Groly

Overview

Groly – Mobile-first grocery list, health & lifestyle tracker, and meal planner for self-hosting. Designed for families and small teams. The entire UI is built from the bottom up for mobile — bottom navigation, large tap targets, swipe gestures. Install it as a PWA on iOS and Android for the full experience. No self-registration — the admin invites users via a one-time link (Menu → Users → Add User), and the user sets their own password. Features: Shared lists with real-time sync · Offline-first · Barcode scanner · Push notifications · Supplement tracker with nutrient totals, stock tracking & reminders · Water tracker with daily goal · Caffeine tracker with drink catalog & daily limit · Mood tracker with history & daily reminders · Meditation timer with history & daily reminders · Recipes (import by URL) · Weekly meal planner · Category sorting · Location-based list opening ⚠️ HTTPS is required. Without HTTPS the following features will NOT work: offline mode, PWA installation, push notifications, barcode scanner, and location-based opening. Use a reverse proxy (Nginx Proxy Manager, Caddy, Traefik) or Tailscale to get HTTPS — even on a local network. Push notifications (optional): The VAPID keys (VAPID_PUBLIC_KEY, VAPID_PRIVATE_KEY, PUBLIC_VAPID_PUBLIC_KEY, VAPID_SUBJECT) are only needed if you want push notifications on iOS and Android. You can leave them empty to start — push can be enabled later in Settings. Documentation & setup guide: https://github.com/peterthepeter/groly

Runtime arguments

Web UI: http://[IP]:[PORT:3000]/
Network: bridge
Shell: sh
Privileged: false

Template configuration

WebUI PortPorttcp

Port for the Groly web interface.

Target: 3000
Default: 3000
Value: 3000

Data PathPathrw

Directory where the SQLite database is stored. The container runs as UID/GID 1000 — make sure this path is owned by user 1000 (run: chown -R 1000:1000 /mnt/user/appdata/groly).

Target: /app/data
Default: /mnt/user/appdata/groly
Value: /mnt/user/appdata/groly

ORIGINVariable

Full HTTPS URL of your Groly instance, e.g. https://groly.example.com or your Tailscale hostname. Required — HTTPS is mandatory for offline mode, push notifications, and the barcode scanner.

ADMIN_USERNAMEVariable

Username for the initial admin account. Only used on first start. Can be safely deleted from the container afterwards — it is also the user that ADMIN_PASSWORD_RESET will reset if you ever forget your admin password.

Default: admin
Value: admin

ADMIN_PASSWORDVariable

Password for the initial admin account. ONLY used on first start (when no users exist yet). After first start this variable is ignored and can — and should — be deleted from the container template for security. If you ever forget the admin password, use ADMIN_PASSWORD_RESET below instead.

ADMIN_PASSWORD_RESETVariable

Emergency password reset for the user defined in ADMIN_USERNAME. Leave EMPTY in normal operation. Only set this if you have forgotten your admin password: enter a new password, restart the container, log in, then DELETE this variable. While set, the password is reset on every container start and all existing sessions are invalidated.

ADDRESS_HEADERVariable

Only fill this in if Groly is running behind a reverse proxy (Nginx Proxy Manager, Caddy, Traefik) — set it to X-Forwarded-For. Leave empty if you access Groly directly. Setting this without a reverse proxy will cause login to fail.

VAPID_PUBLIC_KEYVariable

VAPID public key for push notifications (optional). Generate a key pair once with: node -e "const wp=require('web-push'); const k=wp.generateVAPIDKeys(); console.log(JSON.stringify(k,null,2))"

VAPID_PRIVATE_KEYVariable

VAPID private key for push notifications (optional). Must match VAPID_PUBLIC_KEY.

PUBLIC_VAPID_PUBLIC_KEYVariable

Must be the same value as VAPID_PUBLIC_KEY. Required for push notifications.

VAPID_SUBJECTVariable

A https:// URL or mailto: address for VAPID identification (e.g. https://your-domain.com). Required for push notifications. Must not be a .local domain.