Browser Version on a Private Server
You can deploy the browser version on your own server if security requirements prevent you from using app.gram.ax. For example, if your company prohibits the use of the software vendor’s CORS proxy.
Launch
Download the ready‑made file using the command
curl -LO https://gram.ax/editor-docker-compose.yaml.version: "3.8" services: editor: image: docker.io/gramax/editor:latest container_name: editor restart: unless-stopped ports: - ${PORT:-3000}:80 environment: - GIT_PROXY_SERVICE_URL=${GIT_PROXY_SERVICE_URL:-http://localhost:3001} git-proxy: image: docker.io/gramax/git-proxy:latest container_name: git_proxy restart: unless-stopped ports: - ${GIT_PROXY_PORT:-3001}:80 environment: - ALLOWED_GRAMAX_URLS=${ALLOWED_GRAMAX_URLS:-}Set the environment variables:
PORT— the port on which the Gramax editor will be accessible. If not specified, port3000is used.GIT_PROXY_SERVICE_URL— the URL the editor uses to access the Git Proxy service. The default ishttp://localhost:3001.GIT_PROXY_PORT— the port for the Git Proxy service. If not specified,3001is used.ALLOWED_GRAMAX_URLS— a comma‑separated list of domains allowed to send requests via Git Proxy. Connections fromlocalhostare always allowed.
If you prefer to use Podman, follow these steps:
Create a folder to store data (for example, next to the
editor-docker-compose.yamlfile, or specify it via an environment variable).Replace
dockerwithpodmanin all commands.
Access from other devices
To make the browser version accessible to other employees on the local network, you must use HTTPS.
This is a browser requirement: the application needs SharedArrayBuffer, which is only available under the following conditions:
The connection is configured over HTTPS.
The headers
Cross-Origin-Opener-Policy: same-originandCross-Origin-Embedder-Policy: require-corpare present (configured on the editor container side).
HTTPS setup
Create an OpenSSL configuration file (for example,
openssl.cnf) with the following content:[req] distinguished_name = dn x509_extensions = ext prompt = no [dn] CN = editor.local [ext] subjectAltName = @alt_names [alt_names] DNS.1 = editor.local # Editor domain DNS.2 = gitproxy.local # Git Proxy domainGenerate a self‑signed certificate using the following command:
mkdir -p certs openssl req -x509 -nodes -days 365 \ -newkey rsa:2048 \ -keyout certs/private.key \ -out certs/certificate.crt \ -config openssl.cnfThe certificate and key files will be saved in the
certs/folder.Extend the
docker-compose.yamlfile by adding Caddy and HTTPS settings. Don’t forget to replace the example domains with your own:version: "3.8" services: caddy: image: caddy:latest container_name: caddy ports: - "80:80" - "443:443" volumes: - ./certs:/certs restart: unless-stopped configs: - source: caddy_config target: /etc/caddy/Caddyfile editor: image: docker.io/gramax/editor:latest restart: unless-stopped container_name: editor environment: - GIT_PROXY_SERVICE_URL=${GIT_PROXY_SERVICE_URL:-https://gitproxy.local} git-proxy: image: docker.io/gramax/git-proxy:latest container_name: git_proxy restart: unless-stopped environment: - ALLOWED_GRAMAX_URLS=${ALLOWED_GRAMAX_URLS:-https://editor.local} configs: caddy_config: content: | editor.local { reverse_proxy editor:80 tls /certs/certificate.crt /certs/private.key } gitproxy.local { reverse_proxy git-proxy:80 tls /certs/certificate.crt /certs/private.key }Configure your local DNS server or router so that the domains
editor.localandgitproxy.localresolve to the IP address of the server where the editor and Git Proxy services are deployed.Start the containers:
docker-compose up -dOpen the following in your browser:
https://editor.localWhen you open it for the first time, the browser may warn you about a self‑signed certificate. You can either:
Temporarily accept the exception in the browser.
Install the
certificate.crtcertificate into your system’s trusted root certification authorities to avoid warnings in the future.
Support for Draw.io and PlantUML diagrams
If you want diagrams to be generated on your own server, follow these steps:
Add the
gramax/diagram-renderer:latestservice to thedocker-compose.yamlfile.Specify the
DIAGRAM_RENDERER_SERVICE_URLenvironment variable in the editor block.DIAGRAM_RENDERER_SERVICE_URLis the URL where thegramax/diagram-renderer:latestservice is accessible.Specify the
ALLOWED_GRAMAX_URLSvariable in the diagram‑renderer block.ALLOWED_GRAMAX_URLSis the URL of the browser editorgramax/editor:latestthat accesses the diagram service.Below is an example of an extended
docker-compose.yamlfragment with diagram support and HTTPS:version: "3.8" services: caddy: image: caddy:latest container_name: caddy ports: - "80:80" - "443:443" volumes: - ./certs:/certs restart: unless-stopped configs: - source: caddy_config target: /etc/caddy/Caddyfile editor: image: docker.io/gramax/editor:latest restart: unless-stopped container_name: editor environment: - GIT_PROXY_SERVICE_URL=${GIT_PROXY_SERVICE_URL:-https://services.local} - DIAGRAM_RENDERER_SERVICE_URL=${DIAGRAM_RENDERER_SERVICE_URL:-https://services.local/diagram-renderer} git-proxy: image: docker.io/gramax/git-proxy:latest container_name: git_proxy restart: unless-stopped environment: - ALLOWED_GRAMAX_URLS=${ALLOWED_GRAMAX_URLS:-https://editor.local} diagram-renderer: image: docker.io/gramax/diagram-renderer:latest container_name: diagram-renderer restart: unless-stopped environment: - ALLOWED_GRAMAX_URLS=${ALLOWED_GRAMAX_URLS:-https://editor.local} configs: caddy_config: content: | editor.local { reverse_proxy editor:80 tls /certs/certificate.crt /certs/private.key } services.local { handle_path /* { reverse_proxy git-proxy:80 } handle_path /diagram-renderer/* { reverse_proxy diagram-renderer:8080 } tls /certs/certificate.crt /certs/private.key }
In the previous example, a separate domain (gitproxy.local) was used for Git Proxy. In this case, a single domain (services.local) is used — it serves both Git Proxy and access to diagram services.