 10 seconds:
curl -fsSL https://techoverflow.net/scripts/create-docker-compose-service.sh | sudo bash /dev/stdin
Now we only need to create an nginx config for reverse proxying of your Kimai domain. There is nothing special to be considered for the config, hence I’ll show my config just as an example that you can copy and paste.
server {
server_name kimai.mydomain.com;
location / {
proxy_pass http://localhost:17919/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_redirect default;
}
listen [::]:443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/kimai.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/kimai.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}
server {
if ($host = kimai.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name kimai.mydomain.com;
listen [::]:80; # managed by Certbot
return 404; # managed by Certbot
}
After setting up your config - **I always recommend to setup TLS using Let’s Encrypt, even for test setups,**open your Browser and go to your Kimai domain, e.g. to https://kimai.mydomain.com. You can directly login to kimai using KIMAI_ADMIN_EMAIL and KIMAI_ADMIN_PASSWORD as specified in .env.