Run your own instance of NinerLog, the EASA/FAA compliant pilot logbook.
# 1. Clone this repo
git clone https://github.com/fjaeckel/ninerlog-dockerized.git
cd ninerlog-dockerized
# 2. Configure environment
cp .env.example .env
# Edit .env — at minimum set JWT_SECRET, REFRESH_SECRET, POSTGRES_PASSWORD
# 3. Log in to GitHub Container Registry (images are private for now)
echo "$GITHUB_TOKEN" | docker login ghcr.io -u "$GITHUB_USER" --password-stdin
# 4. Start everything
docker compose up -d
# 5. Open NinerLog
open http://localhostThe stack pulls pre-built images from GitHub Container Registry — no build step needed.
| Service | Image | Port |
|---|---|---|
| API | ghcr.io/fjaeckel/ninerlog-api:latest |
3000 (internal) |
| Frontend | ghcr.io/fjaeckel/ninerlog-frontend:latest |
80 / 443 |
| PostgreSQL | Custom (Alpine + auto-TLS) | 5432 (internal) |
| Certbot | certbot/certbot:latest |
— |
| DB Backup | Custom (Alpine + pg_dump) | — |
┌─────────────┐ ┌─────────────┐ ┌──────────────┐
│ Browser │────▶│ Frontend │────▶│ API │
│ │ │ (nginx) │ │ (Go) │
└─────────────┘ │ :80/:443 │ │ :3000 │
└─────────────┘ └──────┬───────┘
│
┌──────▼───────┐
│ PostgreSQL │
│ :5432 (TLS) │
└──────────────┘
- Frontend serves the React PWA and reverse-proxies
/api/*to the API container. - PostgreSQL uses auto-generated self-signed TLS certificates for wire encryption between containers.
- Certbot handles Let's Encrypt certificate renewal for HTTPS.
- DB Backup runs scheduled
pg_dumpsnapshots, gzip-compressed, with automatic retention pruning.
All configuration is done via environment variables in .env. See docs/CONFIGURATION.md for the full reference.
| Variable | Description |
|---|---|
POSTGRES_PASSWORD |
Database password |
JWT_SECRET |
Secret key for access tokens (min. 32 chars) |
REFRESH_SECRET |
Secret key for refresh tokens (min. 32 chars) |
| Variable | Description |
|---|---|
TLS_DOMAIN |
Your domain name (e.g. logbook.example.com) |
CORS_ORIGIN |
Must match your domain (e.g. https://logbook.example.com) |
VITE_API_BASE_URL |
Usually /api/v1 (default) |
See docs/HTTPS.md for the full TLS/Let's Encrypt setup.
# Pull latest images
docker compose pull
# Restart with new images
docker compose up -dSee docs/UPGRADING.md for version pinning and migration notes.
- Configuration Reference — All environment variables
- HTTPS Setup — Let's Encrypt / TLS configuration
- Passkeys / WebAuthn — Enabling passwordless sign-in
- Upgrading — Pulling new versions, migrations
- Backups — Automated database backups and restore
- Cloud Backups — Per-user encrypted backups to pluggable cloud storage providers
- Monitoring — Private Prometheus scraping of the
/metricsendpoint - API Documentation — OpenAPI 3.1 specification
See the individual repositories for license information: