Unable to setup Vikunja on docker

Hi everyone,
I’m trying to setup Vikunja on an AmberPRO via docker (I’m a noob at it, first experience), but I just can’t make it work. Even with the default docker-compose.yml from the wiki (here), I keep getting this:

2025-05-02  8:07:12 151 [Warning] Access denied for user 'vikunja'@'localhost' (using password: YES)

Sometimes alternated by this error:

2025-05-02  8:07:22 156 [Warning] Aborted connection 156 to db: 'unconnected' user: 'unauthenticated' host: '192.168.144.3' (This connection closed normally without authentication)

The frontend keeps restarting and I can’t do anything. I found a similar thread that suggested to switch to postgres or sqlite, but:

  • With Postgres, the .yml creates only the database, which runs but I have no frontend.
  • With sqlite, everything works.. but after a while the frontend randomly stops, with no errors in the logs for the db or the frontend. I should also add that this seems to happen faster if I use Vikunja.. If I don’t, the frontend seems to run for quite more time without any issue, even though it stops in the end. On the other hand, the db never stops working.

In all three cases I’m using the .yml configuration provided in the official wiki, modified accordingly. Below you can see the last one I’m using. Any ideas?

version: "3"

services:
  vikunja:
    image: vikunja/vikunja
    environment:
      VIKUNJA_SERVICE_JWTSECRET: <a super secure random secret>
      VIKUNJA_SERVICE_PUBLICURL: http://192.168.68.70
      # Note the default path is /app/vikunja/vikunja.db.
      # This config variable moves it to a different folder so you can use a volume and 
      # store the database file outside the container so state is persisted even if the container is destroyed.
      VIKUNJA_DATABASE_PATH: /db/vikunja.db
    ports:
      - 3456:3456
    volumes:
      - ./files:/app/vikunja/files
      - ./db:/db
    restart: unless-stopped
  db:
    image: mariadb:10
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    environment:
      MYSQL_ROOT_PASSWORD: supersecret
      MYSQL_USER: vikunja
      MYSQL_PASSWORD: changeme
      MYSQL_DATABASE: vikunja
    volumes:
      - ./db:/var/lib/mysql
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "mysqladmin ping -h localhost -u $$MYSQL_USER --password=$$MYSQL_PASSWORD"]
      interval: 2s
      start_period: 30s

Referencing my config for comparison:

vikunja docker-compose.yml
networks:
  vikunja_net:
    name: vikunja_net
    driver: bridge
  typesense_vikunja_net:
    external: true

