Skip to main content
Version: 5.2.3

Deploy Zealot with Docker guide

🔔 Strongly recommended to deploy Zealot using Docker, unless you are familiar with the technology stack for this service. The app protection policy settings for iOS/iPadOS devices, it needs a public network over SSL, free to use Let's Encrypt.

If you use a self-signed certificate you must install the self-signed certificate on each iOS device before installing any app.

Why support docker image only?​

Deploying a Rails-based application is incredibly complex, and even though you must install many dependenices, and you still need to worry how to launch and make it as a daemon to run in the background.

Software requirements​

  • Git 2.0+
  • Docker 20.10.0+
  • Docker Compose 1.28.0+

Install on Docker​

In the principle of one-click installation, but reality is often harsh, Zealot configuration is dependent on ENV environment variables, you need to configure it and then execute the one-click deployment generation script.

First you need to clone the deployment script, After entering the zealot-docker directory, you need to open the example.env file to configure the necessary parameters and then you can directly execute ./ script.

By default, the administrator account: and password ze@l0t (you can change it) and some demo applications will be generated.

$ git clone
$ cd zealot-docker
$ ./deploy

The one-click deployment generation script has three built-in templates by default:

  • Using Let's Encrypt SSL
  • Using Self-signed SSL
  • Using non-SSL (needs gateway or reverse proxy to manage SSL)

For those interested in one-click installation deployment scripts, you can check out the Deployment Documentation with Docker.


Let's Encrypt​

Best Choice

Step 1: Execute the deployment script:

$ ./deploy

Step 2: Check and configure the .env file, mainly whether ZEALOT_DOMAIN and ZEALOT_CERT_EMAIL are filled in correctly. Other parts can be adjusted according to the actual situation of the corresponding configuration

Step 3: Run the Zealot service:

$ docker-compose up -d

Reverse proxy controls SSL​

Check Reverse Proxies Guide page.

Self-signed untrust SSL​


This solution is not recommended under any circumstance if you can avoid it.

iOS devices have to manually install the self-signed certificate on their devices before the app can be installed properly and that must be done for any and all web services which the app uses a self-signed certificate.

If the domain name is unregistered, you need to tie the host to access it, usually by modifying the system's /etc/hosts file.

$ sudo vim /etc/hosts

And you need skip ssl verify to request the API.