beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1918b8306190d2213d6e3490728c682eb3ca35f5
docker/DEPLOYMENT.md
T

49 lines
1.3 KiB
Markdown
Raw Blame History

# Deployment prerequisites (required)
Before running `docker compose up`, you **must** provision runtime secrets.
## 1) Create non-committed secret files
```bash
cp secrets/.env.secrets.example secrets/stack-secrets.env
chmod 600 secrets/stack-secrets.env
```
Create these Docker secret files (all ignored by git):
- `secrets/nextcloud_db_root_password.txt`
- `secrets/nextcloud_db_password.txt`
- `secrets/nextcloud_admin_password.txt`
- `secrets/nextcloud_smtp_password.txt`
- `secrets/nextcloud_redis_password.txt`
- `secrets/passbolt_db_password.txt`
- `secrets/influxdb_init_password.txt`
- `secrets/prometheus_kuma_basic_auth_password.txt`
Recommended permissions:
```bash
chmod 600 secrets/*.txt
```
## 2) Rotate previously committed credentials
These values were previously hardcoded and must be rotated in upstream systems immediately:
- Database credentials (Nextcloud, Passbolt, InfluxDB).
- Nextcloud SMTP app password.
- Authelia reset JWT secret, session secret, storage encryption key.
- Traefik CrowdSec LAPI key.
- Gotify admin password.
- Prometheus Uptime Kuma basic-auth password.
## 3) Start stack
After secrets are provisioned:
```bash
docker compose -f core/docker-compose.yml up -d
docker compose -f monitoring/prometheus/docker-compose.yml up -d
docker compose -f apps/nextcloud/docker-compose.yml up -d
```
Reference in New Issue View Git Blame Copy Permalink