Docker Setup - PropOps Help Center

PropOps Web uses Docker Compose to bring up the web server, MariaDB database, and phpMyAdmin in a single command. The first run automatically creates your environment file, generates encryption keys, sets up the database, and seeds a default admin account.

PropOps Web is distributed as a Docker image. You will receive a docker-compose.yml file as part of your licence. Contact hello@propops.app if you have not received yours.

Installation

Plesk (Recommended)
Command Line

If your server uses Plesk, you can install PropOps through the Plesk Docker Manager — the easiest way to get up and running.

Prerequisites

Install the Docker extension

In Plesk, go to Extensions → Extensions Catalog and search for Docker. Click Install (or Open if already installed).

The Docker extension requires Plesk Obsidian 18.0+ and a server with KVM or bare-metal virtualisation. It is not available on shared hosting plans.

Install PropOps

Upload docker-compose.yml

Using Plesk’s File Manager (or SFTP), create a directory on your server — for example /opt/propops/ — and upload the docker-compose.yml file provided by PropOps.

Start the containers

In Plesk, open a terminal from the Docker extension or use Tools & Settings → SSH Terminal:

cd /opt/propops
docker compose up -d

The containers will start and appear in Plesk’s Docker Manager, where you can monitor their status, view logs, and restart them.

Get your admin credentials

View the web container logs in Plesk’s Docker interface, or run:

docker compose logs web | grep "seed-sysops"

You will see output like:

[seed-sysops] │  Email:    web@propops.app
[seed-sysops] │  Password: aBcD3fGh!jKmN5pQrStV

The password is only displayed once. Copy it now and store it securely. Change it immediately after your first login.

Set up a domain proxy in Plesk

To serve PropOps through your domain with HTTPS:

Add or select a domain

In Plesk, go to Websites & Domains and select the domain you want to use for PropOps (e.g. propops.yourcompany.com).

Configure Apache & Nginx proxy

Go to Apache & nginx Settings for the domain and add the following under Additional nginx directives:

location / {
    proxy_pass http://127.0.0.1:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout 120s;
    client_max_body_size 50M;
}

Enable SSL/TLS

Go to SSL/TLS Certificates for the domain and issue a free Let’s Encrypt certificate. Plesk handles renewal automatically.

PropOps Web is now accessible at https://propops.yourcompany.com.

You can manage the containers directly from the Plesk Docker Manager — start, stop, restart, and view logs without using the command line.

For servers without Plesk, or if you prefer the command line.

Create a project directory

Create a directory on your server and place the docker-compose.yml file provided by PropOps inside it:

mkdir propops && cd propops

Copy or download the docker-compose.yml into this directory.

Start the containers

docker compose up -d

The first run pulls the PropOps image, MariaDB, and phpMyAdmin, then initialises everything. Watch the progress:

docker compose logs -f

Wait until you see [entrypoint] Directory and permissions check complete. and Apache starts accepting connections.

Verify all containers are running

docker compose ps

Expected output:

NAME               IMAGE                                          STATUS         PORTS
propops-web-1      ghcr.io/propops-technologies-ltd/propops-web   running        0.0.0.0:8080->80/tcp
propops-db-1       mariadb:10.11                                  running        3306/tcp
propops-phpmyadmin phpmyadmin                                     running        0.0.0.0:8081->80/tcp

Get your admin credentials

The entrypoint seeds a default SysOps admin account on first boot. The password is randomly generated and printed once in the container logs.Find it by running:

docker compose logs web | grep "seed-sysops"

You will see output like:

[seed-sysops] │  Email:    web@propops.app
[seed-sysops] │  Password: aBcD3fGh!jKmN5pQrStV

The password is only displayed once. Copy it now and store it securely. Change it immediately after your first login.

Open http://your-server-ip:8080 in your browser and sign in with the email and password from the log output.

That’s it. PropOps Web is running.

What happens on first boot

When you run docker compose up for the first time, the entrypoint script automatically performs the following setup:

1. Environment file created

Your .env configuration file is created from .env.example and stored in docker-data/config/.env. This file persists across container rebuilds — updating the application code does not overwrite your configuration.

2. Encryption keys generated

Two cryptographic keys are auto-generated and written into your .env:

Key	Purpose
`PII_ENCRYPTION_KEY`	Encryption key for personally identifiable information in the database (names, emails, phone numbers) and job files (documents, photos, videos, GDPR reports)
`PII_HMAC_KEY`	HMAC key for searchable encrypted field hashes

Both are 64-character hex strings (32 random bytes). They are generated once and must not be changed after data has been encrypted.

