Docmost on Ubuntu 24.04 on Azure User Guide
Overview
Docmost is an open source collaborative wiki and documentation platform, an alternative to Confluence and Notion. It organises knowledge into workspaces, spaces and nested pages, edited in a rich real time collaborative editor with comments, permissions, labels and full text search, all through a modern web interface. The cloudimg image runs Docmost the officially supported way, as the upstream container alongside a bundled PostgreSQL and Redis, orchestrated by Docker Compose under systemd and fronted by nginx. Every image is pinned by digest and captured into the VM, so your instance starts in seconds. A unique workspace owner administrator, application secret, database password and cache password are generated for each VM on first boot, before the port is reachable, and the workspace owner is pre seeded so nobody can claim your instance before you sign in. Backed by 24/7 cloudimg support.
Docmost is a trademark of its respective owner. This image is produced by cloudimg and is not affiliated with, endorsed by, or sponsored by Docmost. It ships the free and open source AGPL 3.0 self hosted Community core, unmodified.

What is included:
- Docmost v0.95.0 (the AGPL 3.0 self hosted Community core), pinned by image digest
- A bundled PostgreSQL 16 database and a bundled Redis, both pinned by image digest and reachable only inside a private Docker network (never published to a host port)
- Docker Engine (Docker CE) with Docmost published to the loopback interface only, fronted by nginx on port
80 docmost.service,docmost-firstboot.serviceandnginx.serviceas systemd units, enabled and active on boot- A unique application secret, database password, cache password and a pre seeded workspace owner administrator generated per VM on first boot, never baked into the image
- A clean, empty workspace on first boot: no default account, no shipped secret, no prior data
- 24/7 cloudimg support
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; increase the size for larger teams and larger documents. NSG inbound: allow 22/tcp from your management network and 80/tcp (and 443/tcp once you add TLS) for the web interface. Docmost serves plain HTTP on port 80; for production, put it behind TLS with your own domain (see the final section).
Step 1 - Deploy from the Azure Marketplace
- In the Azure portal, choose Create a resource and search the Marketplace for the cloudimg Docmost offer.
- Select the plan, then Create.
- On the Basics tab pick your subscription, resource group and region, name the VM, and select Standard_B2s (or larger).
- Choose SSH public key authentication with admin username
azureuserand provide your public key. - On the Networking tab, allow inbound
22/tcpfrom your management network and80/tcpfor the web interface. - Review and create. When the VM is running, note its public IP address.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group my-docmost-rg \
--name docmost \
--image cloudimg:docmost:default:latest \
--size Standard_B2s \
--admin-username azureuser \
--generate-ssh-keys \
--public-ip-sku Standard
Open the ports the web interface needs (SSH is opened by default):
az vm open-port --resource-group my-docmost-rg --name docmost --port 80 --priority 900
Step 3 - Connect to your VM
Replace <vm-ip> with your VM's public IP address:
ssh azureuser@<vm-ip>
Step 4 - Confirm the services are running
Docmost, its bundled PostgreSQL and Redis, and nginx all come up automatically on first boot. Confirm they are active:
sudo systemctl is-active docker docmost nginx
Expected output:
active
active
active
The stack runs as three containers on a private Docker network. PostgreSQL and Redis are never published to a host port; only Docmost is published, and only to the loopback interface, with nginx in front on port 80.

Step 5 - Secure by default: the workspace owner is pre seeded
A fresh Docmost instance has no workspace, and the very first account created becomes the workspace owner. On a public server that is a risk: whoever reaches the setup page first would own your instance. The cloudimg image closes this. On first boot, before the port is reachable, a unique workspace owner administrator is created with a per VM password, so the workspace is already claimed. After that, setup is permanently blocked and self hosted Docmost has no open sign up: new members join by invitation only.
You can see the whole posture at a glance. A login with a blank or wrong password is rejected, only the per VM admin password is accepted, and a second attempt to run setup is refused because the workspace already exists:

Read your unique credentials (they are written to a root only file):
sudo cat /root/docmost-credentials.txt
The file holds the workspace URL, the admin email (admin@docmost.local) and the per VM admin password. Keep it safe.

Step 6 - Sign in to Docmost
Open http://<vm-ip>/ in your browser. You are met with the Docmost login screen: there is no anonymous access. Sign in with the admin email and the password from the credentials file.

Step 7 - Explore the workspace
After signing in you land on the workspace home. From here you can see the spaces you belong to, the pages you recently updated, and jump straight to full text search. The left sidebar is your home for spaces, favorites, templates, inviting people and settings.

Step 8 - Create spaces and pages
A space is a container for related pages, with its own members and permissions: use one per team, project or knowledge area. Inside a space, pages nest to any depth and reorder by drag and drop. The editor is a rich, real time collaborative editor: type / for a menu of headings, lists, tables, code blocks, callouts, images and diagrams, and everyone editing a page sees each other's changes live.

Step 9 - Check the stack health from the command line
Docmost exposes an unauthenticated liveness endpoint that reports whether the database and cache are reachable. It is handy for monitoring:
curl -s http://127.0.0.1/api/health
Expected output (a healthy stack):
{"status":"ok","info":{"database":{"status":"up"},"redis":{"status":"up"}},"error":{},"details":{"database":{"status":"up"},"redis":{"status":"up"}}}

Step 10 - Invite your team
Because self hosted Docmost is invitation only, add colleagues from Settings, Members while signed in as the workspace owner. Invited members set their own password when they accept, and you assign them a workspace role and add them to the spaces they need.
Step 11 - Production: your own domain with TLS
Docmost serves plain HTTP on port 80. For production, point a DNS record at the VM, put Docmost behind TLS, and set the application URL to your https domain so links and the collaborative editor use the right origin. A common approach is to add a certificate to nginx with Certbot:
sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d docs.example.com
Then edit APP_URL in /etc/docmost/docmost.env to https://docs.example.com and restart the stack with sudo systemctl restart docmost. See the Docmost documentation for the full production checklist.
Support
Every cloudimg image includes 24/7 support. If you have any questions about deploying or operating Docmost on Azure, contact the cloudimg team through the Azure Marketplace listing or at www.cloudimg.co.uk.