How to Install Firefly III on Ubuntu 20.04

Updated on February 25, 2022
How to Install Firefly III on Ubuntu 20.04 header image


This tutorial explains how to install Firefly III on Ubuntu 20.04. This tutorial will use Docker, docker-compose and Nginx to secure the setup.

Firefly III is a self-hosted personal finance manager that allows you to keep track of all your funds and assets.


Before you begin, you should have:

You should also have:

  • A domain you own, pointing to your server. It can also be a subdomain if you wish.
    • Please note that Certbot/Let's Encrypt does not support certificates for IP addresses. Some tutorials may demonstrate how to self-sign your certificate; however, it is unsafe and not recommended to do so. You may need to use an alternative service that supports signing certificates for IP addresses.


Certbot and Git

  1. Install Git using apt.

     $ sudo apt install git
  2. Ensure that any apt versions of Certbot are uninstalled. It is okay if apt reports that none of these packages was installed.

     $ sudo apt remove certbot
  3. Ensure that your version of snapd is up to date.

     $ sudo snap install core; sudo snap refresh core
  4. Install Certbot using snap.

     $ sudo snap install --classic certbot
  5. Run Certbot. You will need to follow the prompts to enter your domain name and redirect all traffic to HTTPS.

     $ sudo certbot certonly --standalone
  6. Take note of your certificate and private key paths when provided. It may be different depending on the domain used.

     Certificate Path: /etc/letsencrypt/live/
     Private Key Path: /etc/letsencrypt/live/

If you used a different SSL provider, please ensure they are on your server and know their full path. You may put them in the /etc/nginx/ directory if you wish.


  1. Remove any older versions of Docker and the Docker engine.

     $ sudo apt remove docker docker-engine containerd runc
  2. Install Docker using snap.

     $ sudo snap install docker


.env File

  1. Create a directory called firefly in your home directory and enter it.

     $ mkdir ~/firefly
     $ cd ~/firefly
  2. Download Firefly III's .env file from GitHub.

     $ curl -o .env
  3. Open the .env file in your text editor.

     $ nano .env

    You will need to edit some of the values in this file to set up and customize your installation. You should change the values listed below.

    • SITE_OWNER: Set this to your email address.
    • APP_KEY: Set this to a random string (must be 32 characters without special characters).
    • TZ: Set this to your timezone (must be in the Country/Location format).
    • TRUSTED_PROXIES: Set this to **.
    • APP_URL (at the very bottom of the file): Set this to your domain name.

    If you spot any other settings you wish to change, please do so.

  4. Save and exit the text editor by using Control + X, then Y, followed by Enter.

Docker Container

  1. Create and open a new docker-compose.yml file.

     $ nano docker-compose.yml
  2. Add the following lines to the file.

     version: '3.3'
         image: fireflyiii/core:latest
         restart: always
           - firefly_iii_upload:/var/www/html/storage/upload
         env_file: .env
           - 8080:8080
           - db
         image: mariadb    
         hostname: fireflyiiidb
         restart: always
           - MYSQL_USER=firefly
           - MYSQL_PASSWORD=secret_firefly_password
           - MYSQL_DATABASE=firefly
           - firefly_iii_db:/var/lib/mysql
  3. Exit the file using Control + X, then press Y, followed by Enter.

  4. Run Firefly III by using docker-compose in detached mode. This may take a few seconds.

     $ sudo docker-compose up -d
  5. Check that Firefly III is running by using docker. The status should be Up.

     $ sudo docker ps
     Up x seconds/minutes

You have now successfully installed and configured Firefly III and have obtained a signed SSL certificate.

Setup an Nginx Reverse Proxy

You can now use your SSL certificate and Nginx to secure your Firefly III installation. Nginx will provide HTTPS support by using your SSL certificate and redirecting all traffic through port 443.

  1. Remove the Nginx default configuration file. If you are using this file, then keep it.

     $ sudo rm /etc/nginx/conf.d/default.conf
  2. Create and open a new configuration file in Nginx's conf.d directory.

     $ sudo nano /etc/nginx/conf.d/firefly.conf
  3. Paste the following into the file and replace with your chosen domain name. Ensure that the ssl_certificate and ssl_certificate_key lines point to your SSL certificate.

     upstream firefly {
       server localhost:8080;
     server {
       listen 443 ssl http2;
       gzip on;
       ssl_certificate /etc/letsencrypt/live/;
       ssl_certificate_key /etc/letsencrypt/live/;
       ssl_session_cache builtin:1000 shared:SSL:10m; 
       ssl_session_cache shared:MySSL:10m;
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
       ssl_prefer_server_ciphers on;
       location / {
            send_timeout 5m;
            proxy_read_timeout 240;
            proxy_send_timeout 240;
            proxy_connect_timeout 240;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Ssl on;
            proxy_set_header Connection "";
            proxy_cache_bypass $cookie_session;
            proxy_no_cache $cookie_session;
            proxy_buffers 32 4k;
            proxy_pass http://firefly;
  4. Exit your text editor and save changes by pressing Control + X, then Y, followed by Enter.

  5. Test the configuration file. If the test is successful, you will see the syntax is ok, and the test is successful messages.

     $ sudo nginx -t
     nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
     nginx: configuration file /etc/nginx/nginx.conf test is successful
  6. Reload Nginx to apply your changes.

     $ sudo /etc/init.d/nginx reload

Finishing Steps

You should now navigate to your Firefly III installation and create an account.

Once logged in, you can set up your first savings account by following the steps on the welcome screen.

You have successfully installed Firefly III and secured it using an SSL certificate and an Nginx reverse proxy.