Back up your docker-data/config/.env file securely. If you lose these keys, encrypted PII data in the database and encrypted job files cannot be recovered.

3. Database initialised

MariaDB applies the schema and all migrations automatically from the SQL files mounted into /docker-entrypoint-initdb.d/. This only happens on the very first boot when the database is empty.

4. Upload directories created

All required subdirectories under uploads/ are created with correct ownership (www-data) and permissions:

Directory	Purpose
`avatars`	User profile photos
`branches`	Branch logos and assets
`cache/thumbnails`	Generated image thumbnails
`case-notes`	Job case note attachments
`certifications`	Contractor certification documents
`dashboard-banners`	Custom dashboard banner images
`gdpr`	GDPR data export reports
`jobs`	Job photos and documents
`notices/headers`	Notice board header images
`temp/chunks`	Temporary file upload chunks
`thumbnails/avatars`	Resized avatar thumbnails
`thumbnails/branch-logos`	Resized branch logo thumbnails

5. Security rules applied

.htaccess files are placed into sensitive upload directories to deny direct web access. Files in these directories are only accessible through authenticated API endpoints:

uploads/case-notes/ — denied
uploads/certifications/ — denied
uploads/gdpr/ — denied
extensions/ — denied
docker-data/config/ — denied

6. Admin account seeded

A default SysOps administrator account is created with a randomly generated 20-character password:

Field	Default value
Email	`web@propops.app`
Password	Randomly generated (printed once in container logs)
Role	SysOps (full system access)

The seeder grants all API and page permissions to the SysOps role. If a SysOps user already exists, seeding is skipped.

The generated password is only displayed once during the first boot. Retrieve it from the container logs:

docker compose logs web | grep "seed-sysops"

Store it securely and change it immediately after logging in.

You can customise the default credentials by setting environment variables before the first boot:

# In docker-compose.yml under web > environment, or in your .env
SEED_SYSOPS_EMAIL=admin@yourcompany.com
SEED_SYSOPS_PASSWORD=YourChosenPassword!    # Optional — overrides random generation

Set SEED_SYSOPS=false to disable automatic user creation entirely.

Directory structure

After the first boot, your project directory will contain a docker-data/ folder with all persistent data:

propops/
├── docker-compose.yml     # Provided by PropOps
├── docker-data/           # All persistent data (created on first boot)
│   ├── config/
│   │   ├── .env           # Your environment configuration
│   │   └── .htaccess      # Denies direct web access
│   ├── uploads/           # User-uploaded files
│   │   ├── avatars/
│   │   ├── branches/
│   │   ├── case-notes/
│   │   │   └── .htaccess  # Denies direct access
│   │   ├── certifications/
│   │   │   └── .htaccess  # Denies direct access
│   │   ├── gdpr/
│   │   │   └── .htaccess  # Denies direct access
│   │   └── ...            # Other upload subdirectories
│   ├── extensions/        # Platform extensions
│   │   └── .htaccess      # Denies direct access
│   ├── mysql/             # MariaDB database files
│   └── mysql-logs/        # Database query and error logs

The docker-data/ directory contains your database, uploads, and secrets — all specific to your installation. Back it up regularly.

Data persistence

All data in docker-data/ is stored on your host filesystem. This means:

Container rebuilds do not affect your data — updating the PropOps image does not touch uploads, database, or configuration.
Image updates do not overwrite your .env or uploaded files.
Backing up is straightforward — copy the docker-data/ directory to capture everything.

Services

Docker Compose starts three services:

Service	Image	Port	Purpose
`web`	`ghcr.io/propops-technologies-ltd/propops-web`	`8080` → `80`	PHP 8.5 / Apache — the PropOps application
`db`	`mariadb:10.11`	`3306`	MariaDB database server
`phpmyadmin`	`phpmyadmin/phpmyadmin`	`8081` → `80`	Web-based database management

Do not expose port 3306 (MariaDB) or 8081 (phpMyAdmin) to the internet in production. See Configuration for firewall and reverse proxy setup.

Documentation Index

​Installation

​Prerequisites

​Install PropOps

​Set up a domain proxy in Plesk

​What happens on first boot

​1. Environment file created

​2. Encryption keys generated

​3. Database initialised

​4. Upload directories created

​5. Security rules applied

​6. Admin account seeded

​Directory structure

​Data persistence

​Services

Installation

Prerequisites

Install PropOps

Set up a domain proxy in Plesk

What happens on first boot

1. Environment file created

2. Encryption keys generated

3. Database initialised

4. Upload directories created

5. Security rules applied

6. Admin account seeded

Directory structure

Data persistence

Services