docker-drawio: Secure, Dockerized draw.io for Diagramming

docker-drawio: Secure, Dockerized draw.io for Diagramming

Summary

docker-drawio provides a secure, Dockerized implementation of the popular draw.io diagramming software. It offers various deployments, including a standalone server, an export server, and integrations with platforms like Nextcloud. This project ensures you always run draw.io on the most secure base image available.

Repository Info

Updated on December 24, 2025
View on GitHub

Tags

Dockerdraw.ioDiagrammingContainerizationShellSelf-hostedProductivityOpen Source

Click on any tag to explore related repositories

Introduction

docker-drawio offers a robust and secure Dockerized solution for running draw.io, a widely-used whiteboarding and diagramming software application. This project provides several Docker implementations and associated tools, ensuring flexibility and ease of deployment. It includes a draw.io Docker image that stays current with releases, an export server image for converting diagrams to PDF and images, and docker-compose setups for various scenarios, such as running draw.io with the export server, integrating with Nextcloud, or a self-contained version with Google Drive, OneDrive, and EMF conversion support. The project prioritizes security, building from tomcat:9-jre11 and consistently using the Tomcat image with the fewest security vulnerabilities.

Installation

Getting docker-drawio up and running is straightforward. You can quickly launch a container with the following command:

docker run -it --rm --name="draw" -p 8080:8080 -p 8443:8443 jgraph/drawio

Once the container is running, access draw.io through your web browser:

If you are using Docker Toolbox, replace localhost with 192.168.99.100. The ?offline=1 parameter is a security feature that disables cloud storage support.

Examples

A practical example of docker-drawio's capabilities is setting up HTTPS SSL certificates via Let's Encrypt. This requires a Linux machine with ports 80 and 443 open, and a domain name pointing to its IP address.

First, create directories to store Let's Encrypt data, for instance:

  • /opt/docker/drawiodata/letsencrypt-log
  • /opt/docker/drawiodata/letsencrypt-etc
  • /opt/docker/drawiodata/letsencrypt-lib

Then, run the jgraph/drawio Docker image with the appropriate volume mappings and environment variables:

docker run -it -m1g \
  -v "/opt/docker/drawiodata/letsencrypt-log:/var/log/letsencrypt/" \
  -v "/opt/docker/drawiodata/letsencrypt-etc:/etc/letsencrypt/" \
  -v "/opt/docker/drawiodata/letsencrypt-lib:/var/lib/letsencrypt" \
  -e LETS_ENCRYPT_ENABLED=true \
  -e PUBLIC_DNS=drawio.example.com \
  --rm --name="draw" -p 80:80 -p 443:8443 jgraph/drawio

This command maps port 80 for Certbot's standalone mode and port 443 to the container's 8443 for Tomcat to serve HTTPS requests directly. You can also customize draw.io configuration using DRAWIO_* environment variables, enabling integrations with services like Google Drive or OneDrive.

Why Use docker-drawio?

docker-drawio stands out for several key reasons:

  • Security-Focused: It's built on a tomcat:9-jre11 base image, chosen for its minimal security vulnerabilities, and is consistently updated to maintain this standard.
  • Always Up-to-Date: The project ensures you're always running the latest draw.io releases.
  • Flexible Deployment: Based on Tomcat, it can be deployed directly or behind a reverse-proxy, fitting various infrastructure needs.
  • SSL/TLS Support: Features include automatic generation of self-signed certificates and seamless integration with Let's Encrypt for trusted SSL. It also supports mounting custom SSL Keystores.
  • Rich Integrations: Offers docker-compose setups for integration with Nextcloud, Google Drive, OneDrive, and includes an export server for various diagram formats.

Links