diff --git a/setup/container.sh b/setup/container.sh
index 8b42aa492..81bd9b05c 100755
--- a/setup/container.sh
+++ b/setup/container.sh
@@ -30,6 +30,9 @@ ln -sfF "${DATA_DIR}/collectd" /etc/collectd
 cp "${container_files}/docker-cloudron-app.apparmor" /etc/apparmor.d/docker-cloudron-app
 systemctl restart apparmor
 
+########## docker janitor
+cp "${container_files}/docker_janitor" /usr/sbin/docker_janitor
+
 ########## nginx
 # link nginx config to system config
 unlink /etc/nginx 2>/dev/null || rm -rf /etc/nginx
diff --git a/setup/container/docker_janitor b/setup/container/docker_janitor
new file mode 100755
index 000000000..4f7ef8d35
--- /dev/null
+++ b/setup/container/docker_janitor
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+# this config matches the docker log-file configuration
+# logrotate ignores daily/monthly etc with size directive
+readonly logrotate_template=$(cat <<"EOF"
+    "$LOG_VOLUME/*" "$LOG_VOLUME/*/*" "$LOG_VOLUME/*/*/*" {
+        missingok
+        rotate 4
+        size 5M
+        nocompress
+        copytruncate
+        notifempty
+        create
+        su
+        maxage 7
+    }
+EOF
+)
+
+readonly containers=$(docker ps -qa)
+
+for container in $containers; do
+    echo "Cleaning up $container"
+
+    if tmpdir=$(docker inspect --format='{{index .Volumes "/tmp"}}' $container); then
+        echo -e "\tRemoving old files from $tmpdir"
+
+        if [[ $tmpdir == /home/yellowtent/data/docker/volumes/* ]]; then
+            find $tmpdir -mtime +10 -exec rm -rf {} + # 10 days max. note we cannot use atime because this is not a tmpfs
+        else
+            echo -e "\tInternal error in script. /tmp is mounted at unexpected location $tmpdir"
+        fi
+    fi
+
+    if logdir=$(docker inspect --format='{{index .Volumes "/var/log"}}' $container); then
+        echo -e "\tLogrotate files under $logdir"
+
+        logrotate_config=$(mktemp)
+        { echo "$logrotate_template" | LOG_VOLUME="$logdir" envsubst; } > "${logrotate_config}"
+
+        logrotate -f "${logrotate_config}"
+
+        find "${logdir}" -mindepth 3 -maxdepth 3 -type d -exec rm -rf {}  + # since we logrotate only till depth 3
+
+        rm "${logrotate_config}"
+    fi
+done
+
diff --git a/setup/container/systemd/cloudron.target b/setup/container/systemd/cloudron.target
index 48427b0af..557973025 100644
--- a/setup/container/systemd/cloudron.target
+++ b/setup/container/systemd/cloudron.target
@@ -2,8 +2,8 @@
 Description=Cloudron Smart Cloud
 Documentation=https://cloudron.io/documentation.html
 StopWhenUnneeded=true
-Requires=box.service janitor.timer
-After=box.service janitor.timer
+Requires=box.service janitor.timer docker_janitor.timer
+After=box.service janitor.timer docker_janitor.timer
 # AllowIsolate=yes
 
 [Install]
diff --git a/setup/container/systemd/docker_janitor.service b/setup/container/systemd/docker_janitor.service
new file mode 100644
index 000000000..a6df0a3b9
--- /dev/null
+++ b/setup/container/systemd/docker_janitor.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Docker Volumes Janitor
+OnFailure=crashnotifier@%n.service
+
+[Service]
+Type=simple
+Restart=no
+ExecStart=/usr/sbin/docker_janitor
+KillMode=process
+User=root
+Group=root
+MemoryLimit=50M
+WatchdogSec=180
+
diff --git a/setup/container/systemd/docker_janitor.timer b/setup/container/systemd/docker_janitor.timer
new file mode 100644
index 000000000..1d6d67019
--- /dev/null
+++ b/setup/container/systemd/docker_janitor.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=Docker Volumes Janitor
+StopWhenUnneeded=true
+
+[Timer]
+# this activates it immediately
+OnBootSec=0
+OnCalendar=*-*-* 0,6,12,18:00:00
+Unit=docker_janitor.service
+