Skip to content
Klutch.sh Docs

Deploying a Kimai App

Introduction

Kimai is an open-source time-tracking application built with Symfony and PHP. Deploying Kimai with a Dockerfile on Klutch.sh delivers reproducible builds, managed secrets, and persistent storage for uploads and cache—all managed from klutch.sh/app. This guide covers installation, repository prep, a production-ready Dockerfile, deployment steps, Nixpacks overrides, and best practices for reliable time tracking.

Prerequisites

  • A Klutch.sh account (create one)
  • A GitHub repository containing your Kimai code/config (GitHub is the only supported git source)
  • Docker familiarity and PHP 8.1+ knowledge
  • Database credentials (MySQL/MariaDB) and optional Redis for caching
  • Storage for uploads and logs

For onboarding, see the Quick Start.

Architecture and ports

  • Kimai serves HTTP; set the internal container port to 8001 (Kimai’s default when using PHP built-in server; adjust if using Apache/Nginx). This guide uses 8001.
  • For MySQL/MariaDB, create a separate Klutch.sh TCP app exposed on port 8000, connecting internally on 3306.
  • Persistent storage is required for /opt/kimai/var/data (uploads) and recommended for cache/logs.

Repository layout

kimai/
├── public/                 # Web root
├── var/                    # Cache, logs, data (mount as needed)
├── Dockerfile              # Must be at repo root for auto-detection
├── composer.json
├── composer.lock
└── .env.example            # Template only; no secrets

Keep secrets out of Git; store them in Klutch.sh environment variables.

Installation (local) and starter commands

Install dependencies and run locally before pushing to GitHub:

Terminal window
composer install --no-dev --optimize-autoloader
bin/console kimai:reset-password admin new-strong-pass
symfony server:start --port=8001

Optional helper start.sh for portability and Nixpacks fallback:

#!/usr/bin/env bash
set -euo pipefail
bin/console kimai:reset-password admin "${KIMAI_ADMIN_PASSWORD:-changeme}"
exec symfony server:start --port=8001 --no-tls

Make it executable with chmod +x start.sh.

Dockerfile for Kimai (production-ready)

Place this Dockerfile at the repo root; Klutch.sh auto-detects it (no Docker selection in the UI):

FROM php:8.2-apache


RUN apt-get update && apt-get install -y \
    libpng-dev libjpeg-dev libfreetype6-dev libzip-dev libicu-dev libonig-dev libxml2-dev git unzip \
    && docker-php-ext-configure gd --with-freetype --with-jpeg \
    && docker-php-ext-install pdo_mysql gd intl zip opcache \
    && a2enmod rewrite \
    && rm -rf /var/lib/apt/lists/*


WORKDIR /opt/kimai


COPY . /opt/kimai


RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \
    composer install --no-dev --optimize-autoloader && \
    chown -R www-data:www-data /opt/kimai


ENV PORT=8001


EXPOSE 8001
CMD ["apache2-foreground"]

Notes:

  • Adjust to use PHP-FPM + Nginx if preferred; keep PORT consistent with your start command.
  • Ensure writable permissions for var/ directories used by Kimai.

Environment variables (Klutch.sh)

Set these in the Klutch.sh app settings (Secrets tab) before deploying:

  • PORT=8001
  • DATABASE_URL=mysql://<user>:<password>@<host>:<port>/<db>
  • APP_ENV=prod
  • APP_SECRET=<secure-app-secret>
  • TRUSTED_PROXIES=0.0.0.0/0
  • TRUSTED_HOSTS=example-app.klutch.sh
  • MAILER_DSN=<mailer-dsn> (if sending emails)
  • KIMAI_ADMIN_PASSWORD=<strong-password> (used in start/reset)

If you deploy without the Dockerfile and need Nixpacks overrides:

  • NIXPACKS_BUILD_CMD=composer install --no-dev --optimize-autoloader
  • NIXPACKS_START_CMD=php -S 0.0.0.0:8001 -t public
  • NIXPACKS_INSTALL_PKGS="php82 php82Extensions.pdo_mysql php82Extensions.intl php82Extensions.gd php82Extensions.zip"

These keep Kimai compatible with Nixpacks defaults when a Dockerfile is absent.

Attach persistent volumes

In Klutch.sh storage settings, add mount paths and sizes (no names required):

  • /opt/kimai/var/data — uploads and exported reports.
  • /opt/kimai/var/cache — optional cache to speed reloads.
  • /opt/kimai/var/log — optional logs if you persist them locally.

Ensure these paths are writable inside the container.

Deploy Kimai on Klutch.sh (Dockerfile workflow)

  1. Push your repository (with the Dockerfile at the root) to GitHub.
  2. Open klutch.sh/app, create a project, and add an app.
  1. Connect the GitHub repository; Klutch.sh automatically detects the Dockerfile.
  2. Choose HTTP traffic for Kimai.
  3. Set the internal port to 8001.
  4. Add the environment variables above (database URL, app secret, mailer, and any NIXPACKS_* overrides if you temporarily deploy without the Dockerfile).
  5. Attach persistent volumes for /opt/kimai/var/data (and /opt/kimai/var/cache or /opt/kimai/var/log if used), choosing sizes that match your storage needs.
  6. Deploy. Your Kimai instance will be reachable at https://example-app.klutch.sh; attach a custom domain if desired.

For MySQL/MariaDB on Klutch.sh, create a separate TCP app, expose it on port 8000, and point DATABASE_URL to that endpoint (internal port 3306).

Sample configuration snippet

Add a config/packages/prod/kimai.yaml snippet for trusted proxies/hosts:

framework:
  trusted_proxies: "%env(TRUSTED_PROXIES)%"
  trusted_hosts: "%env(TRUSTED_HOSTS)%"

Health checks and production tips

  • Use a reverse proxy probe on / or /favicon.ico to verify availability.
  • Enforce HTTPS at the edge; forward HTTP to port 8001 internally.
  • Keep dependencies and image tags pinned; upgrade intentionally.
  • Monitor disk usage on /opt/kimai/var/data and resize before it fills.
  • Back up your database and uploads regularly; do not rely on container filesystems for durability.

Kimai on Klutch.sh combines reproducible Docker builds with managed secrets, persistent storage for uploads, and flexible HTTP/TCP routing. With the Dockerfile at the repo root and ports set to 8001 for the app (8000 externally for TCP databases), you can deliver dependable time tracking without extra YAML or workflow overhead.