3.3 KiB
3.3 KiB
Deployment
What Changed
This repository now includes:
- a production-oriented Compose file:
docker-compose.prod.yml; - a production environment template:
.env.production.example; - an Nginx reverse proxy config:
deploy/nginx/server-panel.conf; - a production frontend image build:
frontend/Dockerfile.prod; - an Alembic migration setup under
backend/alembic/.
Production Layout
The first-stage production deployment uses:
reverse-proxyfor public HTTP entry;frontendfor the built static React app;backendfor the FastAPI API;workerfor queued service actions;botfor Telegram integration;postgresfor persistence;redisfor the current runtime foundation.
Only the reverse proxy is exposed publicly in the production Compose file.
Configuration
- Copy
.env.production.exampleto.env.production. - Replace all placeholder secrets:
JWT_SECRETJWT_REFRESH_SECRETPOSTGRES_PASSWORDTELEGRAM_BOT_API_SECRET
- Set the public panel origin in
CORS_ALLOWED_ORIGINS. - Keep
FRONTEND_PUBLIC_API_BASE_URL=/api/v1unless you intentionally expose the API elsewhere. - If SSH-based metrics or service control are required, mount the SSH key file into the containers and keep
SSH_PRIVATE_KEY_PATHaligned with that mount.
Recommended:
- store
.env.productionoutside version control; - use a strong unique password for PostgreSQL;
- keep
SSH_ALLOW_UNKNOWN_HOST_KEYS=falseunless you have a controlled reason to relax it.
How To Run
Build and start the production stack:
docker compose \
--env-file .env.production \
-f docker-compose.prod.yml \
up --build -d
After the stack is up, apply the latest schema revision explicitly:
docker compose \
--env-file .env.production \
-f docker-compose.prod.yml \
exec backend alembic upgrade head
Create the first admin once after the stack is healthy:
curl -X POST http://YOUR_HOST/api/v1/auth/bootstrap \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"strong-pass-123"}'
Reverse Proxy
The supplied Nginx config routes:
/to the frontend container;/api/to the backend API;/healthto the backend health endpoint.
File:
deploy/nginx/server-panel.conf
The config is HTTP-only by default. For public internet exposure, terminate TLS in front of this proxy or extend this config with certificates that are managed outside the repository.
How To Verify
After startup, verify:
http://YOUR_HOST/healthreturns a backend health payload.http://YOUR_HOST/opens the frontend.http://YOUR_HOST/api/v1/auth/loginis reachable through the proxy.docker compose --env-file .env.production -f docker-compose.prod.yml psshows all expected containers running.- A test login and one safe read-only flow, such as server list or health, works end-to-end.
Notes
docker-compose.prod.ymlis intentionally separate from the local development Compose file.- The production frontend image serves static files through Nginx instead of the Vite dev server.
- The baseline Alembic revision is additive and can stamp existing pre-migration development databases without recreating them.
- This deployment shape is suitable for an internal or early-stage rollout, not a fully hardened internet-scale setup.