LAN only Access using Docker image

Hello, complete noob here so appologies if the answer to this is obvious or if I am misunderstanding something:

I'd like to use Joplin hosted within my LAN on a ubuntu machine running Docker, but would like to only allow data sync for clients (ios and windows) when they are connected to the LAN (ie no acces to Joplin server from the WAN).

Do I need to implement a reverse proxy in this case or is there another (easier?) way to achieve the connection between client and server?



In this case you don't need to a thing, with this setup, by definition, your server would be available only on LAN.

Thanks for the reply!

I installed the container, and am having an issue in that I get "invalid origin: hostname:22300" when attempting to access the site.

Sounds like a similar issue to this issue in the forum: new-install-invalid-origin-error/17891

This is the compose file. BTW I have tried several different APP_BASE_URL formats (host name host ip etc) all with similar results.

Thanks again

version: 2

image: postgres:latest
container_name: postgres
- /volume1/docker/joplin:/var/lib/postgresql/data
- "5435:5432"
restart: unless-stopped
- POSTGRES_DB=joplin
image: joplin/server:latest
- db
- "22300:22300"

    restart: unless-stopped
        - APP_BASE_URL=
        - DB_CLIENT=pg
        - POSTGRES_PASSWORD=joplin
        - POSTGRES_DATABASE=joplin
        - POSTGRES_USER=joplin
        - POSTGRES_PORT=5432
        - POSTGRES_HOST=db

APP_BASE_URL needs to match the URL you use to access the service. So if you access it using "hostname:22300" and APP_BASE_URL is set to "" it won't work. Instead you need to set APP_BASE_URL to eg "hostname:22300"

And make sure any reverse proxy probably forwards headers and origin.

Thanks Laurent! I had already tried that, but always get the Invalid Origin message....

Do I need to use a reverse proxy if I'm only going to allow sync while clients are connect in the LAN or is there a way around that (eg disabling origin check)?

Thanks again

If that's the case, just use a local proxy config with Nginx (or Apache, or.. :)). It's no big deal just pay attention to forwarding both the headers and the origin.

I'm not sure I get the problem. If it's only available on your local network, then you access it with an address such as, so just set APP_NAME to that same value?

It's basically like when I run in it dev mode. In that case I access it using http://localhost:22300

I'm not sure, either as you don't need a proxy or even an "external" web server for that to work. If you set Joplin Server up correctly, it should work right out of the box in the current state.


I just noticed a potential issue:

You shoudn't include /joplin, just the local IP or localhost (Joplin will append the rest).

Many thanks for everyone's help.

So I got it working with a windows client first by using APP_BASE_URL=http://joplin.home:22300 and adding a static hostname to the hosts on my DNS server. That worked for Windows clients in the LAN.

Th iOS app would not work with that url however - when testing the connection in the app settings it just said "please wait". After many attempts I entered the url in the form http :// and got a dialog from iOS asking if I want to permit the app to access to local network (that was not asked when the hostname was in the URL). Despite agreeing it didnĀ“t work but I realised that the issue must have to do with local dns resolution on iOS.

Changed the APP_BASE_URL=http :// and pointed all client to that address and it works.

Thanks again for your help

I'd imagine that if you updated the iOS client to now use the http://joplin.home address it would work since you've granted the app access to the local LAN network. Just a guess. The reasoning behind this would then mean if you had to move the instance to a new IP address, you could do so without needing to update the config on any of the devices.

So the process would be: give Joplin on iOS the 192.x.x.x address once, just to get it to prompt for LAN access, then regardless if that would work or not, change it to the local DNS name you have assigned for it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.