By Malek Tellissi | May 29, 2025

How to set up Nightscout on a VPS using Docker and Caddy

And regain control over your diabetes using data.

At most of the time not my spikes..
At most of the time not my spikes.. Photo: Martin Martz / Unsplash

If you have diabetes type 1 like 8.4 million other people on this planet you may have one or plenty of reasons to use Nightscout. You can - and if everything written here is new - should do this by paying someone else. Or do it by yourself like I did.

I just leave this here for my notes. May it help someone else who wants to set up Nightscout Docker. Prerequisites: A server running

And a domain name.

For the server I use Hetzner (ref link) because they are cheap and reliable. You are free to choose another provider or even host Nightscout at home.

You need a domainname that points to your server IP. Choose whatever you like. I advise for some classic tlds like .com or .de because the fancier newish domain endings tend to raise up in price after some time.

After registering, you have to add two DNS-Resource-Records to your domain. An A-Record containing the IPv4-Adress from your server. You may see your server IP somewhere in the panel. And a IPv6-Adress if your hoster assigned one to you. Porkbun provides a how-to on their site. If you want to run Nightscout on whatever.yourfancydomain.com don't forget to add the whatever in the host field.

Then, you ssh into your server. Do updates and upgrades and then please set up ssh-keys, disable login via password and setup a firewall). After that install caddyserver on your server.

When you are done add this in your Caddyfile

whatever.yourfancydomain.com {
        reverse_proxy 127.0.0.1:1337
}

and reload caddyserver. Now you are ready to install docker. Before running the Nightscout container, you need to spin up a mongo database server. I did it like this:

docker run -d \
--name mongodbnightscout \
-e MONGO_INITDB_ROOT_USERNAME=diabetesmongo \
-e MONGO_INITDB_ROOT_PASSWORD=somedbpassword \
-p 27017:27017 \
mongo:latest

Then, you can pull the docker image and start Nightscout with the following command. I selected CONNECT_SHARE_REGION = ous because my Decom Clarity Account is eu-based so outside of the US. You may choose us if you are US-based. You probably don't need the bridge enviroment variables. You may remove the coresponding lines starting with BRIDGE. Set your timezone in the TZ-line, set your api secret (admin password instead of youradminpassword) and your hostname instead of whatever.yourfancydomain.com and then run your container using the following:

docker run -d \
-e TZ=Europe/Berlin \
-e ENABLE=connect \
-e CONNECT_SOURCE=dexcomshare \
-e CONNECT_SHARE_ACCOUNT_NAME=dexcomusername@emailadresse.com \
-e CONNECT_SHARE_PASSWORD=dexcompassword \
-e CONNECT_SHARE_REGION=ous \
-e API_SECRET=Pyouradminpassword \
-e MONGODB_URI=mongodb://diabetesmongo:somedbpassword@mongodbnightscout:27017/ \
-e AUTHORIZED=admin:youradminpassword  \
-e AUTH_DEFAULT_ROLES=denied  \
-e BRIDGE_USER_NAME=dexcomusername@emailadresse.com \
-e BRIDGE_PASSWORD=dexcompassword \
-e BRIDGE_INTERVAL=150000 \
-e BRIDGE_MAX_COUNT=1 \
-e BRIDGE_FIRST_FETCH_COUNT=3 \
-e BRIDGE_MAX_FAILURES=3 \
-e BRIDGE_MINUTES=1400 \
-l "traefik.http.routers.nightscout.rule=Host('whatever.yourfancydomain.com')" \
-l "traefik.http.routers.nightscout.tls.certresolver=le" \
-p 1337:1337 \
--link mongodbnightscout \
nightscout/cgm-remote-monitor:latest

That's all. Now you may login on whatever.yourfancydomain.com and start using your custom sugar api for fancy things like using a SugarPixel, LaMetric or monitor your blood sugar values on your grandmother's fridge. Happy hacking!

Malek Tellissi

Reads and writes