Varakh
faffad851c
Reviewed-on: #25 Co-authored-by: Varakh <varakh@varakh.de> Co-committed-by: Varakh <varakh@varakh.de>
181 lines
4.4 KiB
Markdown
181 lines
4.4 KiB
Markdown
# Deployment
|
|
|
|
## Native
|
|
|
|
Download the binary for your operating system. Next, use the binary or execute it locally.
|
|
|
|
See the provided systemd service example [upda.service](./contrib/upda.service) to deploy on a UNIX/Linux machine.
|
|
|
|
## Container
|
|
|
|
Use one of the provided `docker-compose` examples, edit to your needs. Then issue `docker compose up` command.
|
|
|
|
All applications should be up and running.
|
|
|
|
As of now, the web interface and the server comes as different container images.
|
|
|
|
Default image user is `appuser` (`uid=2033`) and group is `appgroup` (`gid=2033`).
|
|
|
|
The following examples are available
|
|
|
|
### Postgres
|
|
|
|
```yaml
|
|
version: '3.9'
|
|
|
|
networks:
|
|
internal:
|
|
external: false
|
|
driver: bridge
|
|
driver_opts:
|
|
com.docker.network.bridge.name: br-upda
|
|
|
|
services:
|
|
ui:
|
|
container_name: upda_ui
|
|
image: git.myservermanager.com/varakh/upda-ui:latest
|
|
environment:
|
|
- VITE_API_URL=https://upda.domain.tld/api/v1/
|
|
- VITE_APP_TITLE=upda
|
|
- VITE_APP_DESCRIPTION=upda
|
|
restart: unless-stopped
|
|
networks:
|
|
- internal
|
|
ports:
|
|
- "127.0.0.1:8181:80"
|
|
depends_on:
|
|
- api
|
|
|
|
api:
|
|
container_name: upda_api
|
|
image: git.myservermanager.com/varakh/upda:latest
|
|
environment:
|
|
- TZ=Europe/Berlin
|
|
- DB_POSTGRES_TZ=Europe/Berlin
|
|
- DB_TYPE=postgres
|
|
- DB_POSTGRES_HOST=db
|
|
- DB_POSTGRES_PORT=5432
|
|
- DB_POSTGRES_NAME=upda
|
|
- DB_POSTGRES_USER=upda
|
|
- DB_POSTGRES_PASSWORD=upda
|
|
- BASIC_AUTH_USER=admin
|
|
- BASIC_AUTH_PASSWORD=changeit
|
|
# generate 32 character long secret, e.g., with "openssl rand -hex 16"
|
|
- SECRET=generated-secure-secret-32-chars
|
|
restart: unless-stopped
|
|
networks:
|
|
- internal
|
|
ports:
|
|
- "127.0.0.1:8080:8080"
|
|
depends_on:
|
|
- db
|
|
|
|
db:
|
|
container_name: upda_db
|
|
image: postgres:16
|
|
restart: unless-stopped
|
|
environment:
|
|
- POSTGRES_USER=upda
|
|
- POSTGRES_PASSWORD=upda
|
|
- POSTGRES_DB=upda
|
|
networks:
|
|
- internal
|
|
volumes:
|
|
- upda-db-vol:/var/lib/postgresql/data
|
|
|
|
volumes:
|
|
upda-db-vol:
|
|
external: false
|
|
```
|
|
|
|
### SQLite
|
|
|
|
```yaml
|
|
version: '3.9'
|
|
|
|
networks:
|
|
internal:
|
|
external: false
|
|
driver: bridge
|
|
driver_opts:
|
|
com.docker.network.bridge.name: br-upda
|
|
|
|
services:
|
|
ui:
|
|
container_name: upda_ui
|
|
image: git.myservermanager.com/varakh/upda-ui:latest
|
|
environment:
|
|
- VITE_API_URL=https://upda.domain.tld/api/v1/
|
|
- VITE_APP_TITLE=upda
|
|
- VITE_APP_DESCRIPTION=upda
|
|
restart: unless-stopped
|
|
networks:
|
|
- internal
|
|
ports:
|
|
- "127.0.0.1:8181:80"
|
|
depends_on:
|
|
- api
|
|
|
|
api:
|
|
container_name: upda_api
|
|
image: git.myservermanager.com/varakh/upda:latest
|
|
environment:
|
|
- TZ=Europe/Berlin
|
|
- BASIC_AUTH_USER=admin
|
|
- BASIC_AUTH_PASSWORD=changeit
|
|
# generate 32 character long secret, e.g., with "openssl rand -hex 16"
|
|
- SECRET=generated-secure-secret-32-chars
|
|
restart: unless-stopped
|
|
networks:
|
|
- internal
|
|
volumes:
|
|
- upda-app-vol:/home/appuser
|
|
ports:
|
|
- "127.0.0.1:8080:8080"
|
|
|
|
volumes:
|
|
upda-app-vol:
|
|
external: false
|
|
```
|
|
|
|
## Reverse proxy
|
|
|
|
You may want to use a proxy in front of them on your host, e.g., nginx. Here's a configuration snippet which should do
|
|
the work.
|
|
|
|
The UI and API is reachable through the same domain, e.g., `https://upda.domain.tld`. In addition, Let's Encrypt is used
|
|
for transport encryption.
|
|
|
|
```shell
|
|
server {
|
|
listen 443 ssl http2;
|
|
ssl_certificate /etc/letsencrypt/live/upda.domain.tld/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/upda.domain.tld/privkey.pem;
|
|
|
|
# ui
|
|
location / {
|
|
proxy_pass http://localhost:8181;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# api
|
|
location ~* ^/(api)/ {
|
|
proxy_pass http://localhost:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
# metrics
|
|
location ~* ^/metrics {
|
|
proxy_pass http://localhost:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
```
|