Self hosting Grocy

Table of Contents

Self hosting Grocy

๐Ÿฐ The Great Grocy Kingdom Setup Guide ๐Ÿฐ

A tale of establishing the mighty Grocy ERP realm in the cloud kingdoms using the ancient Docker magic โš—๏ธ

๐Ÿ—ก๏ธ Prerequisites - Gathering Your Arsenal

Before we embark on this grand adventure, ensure your VPS kingdom has these magical artifacts:

  • ๐Ÿง Debian server (your trusty steed)
  • ๐Ÿณ Docker & Docker Compose installed
  • ๐Ÿ”‘ SSH access to your realm
  • ๐ŸŒ Domain name (optional, but recommended for HTTPS enchantments)

๐Ÿ“œ Step 1: Preparing the Docker Spellbook

First, let’s ensure Docker is properly summoned in your kingdom:

# Update the royal archives
sudo apt update && sudo apt upgrade -y

# Install Docker if not already present
sudo apt install docker.io docker-compose -y

# Grant your user the power to command Docker
sudo usermod -aG docker $USER

# Logout and login again to activate the powers

๐Ÿ—๏ธ Step 2: Creating the Grocy Fortress Structure

Create a sacred directory structure for your Grocy realm:

# Create the main fortress
mkdir -p ~/grocy-kingdom/{data,config}
cd ~/grocy-kingdom

๐Ÿ“‹ Step 3: The Docker Compose Grimoire

Create the magical docker-compose.yml scroll:

version: "3.8"

services:
  grocy:
    image: lscr.io/linuxserver/grocy:latest
    container_name: grocy-castle
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London # ๐Ÿ• Adjust to your kingdom's timezone
    volumes:
      - ./config:/config
      - ./data:/data
    ports:
      - "9283:80" # ๐Ÿšช The main gate to your kingdom
    restart: unless-stopped
    networks:
      - grocy-network

networks:
  grocy-network:
    driver: bridge

โšก Step 4: Summoning the Grocy Spirit

Cast the Docker spell to bring Grocy to life:

# Launch the kingdom!
docker-compose up -d

# Check if your subjects are loyal (containers running)
docker-compose ps

# Peek into the castle logs if needed
docker-compose logs grocy

๐Ÿ›ก๏ธ Step 5: Securing the Realm with Your Existing Nginx ๐Ÿ”’

Since you already have Nginx installed on your Debian system, we’ll configure it as a reverse proxy instead of using Docker Nginx. This is actually better!

Option A: Simple HTTP Reverse Proxy ๐Ÿ“„

Create a new site configuration file:

# Create the configuration file
sudo nano /etc/nginx/sites-available/grocy

Add this configuration:

server {
    listen 80;
    server_name your-domain.com;  # Replace with your domain or IP

    # Optional: Redirect to HTTPS (if you plan to use SSL)
    # return 301 https://$server_name$request_uri;

    location / {
        proxy_pass http://127.0.0.1:9283;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket support (if needed)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Timeout settings
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }
}

Enable the site:

# Enable the configuration
sudo ln -s /etc/nginx/sites-available/grocy /etc/nginx/sites-enabled/

# Test the configuration
sudo nginx -t

# Reload Nginx
sudo systemctl reload nginx

Option B: HTTPS with Let’s Encrypt SSL ๐Ÿ”

If you want SSL (recommended for production):

# Install Certbot for Let's Encrypt
sudo apt install certbot python3-certbot-nginx -y

# Create the HTTP configuration first (same as above)
sudo nano /etc/nginx/sites-available/grocy

Use this enhanced configuration:

server {
    listen 80;
    server_name your-domain.com;  # Replace with your actual domain

    # Let's Encrypt challenge location
    location /.well-known/acme-challenge/ {
        root /var/www/html;
    }

    # Redirect all other traffic to HTTPS
    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl http2;
    server_name your-domain.com;

    # SSL certificates (will be added by certbot)
    # ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
    # ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;

    # SSL settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    location / {
        proxy_pass http://127.0.0.1:9283;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Timeout settings
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }
}

