docker-drawio: Secure, Dockerized draw.io for Diagramming

This repository profile is provided by osrepos.com, an open source repository discovery platform.

docker-drawio: Secure, Dockerized draw.io for Diagramming

Summary

docker-drawio provides a secure, Dockerized implementation of the popular draw.io diagramming software. It offers various deployments, including a standalone server, an export server, and integrations with platforms like Nextcloud. This project ensures you always run draw.io on the most secure base image available.

Repository Information

Analyzed by OSRepos on December 24, 2025

Topics

Click on any tag to explore related repositories

Use at your own risk

OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of code from these repositories is the user's own responsibility. Always review the repository, source code, dependencies, licenses, and security implications before running or installing anything. OSRepos is not responsible for issues, damages, or losses resulting from third-party repositories.

Introduction

docker-drawio offers a robust and secure Dockerized solution for running draw.io, a widely-used whiteboarding and diagramming software application. This project provides several Docker implementations and associated tools, ensuring flexibility and ease of deployment. It includes a draw.io Docker image that stays current with releases, an export server image for converting diagrams to PDF and images, and docker-compose setups for various scenarios, such as running draw.io with the export server, integrating with Nextcloud, or a self-contained version with Google Drive, OneDrive, and EMF conversion support. The project prioritizes security, building from tomcat:9-jre11 and consistently using the Tomcat image with the fewest security vulnerabilities.

Installation

Getting docker-drawio up and running is straightforward. You can quickly launch a container with the following command:

docker run -it --rm --name="draw" -p 8080:8080 -p 8443:8443 jgraph/drawio

Once the container is running, access draw.io through your web browser:

If you are using Docker Toolbox, replace localhost with 192.168.99.100. The ?offline=1 parameter is a security feature that disables cloud storage support.

Examples

A practical example of docker-drawio's capabilities is setting up HTTPS SSL certificates via Let's Encrypt. This requires a Linux machine with ports 80 and 443 open, and a domain name pointing to its IP address.

First, create directories to store Let's Encrypt data, for instance:

  • /opt/docker/drawiodata/letsencrypt-log
  • /opt/docker/drawiodata/letsencrypt-etc
  • /opt/docker/drawiodata/letsencrypt-lib

Then, run the jgraph/drawio Docker image with the appropriate volume mappings and environment variables:

docker run -it -m1g \
  -v "/opt/docker/drawiodata/letsencrypt-log:/var/log/letsencrypt/" \
  -v "/opt/docker/drawiodata/letsencrypt-etc:/etc/letsencrypt/" \
  -v "/opt/docker/drawiodata/letsencrypt-lib:/var/lib/letsencrypt" \
  -e LETS_ENCRYPT_ENABLED=true \
  -e PUBLIC_DNS=drawio.example.com \
  --rm --name="draw" -p 80:80 -p 443:8443 jgraph/drawio

This command maps port 80 for Certbot's standalone mode and port 443 to the container's 8443 for Tomcat to serve HTTPS requests directly. You can also customize draw.io configuration using DRAWIO_* environment variables, enabling integrations with services like Google Drive or OneDrive.

Why Use docker-drawio?

docker-drawio stands out for several key reasons:

  • Security-Focused: It's built on a tomcat:9-jre11 base image, chosen for its minimal security vulnerabilities, and is consistently updated to maintain this standard.
  • Always Up-to-Date: The project ensures you're always running the latest draw.io releases.
  • Flexible Deployment: Based on Tomcat, it can be deployed directly or behind a reverse-proxy, fitting various infrastructure needs.
  • SSL/TLS Support: Features include automatic generation of self-signed certificates and seamless integration with Let's Encrypt for trusted SSL. It also supports mounting custom SSL Keystores.
  • Rich Integrations: Offers docker-compose setups for integration with Nextcloud, Google Drive, OneDrive, and includes an export server for various diagram formats.

Links

Related repositories

Similar repositories that may be relevant next.

Soketi: A Fast, Pusher-Compatible WebSockets Server for Real-Time Apps

Soketi: A Fast, Pusher-Compatible WebSockets Server for Real-Time Apps

May 15, 2026

Soketi is a next-generation, open-source WebSockets server designed for real-time applications. It offers Pusher compatibility, making it easy to integrate into existing projects. Built for speed and resilience, Soketi provides a cost-effective and scalable solution for handling thousands of active connections.

TypeScriptWebSocketsPusher
Cruise: Intuitive TUI for Container Management with Go and Bubbletea

Cruise: Intuitive TUI for Container Management with Go and Bubbletea

May 14, 2026

Cruise is a powerful, intuitive, and fully-featured TUI (Terminal User Interface) for managing containers, built with Go and Bubbletea. It offers a visually rich, keyboard-first experience for managing containers, images, volumes, networks, logs, and more, all from your terminal. This tool simplifies repetitive tasks and enhances your development workflow by providing a centralized, interactive management service.

GoTUIContainer Management
immich-drop: A Zero-Login Web App for Collecting Photos to Immich

immich-drop: A Zero-Login Web App for Collecting Photos to Immich

May 10, 2026

immich-drop is a lightweight web application designed to simplify collecting photos and videos from various sources directly into your Immich server. It provides a secure, zero-login interface for guests to upload media via invite links, ensuring privacy and efficient organization. This tool is ideal for anyone looking to gather media from friends, family, or events without requiring them to have an Immich account.

ImmichPhoto ManagementSelf-hosted
reubah: A Web-Based Universal File Converter and Image Processor

reubah: A Web-Based Universal File Converter and Image Processor

March 4, 2026

reubah is an intuitive web-based tool designed for efficient image processing and document conversion. It offers a simple interface to handle a wide array of file formats, providing features like dark mode and batch processing. This versatile application ensures isolated processing and immediate delivery without storing user files.

HTMLWeb ToolImage Processing

Source repository

Open the original repository on GitHub.

6 counted GitHub visits

View on GitHub
OS
OSRepos

Analysis and discovery of open source repositories. Find interesting projects and follow their updates.

Monitor your website with YourWebsiteScore

OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of third-party repository code is at your own risk. Always review source code, dependencies, licenses, and security implications before running anything.

© 2025 OSRepos. Built with Nuxt 3 and lots of ❤️