Docker compose install

We are interested in testing Cryptomator on a virtual private server (digital ocean). I’m trying to use docker compose to install it.
I’ve built the docker-compose.yaml from the setup page on your website. Using an IP address instead of a domain (since we don’t have a domain yet). And I’m using the Cryptomator version of Keycloak (i.e. I did not select “Use an existing Keycloak installation.”)
However, when running “docker compose up -d” I get the following error:

Bind for failed: port is already allocated

I see that both the hub and keycloak are attempting to bind ports 443:8080 and so it fails on the second bind request since only one docker container can listen per port.

I tried reversing the binding to 8080:443 since it looks like the internal servers are listening on 8080 and we want the external port to be 443, but ran into the same problem.

So I changed the Keycloak binding to 8080:443 and the Cryptomator binding to 8081:443 and was able to see both containers up and working, but nothing was reachable from the IP address in the web browser.

Please advise on how to proceed.

Hi and welcome to the Cryptomator Community :slightly_smiling_face:,

As I answered your question by mail, I’ll copy paste it here:

Cryptomator Hub together with Keycloak requires proper TLS termination which means in return you need a domain and a TLS certificate for it, then it should work with those different ports.

Often you work when using multiple services per server with a reverse proxy such as Traefik or Nginx and can then have subdomains such as and next to each other pointing to the normal TLS port 443 on the same server. If you check on the setup wizzard the Traefik checkbox and set the domains accordingly, it adds the appropriate rules for traefik. You then still need to setup Traefik but as metnioned before you need a propper TLS terminating proxy.

If you want to try Cryptomator Hub first, I can also provide you with a demo instance. If you want to do that, feel free to let me know.

That’s great help, thank you. I was starting to look at Nginx reverse proxy and missed the Traefik checkbox. I’ll look at that and setting up the domain as well.