Docker Installation

Docker based installations allow to run the application in an isolated environment besides try out multiple versions without installing any package on the host system.

sysPass can be ran in Docker containers which has been compiled on top of latest Debian stable version (Stretch) and avoiding any package compilation.

Docker images can be got from Docker Hub and they are complied automatically from Docker source files on

There are two ways for installing:

  • Using Docker Compose (recommended): deploys a fully working sysPass environment including application and database services.
  • Using Docker: deploys each service (application and database) separately.

Docker Compose

In order to deploy using this method, you need to issue the following steps:

  1. Install Docker engine from
  2. Install Docker Compose from
  3. Download “docker-compose.yml” sysPass’ file from or use the following one:
version: '2'
    container_name: syspass-app
    image: syspass/syspass:3.1.0 # Set this version tag to desired one
    restart: always
    # Will listen on ports 80 and 443 of the host
      - "80:80"
      - "443:443"
      - db
      - syspass-config:/var/www/html/sysPass/app/config
      - syspass-backup:/var/www/html/sysPass/app/backup
    # Set USE_SSL=no if you're using a LB or reverse proxy for SSL offloading
      - USE_SSL=yes
    container_name: syspass-db
    restart: always
    image: mariadb:10.2
    # Set a secure password for MariaDB root user
      - MYSQL_ROOT_PASSWORD=syspass
    # This ports will only be accesible internally
      - "3306"
      - syspass-db:/var/lib/mysql

# Persistent volumes to be used across updates
  syspass-config: {}
  syspass-backup: {}
  syspass-db: {}
  1. Run “docker-compose” tool for setting up the environment:
docker-compose -p syspass -f docker-compose.yml up -d

This will download the latest sysPass stable image and the database (MariaDB) one.

  1. Take a look to deployment’s logs:
docker-compose -p syspass -f docker-compose.yml logs -f


Docker Compose will create an isolated network for all sysPass services making possible to use DNS resolution between containers. You can use “syspass-db” for setting up the database hostname in sysPass installation page.

It will create two fixed volumes for sysPass application, one for “…/app/config” directory and the other for “…/app/backup” directory. An additional fixed volume will be created for the database container’s data.


sysPass container will publish 80 and 443 host’s ports to the outside. You could change this behavior by tweaking the Docker Compose’s file.


You can disable HTTPS redirection by setting “USE_SSL=no” within “docker-compose.yml” file. This will offload the SSL encryption to a LB or reverse proxy.


By this way all the services need to be deployed manually. The following steps are needed:

  1. Install Docker engine from
  2. Create network for sysPass services:
docker network create syspass-net
  1. Create fixed volumes for sysPass services:
docker volume create syspass-app-config
docker volume create syspass-app-backup
docker volume create syspass-db-data
  1. Setup sysPass database container:
docker run --name syspass-db \
--network syspass-net \
--restart unless-stopped \
--env MYSQL_ROOT_PASSWORD=syspass \
--volume syspass-db-data:/var/lib/mysql \
--detach mariadb:10.2
  1. Setup sysPass application container:
docker run --name syspass-app \
--network syspass-net \
--publish 80:80 \
--restart unless-stopped \
--volume syspass-app-config:/var/www/html/sysPass/app/config \
--volume syspass-app-backup:/var/www/html/sysPass/app/backup \
--detach syspass/syspass:3.1.0
  1. Connection data will be displayed in application container’s console:
docker logs -f syspass-app


You can install sysPass extensions (plugins) by setting “COMPOSER_EXTENSIONS” environment variable when deploying the sysPass application container. Example: “–env COMPOSER_EXTENSIONS=’syspass/plugin-authenticator’”

Database Access

You can get access to the database using the following connection data:

  • User: root
  • Password: syspass
You may install other sysPass images from Docker Hub


Please follow the installer steps in order to setup the sysPass application instance.

More information about how sysPass works on Application


It’s very advisable to take a look to security advices on Security