Skip to content

Instantly share code, notes, and snippets.

@dadencukillia

dadencukillia/.env

Last active March 11, 2026 13:22
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dadencukillia/baba2e5b40a659a3ee880bec9e1ee886 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dadencukillia/baba2e5b40a659a3ee880bec9e1ee886 to your computer and use it in GitHub Desktop.
Download ZIP
My simple docker-compose.yml file for a Wakapi set up using Cloudflare Tunnels. Adjustable via .env file
Raw
.env
WAKAPI_PASSWORD_SALT=JUST_GENERATE_RANDOM_SYMBOLS # You can use this resource: https://www.ukraine.com.ua/info/tools/passwdgenerate/
WAKAPI_MAIL_SMTP_PASS=YOUR_SMTP_PASSWORD # If you have a SMTP server on your machine
WAKAPI_DB_PASSWORD=JUST_GENERATE_RANDOM_SYMBOLS # You can use this resource: https://www.ukraine.com.ua/info/tools/passwdgenerate/
WAKAPI_ALLOW_SIGNUP=true # or "false". I recommend to turn it off after your registration to make Wakapi unaccessible for strangers (for friends you can generate special links)
WAKAPI_PUBLIC_URL=https://wakapi.example.com # The link to your wakapi homepage
CLOUDFLARE_TUNNEL_TOKEN=YOUR_CLOUDFLARE_TUNNER_TOKEN # I recommend use Cloudflare Tunnels, because it's convenient and free to manage your domains and SSL certificates. https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/create-remote-tunnel/
Raw
README.md

πŸ“Š Wakapi with Cloudflare Tunnel and Docker Compose

This is a lightweight, secure template for running Wakapi (an open-source alternative to WakaTime) on your machine. It uses PostgreSQL and Cloudflare Tunnel for convenient access from the WAN without port forwarding.

🟒 What is Wakapi?

Wakapi is an open-source tool that helps you track the time you spend coding in different programming languages and on different projects.

πŸ™ GitHub 🌐 Website

πŸ’« Features:

  • Docker Secrets: Passwords and tokens are stored using Docker Secrets instead of environment variables, which is good practice.
  • Cloudflare Tunnel: Don't worry about port forwarding and SSL certificates β€” Cloudflare manages the boilerplate.
  • Easy adjustments: Just one .env file to set everything up.

πŸš€ Quick Start

  1. Create a directory on your server and place the .env and docker-compose.yml files there.
  2. Open the .env file in your editor.
  3. Use a password generator service (such as this) to fill in the WAKAPI_PASSWORD_SALT and WAKAPI_DB_PASSWORD fields. I recommend not using special symbols.
  4. If you have an SMTP server, specify the WAKAPI_MAIL_SMTP_PASS field.
  5. Leave the WAKAPI_ALLOW_SIGNUP field turned on. However, since you are registering an account, it is better to turn it off.
  6. If you don't have a domain, go to Cloudflare. It's easy to understand how it works; there are a lot of videos on YouTube explaining it. You have to link your domain to your account.
  7. Set up a tunnel in your Cloudflare dashboard and retrieve your token. There is a good documentation page.
  8. Specify your token in the CLOUDFLARE_TUNNEL_TOKEN field.
  9. For best results, link the tunnel to a subdomain. This allows you to specify the full URL to the homepage in the WAKAPI_PUBLIC_URL field.
  10. Run the docker compose up -d (or podman compose up -d) command to start the stack.
  11. Well done!

βœ‹ Quick Stop

  1. Run the docker compose down command to stop the stack (or podman compose down).
  2. Well done!
Raw
docker-compose.yml
services:
wakapi:
image: "ghcr.io/muety/wakapi:2.17.2"
init: true
restart: always
environment:
WAKAPI_DB_TYPE: "postgres"
WAKAPI_DB_NAME: "wakapi"
WAKAPI_DB_USER: "wakapi"
WAKAPI_DB_HOST: "db"
WAKAPI_DB_PORT: "5432"
WAKAPI_DB_PASSWORD_FILE: "/run/secrets/db_password"
WAKAPI_PASSWORD_SALT_FILE: "/run/secrets/password_salt"
WAKAPI_MAIL_SMTP_PASS_FILE: "/run/secrets/smtp_pass"
WAKAPI_ALLOW_SIGNUP: ${WAKAPI_ALLOW_SIGNUP}
WAKAPI_PUBLIC_URL: ${WAKAPI_PUBLIC_URL}
WAKAPI_INSECURE_COOKIES: false
WAKAPI_MAX_INACTIVE_MONTHS: -1
secrets:
- source: password_salt
target: password_salt
uid: '1000'
gid: '1000'
mode: '0400'
- source: smtp_pass
target: smtp_pass
uid: '1000'
gid: '1000'
mode: '0400'
- source: db_password
target: db_password
uid: '1000'
gid: '1000'
mode: '0400'
db:
image: postgres:17
restart: always
environment:
POSTGRES_USER: "wakapi"
POSTGRES_PASSWORD_FILE: "/run/secrets/db_password"
POSTGRES_DB: "wakapi"
volumes:
- wakapi-db-data:/var/lib/postgresql/data
secrets:
- db_password
tunnel:
image: "cloudflare/cloudflared:latest"
restart: always
command: tunnel --no-autoupdate run --token-file /run/secrets/cloudflare_tunnel_token
secrets:
- cloudflare_tunnel_token
secrets:
password_salt:
environment: WAKAPI_PASSWORD_SALT
smtp_pass:
environment: WAKAPI_MAIL_SMTP_PASS
db_password:
environment: WAKAPI_DB_PASSWORD
cloudflare_tunnel_token:
environment: CLOUDFLARE_TUNNEL_TOKEN
volumes:
wakapi-db-data: {}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment