Skip to main content

Docker Setup

Docker Run

The simplest way to run Cornerstone:

docker run -d \
--name cornerstone \
-p 3000:3000 \
-v cornerstone-data:/app/data \
steilerdev/cornerstone:latest

This starts Cornerstone on port 3000 with a persistent volume for the SQLite database.

For a more maintainable setup, use Docker Compose:

# Download the files
curl -O https://raw.githubusercontent.com/steilerDev/cornerstone/main/docker-compose.yml
curl -O https://raw.githubusercontent.com/steilerDev/cornerstone/main/.env.example

# Configure your environment
cp .env.example .env
# Edit .env with your preferred settings

# Start the application
docker compose up -d

The default configuration works out of the box -- the only thing you must do is complete the first-run setup wizard in the browser.

Behind a Reverse Proxy

When deploying behind a reverse proxy (nginx, Caddy, Traefik, etc.), set these environment variables:

TRUST_PROXY=true
SECURE_COOKIES=true

TRUST_PROXY tells Cornerstone to read forwarded headers (X-Forwarded-For, X-Forwarded-Proto, etc.). This is required for secure cookies and OIDC redirects to work properly behind a proxy.

Data Persistence

Cornerstone stores all data in a single SQLite database file at /app/data/cornerstone.db inside the container. Mount a Docker volume or bind-mount to /app/data to persist your data across container restarts:

# Named volume (recommended)
-v cornerstone-data:/app/data

# Bind mount
-v /path/on/host:/app/data

Health Checks

The Docker image includes a built-in health check that verifies the server is running and the database is accessible:

  • Readiness: GET /api/health/ready -- verifies database access and password hashing
  • Liveness: GET /api/health/live -- basic server responsiveness check

The health check runs every 30 seconds with a 15-second startup grace period.

Image Tags

TagDescription
latestLatest stable release
betaLatest beta pre-release
x.y.zSpecific stable version (e.g., 1.7.0)
x.yLatest patch of a minor version (e.g., 1.7)
x.y.z-beta.nSpecific beta version (e.g., 1.7.0-beta.1)