SoulFire LogoSoulFire
Guides

Docker

SoulFire + Docker = ❤️

Looking for the easy way? Use our automated setup script instead.

Docker Hub image

Official Docker images are available on Docker Hub. Those contain the SoulFire Dedicated Server. This guide assumes you know Docker and Docker compose well and are able to troubleshoot issues on your own.

Pterodactyl/Pelican panel egg

You want to use Docker without the hassle of setting up the container yourself? If you are a user of Pterodactyl/Pelican, you can use the official egg.

It is recommended to set up the Cloudflared egg to setup HTTPS to forward the SoulFire egg.

How to install Docker?

Look at this official guide.

HTTPS setup

SoulFire uses HTTP, but if you run a public domain endpoint you're going to need HTTPS set up for dedicated servers. You have two options, use Cloudflared as a HTTPS tunnel or set up a reverse proxy like Traefik with automatic HTTPS.

You get the token from the Cloudflare Zero Trust dashboard. Follow the official guide to learn how to get the Cloudflared tunnel token.

TUNNEL_TOKEN=mytokengoeshere
services:
  app:
    image: ghcr.io/alexprogrammerde/soulfire
    restart: always
    volumes:
      - app_data:/soulfire/data

  cloudflared:
    image: cloudflare/cloudflared
    command: tunnel run
    environment:
      TUNNEL_TOKEN: ${TUNNEL_TOKEN}

volumes:
  app_data:
    driver: local

Traefik

Traefik is a reverse proxy that can serve SoulFire with HTTPS.

DOMAIN=your-domain.com
EMAIL=your@email.com
services:
  app:
    image: ghcr.io/alexprogrammerde/soulfire
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.soulfire.rule=Host(`${DOMAIN}`)"
      - "traefik.http.services.soulfire.loadbalancer.server.port=38765"
      - "traefik.http.routers.soulfire.entrypoints=websecure"
      - "traefik.http.routers.soulfire.tls.certresolver=myresolver"
    volumes:
      - app_data:/soulfire/data

  traefik:
    image: traefik
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "letsencrypt:/letsencrypt"

volumes:
  app_data:
    driver: local
  letsencrypt:
    driver: local

Traefik (IP SSL)

IP SSL certificates from Let's Encrypt are short-lived (~6 days). Traefik handles automatic renewal, but your containers must remain running. Requires Traefik v3.6.7+.

If you don't have a domain, you can use Let's Encrypt IP address certificates with Traefik. This uses the TLS-ALPN-01 challenge on port 443 and does not require a domain name.

PUBLIC_IP=203.0.113.42
EMAIL=your@email.com
services:
  app:
    image: ghcr.io/alexprogrammerde/soulfire
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.soulfire.rule=Host(`${PUBLIC_IP}`)"
      - "traefik.http.services.soulfire.loadbalancer.server.port=38765"
      - "traefik.http.routers.soulfire.entrypoints=websecure"
      - "traefik.http.routers.soulfire.tls.certresolver=myresolver"
    volumes:
      - app_data:/soulfire/data

  traefik:
    image: traefik:v3
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.myresolver.acme.certificatesduration=160"
      - "--certificatesresolvers.myresolver.acme.profile=shortlived"
      - "--certificatesresolvers.myresolver.acme.disablecommonname=true"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "letsencrypt:/letsencrypt"

volumes:
  app_data:
    driver: local
  letsencrypt:
    driver: local

HTTP setup

Just setup SoulFire with no extra configuration or other services.

This will only serve SoulFire via HTTP. This means that traffic with SoulFire is unencrypted and insecure. All tokens/emails are sent in cleartext and are hijackable with Man In The Middle attacks. It is recommended to setup SoulFire using HTTPS.

services:
  app:
    image: ghcr.io/alexprogrammerde/soulfire
    restart: always
    ports:
      - '38765:38765'
    volumes:
      - app_data:/soulfire/data

volumes:
  app_data:
    driver: local

How is this guide?

Last updated on

Dedicated Mode

Learn how to use SoulFire in dedicated mode.

WebDAV

Learn how to use WebDAV with SoulFire on Windows, Linux, and macOS.

On this page

Docker Hub image
Pterodactyl/Pelican panel egg
How to install Docker?
HTTPS setup
Cloudflared tunnel (Recommended)
Traefik
Traefik (IP SSL)
HTTP setup