Self-hosted personal finance manager

Table of Contents


This post is about self-hosting the personal finance manager app firefly-iii. The prerequisites are:

Install firefly

Some of the following steps are an excerpt from the documentation available at

Set up env variables

Firefly is configurable via a .env file. Download the basic configuration from the official github repository and store it as firefly.env in your server’s workspace folder (where you want to have all files for docker and firefly).

Create a docker-compose.yml file

We will use docker-compose to manage all the services required by firefly. The tutorial from the firefly docs provides and example docker-compose.yml. Here is my modified version:

version: "3.3"
    image: fireflyiii/core:latest
    restart: always
      - firefly_iii_upload:/var/www/html/storage/upload
    env_file: firefly.env
      - 8080:8080
      - fireflydb
    image: mariadb
    hostname: fireflyiiidb
    restart: always
      - MYSQL_USER=firefly
      - MYSQL_DATABASE=firefly
      - firefly_iii_db:/var/lib/mysql

The values you need to adapt are:

  • the port and
  • the password for the database.

Start up everything with

docker-compose up -d firefly-app firefly-db

Check the status of the containers with

docker ps

which should show a similar output to

CONTAINER ID   IMAGE                    COMMAND                  CREATED        STATUS                 PORTS                                       NAMES
582fa3bee42f   fireflyiii/core:latest   "/usr/local/bin/entr…"   4 hours ago    Up 4 hours (healthy)>8080/tcp, :::8080->8080/tcp   services_firefly-app_1
443e260b8aec   mariadb                  "docker-entrypoint.s…"   18 hours ago   Up 17 hours            3306/tcp                                    services_firefly-db_1

You should be able to access the firefly web interface by visiting http://YOUR_SERVER_IP_ADDRESS:8080/.

Configure nginx

The goal of this section is to set up nginx with an SSL certificate as a reverse-proxy to host the firefly app.

First, make sure to create a new A Record for the subdomain you want to host the app on. It should have the form of and point to your server’s IP address.

Create a new server configuration to set up nginx as a reverse-proxy for firefly:

touch /etc/nginx/sites-available/firefly.conf

and populate the file with the following content:

Listing 1: nginx server block configuration.

server {

    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        client_max_body_size 64M;
        proxy_read_timeout 300s;

Enable the site by creating a symlink in the sites-enabled folder:

ln -s /etc/nginx/sites-available/firefly.conf /etc/nginx/sites-enabled/

Create an SSL certificate


certbot --nginx

and follow the instructions to create a certificate for your server. This step touches the configuration file in Listing 1 and

  1. extends the old server block with certificate settings,
  2. and adds a new server block.
server {

    location / {
        # ...

    # SSL configuration
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    return 404; # managed by Certbot

Restart nginx with new configuration

Check the nginx configuration by running

nginx -t

and, if everything is fine, restart it with

systemctl restart nginx

Firefly should now be available through a secure connection via your subdomain.

Peter W. Egger
Peter W. Egger
Software Engineer / Data Scientist

Maker culture enthusiast and aspiring data scientist.