Docker Quick Start

Get NewTon DC Tournament Manager running in Docker in under 2 minutes.

Quick Start

Prerequisites: Docker and Docker Compose installed. Don't have Docker? Download Docker Desktop (macOS/Windows) or install via your package manager (Linux).

Step 1: Download Configuration

# Create a directory for your tournament manager
mkdir newton-tournament
cd newton-tournament

# Download docker-compose.yml
curl -O https://raw.githubusercontent.com/skrodahl/NewTon/main/docker/docker-compose.yml

Step 2: Start the Container

docker compose up -d

Step 3: Access the Application

Open your browser and go to http://localhost:8080 — you should see the NewTon DC Tournament Manager.

Port 2020 = "Double 20" 🎯 — The container runs nginx on port 2020 internally. The default host port (8080) maps to this. This non-standard internal port also helps avoid conflicts when using a reverse proxy.

What Just Happened?

• ✅ Downloaded the pre-built image from Docker Hub
• ✅ Created persistent storage directories (tournaments/ and images/)
• ✅ Started nginx + PHP-FPM serving your tournament manager
• ✅ Made it accessible on port 8080

Configuration

This is the complete default docker-compose.yml. Inline comments explain each option.

services:
  newton-tournament:
    image: skrodahl/newton:latest
    # Alternative (GHCR): ghcr.io/skrodahl/newton:latest
    container_name: newton
    ports:
      - "${NEWTON_HOST_PORT:-8080}:2020"  # Change host port via env var or edit directly
    volumes:
      - ./tournaments:/var/www/html/tournaments  # Persistent tournament storage
      - ./images:/var/www/html/images:ro         # Custom logo and payment QR
      # - ./logs:/var/log/nginx                  # Optional: persist nginx logs
    restart: unless-stopped
    environment:
      - TZ=Europe/Oslo
      - NEWTON_API_ENABLED=true        # Set false to disable REST API (upload/download)
      - NEWTON_DEMO_MODE=false         # Set true to show privacy banner
      # - NEWTON_LANDING_PAGE=true     # Uncomment to show landing page at root URL
      # - NEWTON_BASE_URL=https://darts.example.com  # Canonical URL for Open Graph meta tags
      - NEWTON_GITHUB_URL=https://github.com/skrodahl/NewTon  # Link in demo banner

Persistent Storage

• ./tournaments — Stores tournament JSON files uploaded via the REST API. Persists across container restarts and updates.
• ./images — Custom logo and payment QR code. Mounted read-only; replace files on the host and they are picked up immediately.

The paths above are relative to the directory where docker-compose.yml lives. You can replace them with absolute paths if you prefer explicit control over storage location — for example /var/lib/docker/volumes/newton/tournaments:/var/www/html/tournaments.

Environment Variables

• NEWTON_API_ENABLED — Enables or disables the REST API endpoints for tournament upload, download, and delete. Set to false on public or demo deployments.
• NEWTON_DEMO_MODE — Shows a banner at the top of the app explaining that data is stored locally in the browser. Useful for public-facing instances.
• NEWTON_LANDING_PAGE — Shows a landing page at the root URL instead of loading the tournament app directly. Visitors click "Launch" to enter. Access the app directly via /?launch.
• NEWTON_BASE_URL — Sets the canonical URL for Open Graph and Twitter Card meta tags on the landing page (e.g. https://darts.example.com).
• NEWTON_GITHUB_URL — Customizes the GitHub link shown in the demo banner. Useful for forks (default: https://github.com/skrodahl/NewTon).
• NEWTON_HOST_PORT — Changes the host port the container is accessible on (default: 8080). Can be set as an environment variable before running docker compose up.

Reverse Proxy Setup

The container listens on port 2020 internally. When using a reverse proxy like Nginx Proxy Manager:

1. Add the container to the same Docker network as your reverse proxy
2. Point your proxy to newton:2020 (not port 80)
3. Remove the ports: mapping — not needed behind a proxy

Example docker-compose.yml: Nginx Proxy Manager

services:
  newton-tournament:
    image: skrodahl/newton:latest
    container_name: newton
    # ports:
    #   - "8080:2020"  # Remove when using reverse proxy
    networks:
      - proxy_network
    volumes:
      - ./tournaments:/var/www/html/tournaments
      - ./images:/var/www/html/images:ro
    environment:
      - NEWTON_API_ENABLED=true
      - NEWTON_DEMO_MODE=false

networks:
  proxy_network:
    external: true

In NPM, configure the proxy host to forward to newton:2020.

Demo / Public Site

To replicate a public demo site like newtondarts.com, add the following to your docker-compose.yml:

environment:
  - NEWTON_API_ENABLED=false   # Disable upload API for security
  - NEWTON_DEMO_MODE=true      # Show privacy banner
  - NEWTON_LANDING_PAGE=true   # Show landing page at root

Security

REST API

The REST API has no built-in authentication. Do not expose the container directly to the public internet without additional protection. Safe options:

• ✅ Local network only — home or club WiFi, default setup is fine
• ✅ Localhost only — bind to 127.0.0.1:8080:2020
• ✅ Behind VPN — Tailscale, WireGuard, or similar
• ✅ Reverse proxy with auth — nginx or Caddy with HTTP basic authentication
• ✅ Disable API — set NEWTON_API_ENABLED=false

Security Headers

The Docker image includes comprehensive security headers enabled by default — no configuration needed:

• X-Frame-Options: SAMEORIGIN — Prevents clickjacking
• X-Content-Type-Options: nosniff — Prevents MIME-type sniffing
• Referrer-Policy: strict-origin-when-cross-origin — Limits referrer data leakage
• Permissions-Policy — Disables geolocation, microphone, camera, and other unused features
• Content-Security-Policy — Prevents loading external resources
• Server tokens hidden — nginx and PHP versions not disclosed

NewTon DC Tournament Manager achieves an A grade on securityheaders.com out of the box. HSTS is not included by default to avoid breaking HTTP-only deployments — add it at your reverse proxy when using HTTPS.

Customization

Logo and Payment QR Code

Place your own files in the images/ folder. The images/ volume is mounted read-only from the host, so changes are picked up immediately — no container restart needed.

mkdir -p images

# Custom logo — supports .png, .jpg, .jpeg, or .svg
cp /path/to/your/logo.jpg ./images/logo.jpg

# Custom payment QR code
cp /path/to/your/payment-qr.png ./images/payment.png

Default images bundled in the Docker image: images/logo.jpg (club logo placeholder) and images/payment.png (GitHub project QR code).

Troubleshooting

Port Already in Use

NEWTON_HOST_PORT=9000 docker compose up -d

Container Won't Start

docker compose logs

Can't Access http://localhost:8080

1. Verify the container is running: docker compose ps — should show 0.0.0.0:8080->2020/tcp
2. Try http://127.0.0.1:8080 instead of localhost
3. Check logs: docker compose logs

Need Help?

• Application help: Press F1 inside the tournament manager
• REST API reference: REST API Documentation
• Privacy model: Privacy Architecture
• Issues & feedback: GitHub Issues