Install on Docker
Install Squidex on Linux machines with docker and docker-compose.
Digital Ocean Droplets are not supported right now, because their DNS prevents that a container can make a request to itself, which is needed to get OIDC via Identity Server working properly. The issue has been discussed in the support forum.
We provide a docker-compose configuration:
There are 3 alternatives:
docker-compose.yml
with the following containers:The caddy proxy uses a custom image to configure the Caddyfile.
Recommended setup because of the performance of Caddy and the number of containers.
docker-compose-nginx.yml
with the following containers:- Squidex
Recommended setup when you are familiar with Nginx and have special requirements.
docker-compose-noproxy.yml
with the following containers:- Squidex
Recommended setup if you already have a reverse proxy (e.g. Cloudflare).
Download the following files to your server:
docker-compose.yml
.env
Open the
.env
file and set the following variables:Variable | Description |
---|---|
SQUIDEX_DOMAIN | Your domain name, that you want to use for your installation. For example the domain name for the Squidex cloud is cloud.squidex.io . If you can Squidex on your local machine it is localhost . |
SQUIDEX_ADMINEMAIL | The email address of the admin user. You can leave it empty to create a new user with the setup page when you visit your Squidex installation in the browser. |
SQUIDEX_ADMINPASSWORD | The password of the admin user. Must contain a lowercase and uppercase letter, a number and a special character. You can leave it empty to create a new user with the setup page when you visit your Squid |
You can keep the other settings empty for now.
The data like assets and the MongoDB database files will be stored outside of the docker container to simplify the backups. The default path
/etc/squidex
will be created by docker automatically.docker-compose up -d
Squidex should be up and running now. You can visit your installation under
You should see the following screen:

Setup Screen
The setup screen shows a checklist with hints and warnings. As long as there is no error (an red icon), everything is fine.
If no external authentication provider such as Google or Github is configured you will not see the red area.
Create a new administrator account now with an email address and password and you are ready to go. We will not send you an email to this email address, so you can choose whatever email address you want.
Please check the logs first using docker.
docker ps # Get the container id first
docker logs <CONTAINER-ID> # Read the logs
You are very likely running under
localhost
. In this case the webserver (caddy) cannot create a valid certificate and will create a self signed certificate. Usually there is a button to continue to localhost:
Accept self signed certificate with Chrome
This screen is taken from Chrome and can look differently for other browsers.
In my tests it took sometime to issue the certificate. Probably around 10 minutes.
Also ensure that your DNS server is configured correctly.
In some cases, especially on CentOS 7, the communication between docker containers on the same host is blocked by the firewall. There is an open issue on Github for this problem.
The solution that worked in our cases was to add https as a service to the firewall:
CentOS:
sudo firewall-cmd --add-service=https --permanent --zone=trusted
sudo firewall-cmd --reload
sudo systemctl restart docker
Ubuntu:
sudo ufw allow 443
sudo ufw enable
sudo systemctl restart docker
This problem is because you use an host name or IP address that is not reachable from the docker itself. You can think about the Squidex being two processes in one application. There is the OpenID Connect Token Server that generates the access tokens and the API. When the API receives an access token it makes a request to the Token Server to validate the token (See following diagram).

Authentication Flow
When you use a local host name or IP address such as
localhost
or 127.0.0.1
your are referring to the host name. But containers inside docker cannot resolve the network routes and therefore the authentication flow fails. The solution is to either use another local hostname, that you have to configure in the host file of your Operation system or to use a real hostname, such as a public domain name.It is very likely a configuration problem and not related to hosting under Docker. Checkout
Last modified 7mo ago