Then get your SSL certificate:

# Enable the site
sudo ln -s /etc/nginx/sites-available/grocy /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

# Get SSL certificate (replace with your domain and email)
sudo certbot --nginx -d your-domain.com --email your@email.com --agree-tos --no-eff-email

# Certbot will automatically update your Nginx config with SSL settings

Updated Docker Compose (Remove Port Exposure) ๐Ÿณ

Since Nginx will handle external access, modify your docker-compose.yml:

version: "3.8"

services:
  grocy:
    image: lscr.io/linuxserver/grocy:latest
    container_name: grocy-castle
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - ./config:/config
      - ./data:/data
    ports:
      - "127.0.0.1:9283:80" # ๐Ÿ”’ Only bind to localhost
    restart: unless-stopped
# No need for custom networks when using system Nginx

Testing Your Setup ๐Ÿงช

# Check if Grocy is running
docker-compose ps

# Test direct access (should work)
curl http://127.0.0.1:9283

# Test through Nginx (should work)
curl http://your-domain.com

# Check Nginx status
sudo systemctl status nginx

# View Nginx logs if issues
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log

๐Ÿ—๏ธ Step 6: Entering Your Kingdom

  1. Direct Access: Visit http://your-vps-ip:9283
  2. With Domain: Visit http://your-domain.com (if using Nginx)

Default Royal Credentials ๐Ÿ‘‘:

  • Username: admin
  • Password: admin

๐Ÿšจ IMPORTANT: Change these immediately after first login!

๐Ÿ”ง Step 7: Kingdom Maintenance Spells

Regular Maintenance Incantations:

# Update your kingdom to the latest version
docker-compose pull
docker-compose up -d

# Backup your royal data
tar -czf grocy-backup-$(date +%Y%m%d).tar.gz config/ data/

# View kingdom status
docker-compose ps

# Enter the castle for debugging
docker exec -it grocy-castle /bin/bash

# Restart the entire realm
docker-compose restart

# Stop the kingdom
docker-compose down

# Completely rebuild (nuclear option)
docker-compose down -v
docker-compose up -d

๐Ÿ› ๏ธ Step 8: Advanced Kingdom Customizations

Environment Variables Magic โœจ

Add these to your docker-compose.yml environment section:

environment:
  - PUID=1000
  - PGID=1000
  - TZ=Europe/London
  - MAX_UPLOAD=50M # Max file upload size
  - GROCY_CULTURE=en # Language setting
  - GROCY_CURRENCY=USD # Currency setting

Firewall Protection Spell ๐Ÿ”ฅ

# Allow only necessary ports
sudo ufw allow 22/tcp      # SSH
sudo ufw allow 80/tcp      # HTTP
sudo ufw allow 443/tcp     # HTTPS
sudo ufw allow 9283/tcp    # Grocy (if direct access needed)
sudo ufw enable

๐ŸŽฏ Troubleshooting Potions

Common Kingdom Issues & Solutions:

๐Ÿ› Container won’t start:

docker-compose logs grocy
# Check for permission issues or port conflicts

๐Ÿ› Can’t access from outside:

# Check firewall rules
sudo ufw status
# Verify port binding
netstat -tlnp | grep 9283

๐Ÿ› Data not persisting:

# Check volume mounts and permissions
ls -la ~/grocy-kingdom/
sudo chown -R 1000:1000 ~/grocy-kingdom/

๐ŸŽ‰ Victory! Your Kingdom Awaits

Congratulations, brave administrator! Your Grocy ERP kingdom now stands mighty in the cloud realms. You can now:

  • ๐Ÿ“ฆ Manage your household inventory
  • ๐Ÿ›’ Track shopping lists
  • ๐Ÿ“Š Monitor consumption patterns
  • ๐Ÿฝ๏ธ Plan meals and recipes
  • ๐Ÿ“‹ Handle chores and tasks

May your kingdom prosper and your groceries never expire! ๐Ÿฐโœจ


Remember: With great power comes great responsibility. Keep your kingdom updated and your data backed up! ๐Ÿ›ก๏ธ

Tags :