Posted inHomeLab

Stop Renting Your Financial Data: Self-Host Firefly III on Docker

HomeLab tutorial - IT technology blog
HomeLab tutorial - IT technology blog

The Chaos of Modern Personal Finance

I used to track my money using a messy mix of three banking apps, a credit card portal, and a Google Sheet I hadn’t updated since 2022. Every month, I’d stare at my balance and wonder where that $400 “miscellaneous” spending went. Most people turn to sleek SaaS apps like YNAB or Mint to solve this. However, these platforms charge a premium—often $15 a month or $180 a year—just to show you your own data.

Managing a family budget is even harder. You need a system that tracks shared expenses and multiple accounts without leaking your spending habits to advertisers. Your debt history and income levels are goldmines for data brokers. Keeping that information on your own hardware isn’t just about being a tech enthusiast; it’s about basic financial privacy.

Why Spreadsheets and SaaS Apps Often Fail

Most budgeting attempts fail because of data fragmentation. When your info is scattered across different apps, you lose the big picture. Spreadsheets offer flexibility, but they are prone to broken formulas. One wrong keystroke in a cell can ruin an entire year of tracking.

SaaS solutions offer automation but come with a massive catch: you must hand over your bank credentials to third-party aggregators. If their servers are breached, your entire financial life is exposed. Furthermore, many of these apps are shifting toward aggressive subscription models. You end up paying a monthly fee just to see how much money you’re losing to other monthly fees.

Comparing the Options: Sheets vs. SaaS vs. Self-Hosted

Before moving my finances to my HomeLab, I weighed the three most common paths:

  • Excel/Google Sheets: It’s free and flexible. However, it lacks a proper API and becomes a nightmare once you hit more than 100 transactions a month.
  • SaaS (YNAB/PocketGuard): These have great mobile apps and automated sync. The downside is the $15+/month cost and the fact that you don’t own your data—you’re just renting access to it.
  • Firefly III (Self-Hosted): This is a professional-grade, double-entry system. It’s open-source and free. It offers a REST API, recurring transaction tracking, and deep reporting that rivals enterprise accounting software.

If you value data sovereignty, Firefly III is the obvious choice. It bridges the gap between a simple spreadsheet and a complex accounting suite.

The Setup: Firefly III on Docker

Running Firefly III via Docker Compose is the most reliable method I’ve found. It keeps the application logic separate from the database. This isolation makes updates and backups much easier to manage. You won’t have to worry about conflicting PHP versions on your host machine.

The system relies on two main parts: the web engine and a database like MariaDB or PostgreSQL. I also suggest creating a dedicated Docker network to keep this traffic isolated from your other containers.

1. Preparing the Environment

Start by creating a dedicated directory. Keeping your configuration files organized now saves time during future migrations.

mkdir ~/firefly-iii && cd ~/firefly-iii
touch docker-compose.yml .env

2. The Docker Compose Configuration

This configuration uses MariaDB and a separate volume for persistent storage. It ensures your data survives even if you delete or recreate the containers.

version: '3.8'

services:
  app:
    image: fireflyiii/core:latest
    restart: always
    volumes:
      - firefly_iii_upload:/var/www/html/storage/upload
    env_file: .env
    networks:
      - firefly_net
    ports:
      - 8080:8080
    depends_on:
      - db

  db:
    image: mariadb:10
    hostname: firefly_iii_db
    restart: always
    environment:
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
      - MYSQL_USER=firefly
      - MYSQL_PASSWORD=your_secure_password
      - MYSQL_DATABASE=firefly
    networks:
      - firefly_net
    volumes:
      - firefly_iii_db:/var/lib/mysql

networks:
  firefly_net:
    driver: bridge

volumes:
  firefly_iii_upload:
  firefly_iii_db:

3. Configuring the .env File

The .env file acts as the brain of your setup. Firefly III requires a unique 32-character APP_KEY to encrypt your data. You can generate one using an online tool or via a command line generator.

# Core settings
APP_KEY=ReplaceThisWith32CharRandomString
APP_URL=http://localhost:8080
TRUSTED_PROXIES=**

# Database settings
DB_CONNECTION=mysql
DB_HOST=db
DB_PORT=3306
DB_DATABASE=firefly
DB_USERNAME=firefly
DB_PASSWORD=your_secure_password

# Mail settings
MAIL_MAILER=log

Practical Tips for a Smooth Setup

After running docker-compose up -d, the dashboard will be live on port 8080. However, a raw installation is only the beginning. To make this a truly professional system, follow these steps:

Secure Your Connection

Never expose port 8080 directly to the internet. Use a reverse proxy like Nginx Proxy Manager or Traefik with an SSL certificate. Financial data is sensitive; sending it over unencrypted HTTP is a massive risk. If you only need access from outside your home, use a VPN like Tailscale or WireGuard instead of opening ports.

Understand Double-Entry Bookkeeping

Firefly III isn’t just a list of expenses. It follows double-entry rules. When you buy a $5 coffee, money moves from an “Asset account” (like your Chase Checking) to an “Expense account” (Starbucks). It feels slightly tedious at first. However, this method ensures your net worth is accurate down to the last penny.

Automate the Boring Parts

Manual entry is why most people quit budgeting after two weeks. Firefly III has a companion tool called the Data Importer. Use it to upload CSV files from your bank or connect to APIs like GoCardless (formerly Nordigen) to pull transactions automatically. This takes about 20 minutes to configure but saves hours of typing every month.

Security and Backup Strategy

Backups are mandatory when you are your own bank. Set up a simple cron job to export your MariaDB database nightly. Move these backups to an encrypted off-site location, such as an S3 bucket or a secondary NAS. If your SSD fails, you don’t want to lose five years of financial history.

# Quick database dump command
docker exec firefly-iii_db_1 /usr/bin/mysqldump -u firefly --password=your_secure_password firefly > backup_$(date +%F).sql

Immediately after your first login, enable Two-Factor Authentication (2FA) in the settings. This adds a vital layer of protection against anyone who might guess your password.

Reclaiming Your Financial Sovereignty

Switching from a cloud app to Firefly III felt like taking back control of my house. I no longer worry about a company hiking their prices or selling my data to insurance firms. It takes some effort to categorize your first 100 transactions, but the depth of insight is worth it. Your family’s financial future is too important to leave in the hands of a corporation.

Share:
Tags: