Grocy is an Enterprise Resource Planning (ERP ) application centered around home management. Essentially, it’s a web-based self-hosted grocery and household management solution. It has features such as:

  • Tracking grocery purchases
  • Automating grocery lists by tracking inventory and keeping track of frequently purchased items
  • Optimizing shopping by grouping items together in the same parts of the store
  • Manage recipes
  • Meal planning
  • Track household equipment and appliances
  • Track chores and tasks

I first tried the Docker version of Grocy, but I couldn’t get it to work correctly. It uses a similar set up as Nextcloud in that it uses PHP fastcgi and needs nginx between the grocy container and nginx-ingress for the SSL certificates in order to serve static content. The difference is that uses nginx image specific to Grocy so that the static content is in the image rather than utilizing a shared persistent volume as I did with Nextcloud. I’m not sure, but it appears that the image relies on fetching code from Github and didn’t appear to have everything in the pre-built image. This, in my opinion, makes no sense and may have been built by someone who didn’t understand Docker’s architecture.

Fortunately, I’ve long known about and their awesome standardize images. For example, they always mount the configuration files for persistent volumes at /config. The Linuxserver Grocy image was much simpler to deploy and had everyting in a single image.


Grocy will get it’s own namespace called, unimaginatively, grocy.


A persistent volume will be needed for Grocy’s database and other configuration files.

  • Add persistent volume
  • Name - grocy-db
  • Volume plugin - NFS Share
  • Capacity - 10GB
  • Path - /Container/grocy-db
  • Server -
  • Access modes - Many Nodes Read-Write

The grocy workload will look like:

  • Name - grocy
  • Docker Image - linuxserver/grocy:amd64-v2.7.1-ls58 (as of this post)
  • Namespace - grocy
  • Port - grocy-web,80,ClusterIP (internal only)
  • Persistent volume - new perisstent volume claim for grocy-db mounted at /config

The ingress will look like:

  • Name - grocy
  • Namespace - grocy
  • Specify hostname - grocy.domain.tld
  • Target - grocy:80
  • Certificate - grocy.domain.tld
  • Annotation - = letencrypt

Then need to edit the yaml to specify the secret name.

That’s it, go to https://grocy.domain.tld and login with username admin and password admin. Make sure to change that password!

I would like to integrate this with Keycloak or LDAP for managing users so I will see how that goes.