beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a0b9dd980b7ea315efb26947f6d89fc48c2e12c7
docker/DEPLOYMENT.md
T
git 8bed8fdcb2 new file: .env.example 
new file:   DEPLOYMENT.md
	new file:   SECURITY_SECRETS_INVENTORY.md
	new file:   secrets/.env.secrets.example
2026-04-07 19:39:48 +10:00

1.4 KiB
Raw Blame History

Deployment prerequisites (required)

Before running docker compose up, you must provision runtime secrets.

1) Create non-committed secret files

cp secrets/.env.secrets.example secrets/stack-secrets.env
chmod 600 secrets/stack-secrets.env

Create these Docker secret files (all ignored by git):

  • secrets/nextcloud_db_root_password.txt
  • secrets/nextcloud_db_password.txt
  • secrets/nextcloud_admin_password.txt
  • secrets/nextcloud_smtp_password.txt
  • secrets/nextcloud_redis_password.txt
  • secrets/passbolt_db_password.txt
  • secrets/gramps_db_password.txt
  • secrets/influxdb_init_password.txt
  • secrets/prometheus_kuma_basic_auth_password.txt

Recommended permissions:

chmod 600 secrets/*.txt

2) Rotate previously committed credentials

These values were previously hardcoded and must be rotated in upstream systems immediately:

  • Database credentials (Nextcloud, Passbolt, Gramps, InfluxDB).
  • Nextcloud SMTP app password.
  • Authelia reset JWT secret, session secret, storage encryption key.
  • Traefik CrowdSec LAPI key.
  • Gotify admin password.
  • Prometheus Uptime Kuma basic-auth password.

3) Start stack

After secrets are provisioned:

docker compose -f core/docker-compose.yml up -d
docker compose -f monitoring/prometheus/docker-compose.yml up -d
docker compose -f apps/nextcloud/docker-compose.yml up -d
Reference in New Issue View Git Blame Copy Permalink