TDvorak/Containr
1
0
Fork 0
mirror of https://github.com/Dvorinka/Containr.git synced 2026-06-03 20:12:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
08bd0c6e5cb864dc6585ff21195bdc6f0b50736c
Containr/DOCKER_SETUP.md
T

232 lines
5.3 KiB
Markdown
Raw Blame History

# Docker Setup with Traefik
This guide will help you set up Containr with Docker, Traefik reverse proxy, and automatic SSL certificates.
## Prerequisites
- Docker and Docker Compose installed
- A domain name pointing to your server's IP address
- Port 80 and 443 open on your firewall
## Quick Start
1. **Clone and prepare the environment:**
```bash
git clone <your-repo>
cd containr
cp .env.example .env
```
2. **Configure your environment:**
Edit `.env` file with your settings:
```bash
nano .env
```
Required changes:
- `DOMAIN=yourdomain.com` - Your actual domain
- `ACME_EMAIL=admin@yourdomain.com` - Email for SSL certificates
- `POSTGRES_PASSWORD` - Set a secure password
- `REDIS_PASSWORD` - Set a secure password
- `JWT_SECRET` - Generate a secure random string
- `TRAEFIK_AUTH` - Generate basic auth for dashboard
3. **Generate Traefik authentication:**
```bash
# Install apache2-utils if needed
sudo apt-get install apache2-utils
# Generate username:password hash
htpasswd -nb admin yourpassword
# Update TRAEFIK_AUTH in .env with the output
```
4. **Create necessary directories:**
```bash
mkdir -p data/letsencrypt
chmod 600 data/letsencrypt/acme.json
```
5. **Start the services:**
```bash
docker-compose up -d
```
## Services and URLs
After deployment, your services will be available at:
- **Frontend**: `https://yourdomain.com`
- **Backend API**: `https://api.yourdomain.com`
- **Traefik Dashboard**: `https://traefik.yourdomain.com`
## Architecture
```
Internet → Traefik (Port 80/443)
├── Frontend (React/Nginx)
├── Backend (Go API)
├── PostgreSQL (Database)
└── Redis (Cache)
```
## Configuration Files
### Docker Compose
- `docker-compose.yml` - Main orchestration file
- Defines all services, networks, and volumes
- Configures Traefik with automatic SSL
### Traefik Configuration
- `traefik.yml` - Static configuration
- `traefik-dynamic.yml` - Dynamic routing rules
- Automatic HTTP to HTTPS redirection
- Security headers and rate limiting
### Dockerfiles
- `Dockerfile.backend` - Go backend with multi-stage build
- `Dockerfile.frontend` - React frontend with Nginx
- Both use non-root users for security
## Security Features
- **Automatic SSL** via Let's Encrypt
- **HTTP to HTTPS** redirection
- **Security headers** (HSTS, XSS protection, etc.)
- **Rate limiting** on API endpoints
- **Basic authentication** on Traefik dashboard
- **Non-root containers** for all services
- **Health checks** for all services
## Monitoring and Logs
### Traefik Dashboard
Access at `https://traefik.yourdomain.com` with your configured credentials.
### Logs
```bash
# View all logs
docker-compose logs -f
# View specific service logs
docker-compose logs -f traefik
docker-compose logs -f backend
docker-compose logs -f frontend
```
### Health Checks
All services include health checks:
```bash
# Check service status
docker-compose ps
```
## Maintenance
### Updates
```bash
# Pull latest images
docker-compose pull
# Recreate services with new images
docker-compose up -d --force-recreate
```
### Backups
```bash
# Backup PostgreSQL
docker-compose exec postgres pg_dump -U containr_user containr > backup.sql
# Backup Redis
docker-compose exec redis redis-cli --rdb /data/dump.rdb
```
### SSL Certificates
Let's Encrypt certificates are automatically renewed. Manual renewal:
```bash
docker-compose exec traefik traefik api check-letsencrypt
```
## Development Mode
For local development without SSL:
```bash
# Create development override
cat > docker-compose.override.yml << EOF
version: '3.8'
services:
traefik:
command:
- "--api.dashboard=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
- "--log.level=DEBUG"
ports:
- "80:80"
- "8080:8080"
labels:
- "traefik.http.routers.traefik.rule=Host(`localhost`)"
- "traefik.http.routers.traefik.entrypoints=web"
- "traefik.http.routers.traefik.service=api@internal"
EOF
# Start with override
docker-compose up -d
```
## Troubleshooting
### Common Issues
1. **SSL Certificate Issues**
```bash
# Check acme.json permissions
ls -la data/letsencrypt/acme.json
# Reset certificates
rm data/letsencrypt/acme.json
docker-compose restart traefik
```
2. **Port Conflicts**
```bash
# Check what's using ports
sudo netstat -tlnp | grep :80
sudo netstat -tlnp | grep :443
```
3. **Database Connection**
```bash
# Test database connection
docker-compose exec backend ping postgres
```
4. **Permission Issues**
```bash
# Fix volume permissions
sudo chown -R 1001:1001 data/
```
### Performance Tuning
1. **Nginx Caching** - Already configured in `nginx.conf`
2. **Redis Caching** - Configure in your application
3. **Database Pooling** - Adjust connection limits in Go app
## Production Tips
1. **Monitoring** - Set up Prometheus/Grafana
2. **Alerting** - Configure alerts for service failures
3. **Backup Strategy** - Automated database backups
4. **Load Testing** - Test before production deployment
5. **Security Audit** - Regular security scans
## Support
For issues:
1. Check logs: `docker-compose logs`
2. Verify configuration: `docker-compose config`
3. Check service status: `docker-compose ps`
4. Review Traefik dashboard for routing issues
Reference in New Issue View Git Blame Copy Permalink