Self-Hosting draw.io with Docker Compose

By Alex Thornton photo-editing-design Updated:

What Is draw.io?

draw.io (also known as diagrams.net) is an open-source diagramming tool for creating flowcharts, network diagrams, UML models, org charts, and virtually any kind of visual diagram. It replaces cloud tools like Lucidchart, Visio, and Miro for technical diagramming. Self-hosting gives you full control over your data — diagrams never leave your server.

Updated February 2026: Verified with latest Docker images and configurations.

Prerequisites

  • A Linux server (Ubuntu 22.04+ recommended)
  • Docker and Docker Compose installed (guide)
  • 512 MB of free RAM (very lightweight)
  • A domain name (optional, for remote access)

Docker Compose Configuration

Create a docker-compose.yml file:

services:
  drawio:
    image: jgraph/drawio:29.6.1
    container_name: drawio
    restart: unless-stopped
    ports:
      - "8080:8080"     # HTTP access
      - "8443:8443"     # HTTPS access (self-signed cert)
    environment:
      DRAWIO_SELF_CONTAINED: "1"           # Enable local export + PlantUML
      DRAWIO_BASE_URL: "http://localhost:8080"  # Change to your domain
    healthcheck:
      test: ["CMD-SHELL", "curl -f http://localhost:8080 || exit 1"]
      interval: 90s
      timeout: 10s
      retries: 5
      start_period: 30s

No .env file is needed. draw.io requires zero environment variables for basic operation — the ones above are optional enhancements.

Start the stack:

docker compose up -d

Self-Contained Mode with Export Server

If you need server-side PDF/image export (for diagrams with mathematical typesetting) and PlantUML rendering, use the self-contained deployment:

services:
  drawio:
    image: jgraph/drawio:29.6.1
    container_name: drawio
    restart: unless-stopped
    ports:
      - "8080:8080"
      - "8443:8443"
    environment:
      DRAWIO_SELF_CONTAINED: "1"
      EXPORT_URL: "http://drawio-export:8000"
      PLANTUML_URL: "http://drawio-plantuml:8080"
      DRAWIO_BASE_URL: "http://localhost:8080"
    networks:
      - drawionet
    healthcheck:
      test: ["CMD-SHELL", "curl -f http://localhost:8080 || exit 1"]
      interval: 90s
      timeout: 10s
      retries: 5
      start_period: 30s

  drawio-export:
    # No versioned tags published — :latest is the only option
    image: jgraph/export-server:latest
    container_name: drawio-export
    restart: unless-stopped
    networks:
      - drawionet

  drawio-plantuml:
    # No versioned tags published — :latest is the only option
    image: jgraph/plantuml-server:latest
    container_name: drawio-plantuml
    restart: unless-stopped
    networks:
      - drawionet

networks:
  drawionet:
    driver: bridge

Initial Setup

  1. Open http://your-server-ip:8080 in your browser
  2. draw.io loads immediately — no account creation, no login, no setup wizard
  3. Start creating diagrams. Files save to your browser’s local storage by default
  4. Use File → Save as to download .drawio or .xml files to your machine

draw.io is a client-side application. The Docker container serves static files via Tomcat — there is no server-side state, no database, and no user accounts. Every diagram lives in the browser or as an exported file.

Configuration

Disable Cloud Storage Integrations

By default, draw.io offers Google Drive, OneDrive, and Dropbox integrations. On a self-hosted instance, these are disabled unless you configure OAuth credentials. If you want to explicitly hide them:

environment:
  DRAWIO_CONFIG: '{"settingsName":"draw.io","cloudStorageUnavailable":true}'

Custom Content Security Policy

If you need to restrict which external resources draw.io can load:

environment:
  DRAWIO_CSP_HEADER: "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; connect-src 'self'"

GitLab Integration

draw.io can save and load diagrams directly from GitLab repositories:

environment:
  DRAWIO_GITLAB_URL: "https://gitlab.example.com"
  DRAWIO_GITLAB_ID: "your-gitlab-app-id"
  DRAWIO_GITLAB_SECRET: "your-gitlab-app-secret"

Reverse Proxy

Most deployments should sit behind a reverse proxy for SSL termination rather than using draw.io’s built-in self-signed certificate.

Nginx Proxy Manager configuration:

  • Scheme: http
  • Forward Hostname/IP: drawio (or container IP)
  • Forward Port: 8080
  • Enable SSL via Let’s Encrypt

For other reverse proxy setups, see Reverse Proxy Setup.

Backup

draw.io has no server-side data to back up. All diagrams are either:

  • Stored in the user’s browser (localStorage)
  • Saved as .drawio / .xml files on the user’s machine
  • Stored in connected services (GitLab, Google Drive, etc.)

The Docker container itself is stateless. Rebuilding it from the same image gives you an identical instance.

For general backup strategies, see Backup Strategy.

Troubleshooting

draw.io Loads Slowly

Symptom: First load takes 10-15 seconds. Fix: This is normal for the initial load — the Tomcat JVM needs to warm up. Subsequent requests are fast. If it’s consistently slow, increase the container’s memory limit to 512 MB.

Export to PDF Not Working

Symptom: PDF export fails or produces blank output. Fix: Enable the self-contained deployment mode with the export server (see the Docker Compose above). The built-in export handles most formats, but mathematical typesetting and some advanced features need the dedicated export server.

HTTPS Certificate Warnings

Symptom: Browser shows “Not Secure” or certificate warning on port 8443. Fix: The built-in HTTPS uses a self-signed certificate. Put draw.io behind a reverse proxy with a real SSL certificate instead of using port 8443 directly.

Blank Page After Update

Symptom: White screen after updating the Docker image. Fix: Hard refresh the browser (Ctrl+Shift+R) to clear cached JavaScript. draw.io is a client-side app, so stale browser cache is the most common issue after updates.

Resource Requirements

  • RAM: ~200 MB (Tomcat JVM baseline)
  • CPU: Minimal — all rendering happens client-side in the browser
  • Disk: ~400 MB for the Docker image, no persistent data

Verdict

draw.io is one of the simplest self-hosted apps you’ll ever deploy. No database, no configuration files, no user management — just a single Docker container serving a diagramming tool that rivals Lucidchart. If your team needs a private diagramming solution that never sends data to the cloud, this is it. The only thing it lacks compared to Excalidraw is the hand-drawn aesthetic — draw.io produces clean, precise diagrams where Excalidraw favors a sketchy whiteboard style.

Related Articles

compare

Excalidraw vs draw.io: Which Should You Self-Host?

Excalidraw vs draw.io compared: hand-drawn whiteboard vs precise diagramming. Docker setup, features, collaboration, and...

replace

Self-Hosted Alternatives to Lucidchart

Best self-hosted alternatives to Lucidchart: draw.io for full diagramming, Excalidraw for whiteboarding, Penpot for desi...

apps

Self-Hosting Excalidraw with Docker Compose

How to self-host Excalidraw with Docker Compose. A collaborative whiteboard that runs entirely in the browser — no serve...

apps

Self-Hosting Penpot with Docker Compose

Self-host Penpot with Docker Compose. An open-source Figma alternative with real-time collaboration, components, and SVG...

apps

How to Self-Host AFFiNE with Docker Compose

Deploy AFFiNE with Docker Compose — an open-source Notion and Miro alternative combining docs, whiteboards, and database...

compare

Excalidraw vs Penpot: Which Design Tool to Self-Host?

Excalidraw vs Penpot: Excalidraw is a lightweight whiteboard for quick sketches, Penpot is a full design platform. Which...

Read Next Excalidraw vs draw.io: Which Should You Self-Host?

Comments