services:
  vikunja:
    image: vikunja/vikunja:unstable
    container_name: vikunja
    environment:
      VIKUNJA_DATABASE_HOST: vikunja_db
      VIKUNJA_DATABASE_PASSWORD: 12345
      VIKUNJA_DATABASE_TYPE: mysql
      VIKUNJA_DATABASE_USER: myusername_vikunja_user
      VIKUNJA_DATABASE_DATABASE: vikunja-test-db-12345
      VIKUNJA_SERVICE_JWTSECRET: 58560eeadkposakdopsakdopsakodksaopdkasopdkasopkdblablabla5f73e
      VIKUNJA_REDIS_ENABLED: 1
      VIKUNJA_REDIS_HOST: 'vikunja_redis:6379'
      VIKUNJA_CACHE_ENABLED: 1
      VIKUNJA_CACHE_TYPE: redis
      VIKUNJA_REDIS_PASSWORD: 12345
      VIKUNJA_TYPESENSE_ENABLED: 1
      VIKUNJA_TYPESENSE_URL: 'http://typesense:8108'
      VIKUNJA_TYPESENSE_APIKEY: '12345'
      VIKUNJA_SERVICE_MAXITEMSPERPAGE: 1000
      # Email
      VIKUNJA_SERVICE_ENABLEEMAILREMINDERS: 1
      VIKUNJA_DEFAULTSETTINGS_EMAIL_REMINDERS_ENABLED: 1
      VIKUNJA_MAILER_ENABLED: 1
      VIKUNJA_MAILER_HOST: smtp.gmail.com
      VIKUNJA_MAILER_PORT: 465
      VIKUNJA_MAILER_AUTHTYPE: plain
      VIKUNJA_MAILER_USERNAME: whatever.gmail.user
      VIKUNJA_MAILER_PASSWORD: 1234 5678 9101
      VIKUNJA_MAILER_SKIPTLSVERIFY: 0
      VIKUNJA_MAILER_FROMEMAIL: whoknows@example.com
      VIKUNJA_MAILER_QUEUELENGTH: 100
      VIKUNJA_MAILER_QUEUETIMEOUT: 30
      VIKUNJA_MAILER_FORCESSL: 1
      # Logs
      VIKUNJA_LOG_LEVEL: INFO
      VIKUNJA_LOG_DATABASE: stdout
      VIKUNJA_LOG_DATABASELEVEL: INFO
      VIKUNJA_LOG_HTTP: stdout
      VIKUNJA_LOG_ECHO: stdout
      VIKUNJA_LOG_EVENTS: stdout
      VIKUNJA_LOG_EVENTSLEVEL: INFO
      VIKUNJA_LOG_MAIL: stdout
      VIKUNJA_LOG_MAILLEVEL: INFO
      # Default settings
      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME: 1
      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL: 0
      VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_ENABLED: 1
      VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_TIME: 11:00
      VIKUNJA_DEFAULTSETTINGS_WEEK_START: 1
      # DEVELOPMENT!
      VIKUNJA_CORS_ENABLE: 1

    # ports still need to be exposed so that hass checks them - firewall should block these
    ports:
      - 3456:3456
      - 43456:43456
    volumes:
      - /home/myusername/Documents/vikunja/files:/app/vikunja/files
    depends_on:
      - vikunja_db
      - vikunja_redis
    security_opt:
      - no-new-privileges:true
    restart: always
    pull_policy: always
    networks:
      - vikunja_net
      - typesense_vikunja_net
  vikunja_db:
    image: mariadb:lts
    container_name: vikunja_db
    #command: --character-set-server=utf8bmb4 --collation-server=utf8mb4_unicode_ci
    environment:
      MARIADB_AUTO_UPGRADE: 1
      MARIADB_DISABLE_UPGRADE_BACKUP: 0
      MYSQL_ROOT_PASSWORD: blabla12345blabla
      MYSQL_USER: myusername_vikunja_user
      MYSQL_PASSWORD: 12345
      MYSQL_DATABASE: vikunja-test-db-12345
    volumes:
      - /home/myusername/Documents/vikunja/db:/var/lib/mysql
    ports:
      - 3306:3306
    restart: always
    pull_policy: always
    networks:
      - vikunja_net
  vikunja_redis:
    image: redis:7.4.0-alpine
    container_name: vikunja_redis
    restart: always
    pull_policy: always
    security_opt:
      - no-new-privileges:true
    secrets:
      - VIKUNJA_REDIS_PASSWORD
    command: /bin/sh -c 'redis-server --requirepass "12345"'
    networks:
      - vikunja_net
typesense docker-compose.yml
networks:
  typesense_vikunja_net:
    name: typesense_vikunja_net

services:
  typesense:
    image: typesense/typesense:27.1
    container_name: typesense
    restart: always
    pull_policy: always
    user: "9902:9902"
    ports:
      - "8108:8108"
    volumes:
      - /home/myusername/Documents/typesense/data:/data
    command: '--data-dir /data --api-key=12345 --enable-cors'
    networks:
      - typesense_vikunja_net

This setup is tricky in terms of security, I have such to-do in my list:

to-do

Whatever I meant by this when I wrote it - I don’t fully get it know..

We enabled CORS in docker-compose for DEV purposes.

Need to leave enabled, but also limit allowed origins.

See another env var that needs to be added to compose which is VIKUNJA_CORS_ORIGINS

Configuration options

Also in my setup this is exposed via Caddy reverse proxy (did not mention it in attached configs) and all ports exposed here are banned on firewall level.