SoulFire LogoSoulFire
How-to Guides

Docker

SoulFire + Docker = ❤️

Looking for the easy way? Use our automated setup script instead.

Docker Hub image

Official Docker images are available on Docker Hub. They run the SoulFire dedicated server. This page is for people who already know Docker and Docker Compose and are comfortable troubleshooting on their own.

Pterodactyl/Pelican panel egg

If you want to use Docker without building the container yourself, and you already run Pterodactyl or Pelican, use the official egg.

We recommend pairing it with the Cloudflared egg if you want HTTPS in front of SoulFire.

How to install Docker?

Use the official guide.

HTTPS setup

SoulFire uses HTTP internally, but if you expose it on a public domain you should put HTTPS in front of it. The two practical options are Cloudflared as an HTTPS tunnel or a reverse proxy like Traefik with automatic certificates.

Grab the token from the Cloudflare Zero Trust dashboard. Follow the official guide if you need help creating the tunnel token.

TUNNEL_TOKEN=mytokengoeshere
services:
  app:
    image: ghcr.io/soulfiremc-com/soulfire
    restart: always
    volumes:
      - app_data:/soulfire/data

  cloudflared:
    image: cloudflare/cloudflared
    command: tunnel run
    environment:
      TUNNEL_TOKEN: ${TUNNEL_TOKEN}

volumes:
  app_data:
    driver: local

Traefik

Traefik is a reverse proxy that can serve SoulFire with HTTPS.

DOMAIN=your-domain.com
EMAIL=your@email.com
services:
  app:
    image: ghcr.io/soulfiremc-com/soulfire
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.soulfire.rule=Host(`${DOMAIN}`)"
      - "traefik.http.services.soulfire.loadbalancer.server.port=38765"
      - "traefik.http.routers.soulfire.entrypoints=websecure"
      - "traefik.http.routers.soulfire.tls.certresolver=myresolver"
    volumes:
      - app_data:/soulfire/data

  traefik:
    image: traefik
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "letsencrypt:/letsencrypt"

volumes:
  app_data:
    driver: local
  letsencrypt:
    driver: local

Traefik (IP SSL)

IP SSL certificates from Let's Encrypt are short-lived (~6 days). Traefik handles automatic renewal, but your containers must remain running. Requires Traefik v3.6.7+.

If you don't have a domain, you can use Let's Encrypt IP address certificates with Traefik. This uses the TLS-ALPN-01 challenge on port 443 and does not require a domain name.

PUBLIC_IP=203.0.113.42
EMAIL=your@email.com
services:
  app:
    image: ghcr.io/soulfiremc-com/soulfire
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.soulfire.rule=Host(`${PUBLIC_IP}`)"
      - "traefik.http.services.soulfire.loadbalancer.server.port=38765"
      - "traefik.http.routers.soulfire.entrypoints=websecure"
      - "traefik.http.routers.soulfire.tls.certresolver=myresolver"
    volumes:
      - app_data:/soulfire/data

  traefik:
    image: traefik:v3
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.myresolver.acme.certificatesduration=160"
      - "--certificatesresolvers.myresolver.acme.profile=shortlived"
      - "--certificatesresolvers.myresolver.acme.disablecommonname=true"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "letsencrypt:/letsencrypt"

volumes:
  app_data:
    driver: local
  letsencrypt:
    driver: local

HTTP setup

If you want the simplest possible setup, you can run SoulFire with no extra services or proxy layer.

This only serves SoulFire over HTTP, which means the traffic is unencrypted. Tokens and email addresses travel in cleartext and can be intercepted in a man-in-the-middle attack. Use HTTPS unless you have a very specific reason not to.

services:
  app:
    image: ghcr.io/soulfiremc-com/soulfire
    restart: always
    ports:
      - '38765:38765'
    volumes:
      - app_data:/soulfire/data

volumes:
  app_data:
    driver: local

How is this page?

Last updated on

WebDAV

Learn how to use WebDAV with SoulFire on Windows, Linux, and macOS.

Dedicated Mode

Learn how to use SoulFire in dedicated mode.

On this page

Docker Hub image
Pterodactyl/Pelican panel egg
How to install Docker?
HTTPS setup
Cloudflared tunnel (Recommended)
Traefik
Traefik (IP SSL)
HTTP setup