Self hosting Grocy
- Atul
- Technology , Web , Free software , The big o community , Self hosting
- June 2, 2025
Table of Contents
Self hosting Grocy
๐ฐ The Great Grocy Kingdom Setup Guide ๐ฐ
A tale of establishing the mighty Grocy ERP realm in the cloud kingdoms using the ancient Docker magic โ๏ธ
๐ก๏ธ Prerequisites - Gathering Your Arsenal
Before we embark on this grand adventure, ensure your VPS kingdom has these magical artifacts:
- ๐ง Debian server (your trusty steed)
- ๐ณ Docker & Docker Compose installed
- ๐ SSH access to your realm
- ๐ Domain name (optional, but recommended for HTTPS enchantments)
๐ Step 1: Preparing the Docker Spellbook
First, let’s ensure Docker is properly summoned in your kingdom:
# Update the royal archives
sudo apt update && sudo apt upgrade -y
# Install Docker if not already present
sudo apt install docker.io docker-compose -y
# Grant your user the power to command Docker
sudo usermod -aG docker $USER
# Logout and login again to activate the powers
๐๏ธ Step 2: Creating the Grocy Fortress Structure
Create a sacred directory structure for your Grocy realm:
# Create the main fortress
mkdir -p ~/grocy-kingdom/{data,config}
cd ~/grocy-kingdom
๐ Step 3: The Docker Compose Grimoire
Create the magical docker-compose.yml
scroll:
version: "3.8"
services:
grocy:
image: lscr.io/linuxserver/grocy:latest
container_name: grocy-castle
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London # ๐ Adjust to your kingdom's timezone
volumes:
- ./config:/config
- ./data:/data
ports:
- "9283:80" # ๐ช The main gate to your kingdom
restart: unless-stopped
networks:
- grocy-network
networks:
grocy-network:
driver: bridge
โก Step 4: Summoning the Grocy Spirit
Cast the Docker spell to bring Grocy to life:
# Launch the kingdom!
docker-compose up -d
# Check if your subjects are loyal (containers running)
docker-compose ps
# Peek into the castle logs if needed
docker-compose logs grocy
๐ก๏ธ Step 5: Securing the Realm with Your Existing Nginx ๐
Since you already have Nginx installed on your Debian system, we’ll configure it as a reverse proxy instead of using Docker Nginx. This is actually better!
Option A: Simple HTTP Reverse Proxy ๐
Create a new site configuration file:
# Create the configuration file
sudo nano /etc/nginx/sites-available/grocy
Add this configuration:
server {
listen 80;
server_name your-domain.com; # Replace with your domain or IP
# Optional: Redirect to HTTPS (if you plan to use SSL)
# return 301 https://$server_name$request_uri;
location / {
proxy_pass http://127.0.0.1:9283;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support (if needed)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeout settings
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
Enable the site:
# Enable the configuration
sudo ln -s /etc/nginx/sites-available/grocy /etc/nginx/sites-enabled/
# Test the configuration
sudo nginx -t
# Reload Nginx
sudo systemctl reload nginx
Option B: HTTPS with Let’s Encrypt SSL ๐
If you want SSL (recommended for production):
# Install Certbot for Let's Encrypt
sudo apt install certbot python3-certbot-nginx -y
# Create the HTTP configuration first (same as above)
sudo nano /etc/nginx/sites-available/grocy
Use this enhanced configuration:
server {
listen 80;
server_name your-domain.com; # Replace with your actual domain
# Let's Encrypt challenge location
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# Redirect all other traffic to HTTPS
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
server_name your-domain.com;
# SSL certificates (will be added by certbot)
# ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://127.0.0.1:9283;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeout settings
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
Then get your SSL certificate:
# Enable the site
sudo ln -s /etc/nginx/sites-available/grocy /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
# Get SSL certificate (replace with your domain and email)
sudo certbot --nginx -d your-domain.com --email your@email.com --agree-tos --no-eff-email
# Certbot will automatically update your Nginx config with SSL settings
Updated Docker Compose (Remove Port Exposure) ๐ณ
Since Nginx will handle external access, modify your docker-compose.yml
:
version: "3.8"
services:
grocy:
image: lscr.io/linuxserver/grocy:latest
container_name: grocy-castle
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- ./config:/config
- ./data:/data
ports:
- "127.0.0.1:9283:80" # ๐ Only bind to localhost
restart: unless-stopped
# No need for custom networks when using system Nginx
Testing Your Setup ๐งช
# Check if Grocy is running
docker-compose ps
# Test direct access (should work)
curl http://127.0.0.1:9283
# Test through Nginx (should work)
curl http://your-domain.com
# Check Nginx status
sudo systemctl status nginx
# View Nginx logs if issues
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
๐๏ธ Step 6: Entering Your Kingdom
- Direct Access: Visit
http://your-vps-ip:9283
- With Domain: Visit
http://your-domain.com
(if using Nginx)
Default Royal Credentials ๐:
- Username:
admin
- Password:
admin
๐จ IMPORTANT: Change these immediately after first login!
๐ง Step 7: Kingdom Maintenance Spells
Regular Maintenance Incantations:
# Update your kingdom to the latest version
docker-compose pull
docker-compose up -d
# Backup your royal data
tar -czf grocy-backup-$(date +%Y%m%d).tar.gz config/ data/
# View kingdom status
docker-compose ps
# Enter the castle for debugging
docker exec -it grocy-castle /bin/bash
# Restart the entire realm
docker-compose restart
# Stop the kingdom
docker-compose down
# Completely rebuild (nuclear option)
docker-compose down -v
docker-compose up -d
๐ ๏ธ Step 8: Advanced Kingdom Customizations
Environment Variables Magic โจ
Add these to your docker-compose.yml
environment section:
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- MAX_UPLOAD=50M # Max file upload size
- GROCY_CULTURE=en # Language setting
- GROCY_CURRENCY=USD # Currency setting
Firewall Protection Spell ๐ฅ
# Allow only necessary ports
sudo ufw allow 22/tcp # SSH
sudo ufw allow 80/tcp # HTTP
sudo ufw allow 443/tcp # HTTPS
sudo ufw allow 9283/tcp # Grocy (if direct access needed)
sudo ufw enable
๐ฏ Troubleshooting Potions
Common Kingdom Issues & Solutions:
๐ Container won’t start:
docker-compose logs grocy
# Check for permission issues or port conflicts
๐ Can’t access from outside:
# Check firewall rules
sudo ufw status
# Verify port binding
netstat -tlnp | grep 9283
๐ Data not persisting:
# Check volume mounts and permissions
ls -la ~/grocy-kingdom/
sudo chown -R 1000:1000 ~/grocy-kingdom/
๐ Victory! Your Kingdom Awaits
Congratulations, brave administrator! Your Grocy ERP kingdom now stands mighty in the cloud realms. You can now:
- ๐ฆ Manage your household inventory
- ๐ Track shopping lists
- ๐ Monitor consumption patterns
- ๐ฝ๏ธ Plan meals and recipes
- ๐ Handle chores and tasks
May your kingdom prosper and your groceries never expire! ๐ฐโจ
Remember: With great power comes great responsibility. Keep your kingdom updated and your data backed up! ๐ก๏ธ