Example production docker-compose.prod.yml file. You can follow the steps in deploy_docker.yml to see how it is used.
- Setup a production PostgreSQL database
- Setup a production Postfix instance for sending mails. Sending mails can be disabled
- Setup a production keycloak instance. Guide for first time setup can be found in Development Setup
Minimal docker configuration to start a server
image: "ghcr.io/ls1intum/thesis-track/thesis-track-server:latest"
container_name: thesis-track-server
labels:
- "traefik.enable=true"
- "traefik.http.routers.server.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/api`)"
- "traefik.http.services.server.loadbalancer.server.port=8080"
- "traefik.http.routers.server.entrypoints=websecure"
- "traefik.http.routers.server.tls.certresolver=letsencrypt"
- "traefik.http.middlewares.api-ratelimit.ratelimit.average=300"
- "traefik.http.middlewares.api-ratelimit.ratelimit.burst=100"
- "traefik.http.routers.server.middlewares=api-ratelimit"
- "traefik.http.routers.server.priority=10"
volumes:
- ./thesis_uploads:/uploads
expose:
- "8080"
environment:
- TZ=Europe/Berlin
- SPRING_DATASOURCE_URL=jdbc:postgresql://db:5432/thesis-track
- SPRING_DATASOURCE_USERNAME=
- SPRING_DATASOURCE_PASSWORD=
- MAIL_ENABLED=true
- MAIL_WORKSPACE_URL=
- MAIL_SENDER=
- POSTFIX_HOST=postfix
- POSTFIX_PORT=25
- POSTFIX_USERNAME=
- POSTFIX_PASSWORD=
- CLIENT_HOST=
- KEYCLOAK_HOST=
- KEYCLOAK_REALM_NAME=
- KEYCLOAK_CLIENT_ID=
Minimal docker configuration to start the client
image: "ghcr.io/ls1intum/thesis-track/thesis-track-client:latest"
container_name: thesis-track-client
labels:
- "traefik.enable=true"
- "traefik.http.routers.client.rule=Host(`${APP_HOSTNAME}`)"
- "traefik.http.routers.client.entrypoints=websecure"
- "traefik.http.routers.client.tls.certresolver=letsencrypt"
- "traefik.http.middlewares.client-compress.compress=true"
- "traefik.http.routers.client.middlewares=client-compress"
- "traefik.http.routers.client.priority=1"
expose:
- "80"
volumes:
- ./templates/privacy.html:/usr/share/nginx/html/privacy.html
- ./templates/imprint.html:/usr/share/nginx/html/imprint.html
environment:
- SERVER_HOST=
- KEYCLOAK_HOST=
- KEYCLOAK_REALM_NAME=
- KEYCLOAK_CLIENT_ID=
- CHAIR_NAME=
- CHAIR_URL=
image: traefik:v3.2
command:
- "--providers.docker=true"
- "--providers.docker.exposedByDefault=false"
- "--providers.docker.network=thesis-track-network"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "[email protected]"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./letsencrypt:/letsencrypt
There are 2 places that require backups:
- The PostgreSQL database. The backup strategy depends on the database setup, but the whole public schema of the connected database should be included in the backup.
- Example backup command:
pg_dump -U thesistrack --schema="public" thesistrack > backup_thesistrack.sql
- Example import command:
psql -U thesistrack -d thesistrack -f backup_thesistrack.sql
- Example backup command:
- The files stored at
/uploads
. In the docker example, these files are mounted to./thesis_uploads
and backup system should collect the files from the mounted folder
There is an example script thesis-track-backup.sh that you can call in a cronjob to create regular backups.
All further environment variables can be found here
If you want to modify the emails, you can read about that here