Configuration¶
Fleet configuration is generated at container start from a small, focused set of environment variables. The database, Redis, and Fleet endpoints are handled internally to keep setup minimal.
Warning
FLEET_PASSWORD is used internally for MySQL and Redis. It is not your Fleet web UI login password. After the database is initialized, changing this value can break access unless you also update the credentials stored in the database.
Warning
FLEET_SERVER_PRIVATE_KEY is required for this image to start and is used to encrypt MDM data. Keep it stable across restarts. Changing it can break access to existing MDM data.
Required¶
| Variable | Purpose | Example |
|---|---|---|
FLEET_PASSWORD |
Single password for MySQL + Redis | change-me |
FLEET_SERVER_PRIVATE_KEY |
Server private key (32+ bytes) | openssl rand -base64 32 |
Optional¶
| Variable | Purpose | Default |
|---|---|---|
FLEET_LICENSE_KEY |
Fleet Premium license | empty |
FLEET_SERVER_TLS |
Enable TLS (true/false) |
false |
FLEET_SERVER_CERT |
TLS certificate path | empty |
FLEET_SERVER_KEY |
TLS key path | empty |
TZ |
Container timezone | Etc/UTC |
PUID / PGID |
File ownership for /data |
1000 / 1000 |
UMASK |
Default file permissions | 022 |
File-based secrets (optional)¶
Load any variable from a file by prefixing it with FILE__:
-e FILE__FLEET_PASSWORD=/run/secrets/fleet_password
The container reads the file and sets FLEET_PASSWORD automatically.
Where does /run/secrets/... come from?
- Docker Compose: mount a secret at
/run/secrets/<name>. - Docker run: bind‑mount a local file into
/run/secrets/<name>.
Example (docker run):
docker run -d \
-v /path/to/fleet_password:/run/secrets/fleet_password:ro \
-e FILE__FLEET_PASSWORD=/run/secrets/fleet_password \
cbnventures/fleet:latest
Notes¶
- Keep the Fleet port at 1337. If you need a different host port, change the port mapping (
-p 8080:1337). - For TLS + MDM setup, see TLS & MDM.