filipriec/Kurt_kalendar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prod

Browse Source
This commit is contained in:
Priec
2026-05-16 23:03:29 +02:00
parent fcaf2038ad
commit 326062b3a0
10 changed files with 450 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

203
ht_booking/DEPLOY.md Normal file
View File

@@ -0,0 +1,203 @@
# Deploying ht_booking (Tenis Rajec)
This app ships as a single Docker container that runs behind your existing
shared **Caddy** reverse proxy. Caddy terminates HTTPS; the app container has
no host ports and is reachable only through Caddy. The SQLite database lives
on a Docker volume so it survives rebuilds and restarts.
```
Internet ──▶ Caddy (:80/:443, HTTPS)
│ reverse_proxy ht-booking:5150 (over tenisrajec-net)
ht-booking container ──▶ /usr/app/data/production.sqlite
(Docker volume: ht_booking_data)
```
Files in this repo that drive the deployment:
| File | Role |
|---|---|
| `Dockerfile` | 3-stage build: CSS → Rust binary → slim runtime image |
| `docker-compose.prod.yml` | the app service, volume, network |
| `Caddyfile` | the site's reverse-proxy block (imported by central Caddy) |
| `config/production.yaml` | Loco production config (no secrets) |
| `.env.production.example` | template for secrets — copy to `.env.production` |
| `Makefile` | `make up` / `down` / `logs` / `restart` |
---
## Prerequisites
- The server already runs the shared Caddy stack (`docker-compose.caddy.yml`).
- Docker + `docker-compose` are installed (they already are — Caddy uses them).
- You can edit DNS for `tenisrajec.sk`.
---
## One-time setup
### 1. Point DNS at the server
Create DNS **A records** so both names resolve to the server's public IP:
```
tenisrajec.sk A <server-ip>
www.tenisrajec.sk A <server-ip>
```
Do this first — Caddy needs the domain to resolve to obtain the TLS
certificate. Propagation can take a while.
### 2. Clone the repo onto the server
```sh
cd ~
git clone <your-git-remote-url> ht_booking
cd ht_booking
```
(The rest of this guide assumes the repo is at `~/ht_booking`.)
### 3. Create the shared network
The app and Caddy talk over a dedicated Docker network — same pattern as your
other projects (`biomed-net`, `farmeris-net`, …):
```sh
docker network create tenisrajec-net \
--driver bridge --opt com.docker.network.driver.mtu=1450
```
### 4. Create the secrets file
```sh
cp .env.production.example .env.production
openssl rand -hex 32 # copy the output into JWT_SECRET
nano .env.production
```
Fill in:
- `JWT_SECRET` — paste the `openssl` output (**required** — the app won't start without it).
- `ADMIN_EMAIL` / `ADMIN_PASSWORD` — the single admin login, seeded on first boot.
`.env.production` is gitignored — it stays only on the server.
### 5. Hook the site into the central Caddy
Caddy must (a) import this site's `Caddyfile` and (b) join `tenisrajec-net`.
**a.** Add one line to the central `~/Caddyfile`:
```
import /etc/caddy/Caddyfile_tenisrajec
```
**b.** In `~/docker-compose.caddy.yml`, under the `caddy` service add the
Caddyfile mount to `volumes:`
```yaml
- ./ht_booking/Caddyfile:/etc/caddy/Caddyfile_tenisrajec
```
… add the network to the `caddy` service's `networks:` list …
```yaml
networks:
- vonavucke-net
- biomed-net
- gitea-net
- mqtt-net
- farmeris-net
- tenisrajec-net # <-- add
```
… and declare it in the top-level `networks:` block:
```yaml
tenisrajec-net:
external: true
driver: bridge
driver_opts:
com.docker.network.driver.mtu: 1450
```
**c.** Recreate Caddy so it picks up the new mount and network:
```sh
cd ~
docker-compose -f docker-compose.caddy.yml up -d
```
### 6. Build and start the app
```sh
cd ~/ht_booking
make up
```
The first build takes a few minutes (it compiles the Rust release binary).
On first boot the app creates the SQLite database, runs all migrations, and
seeds the admin account and a default court — automatically.
### 7. Verify
```sh
make logs # look for "listening on http://0.0.0.0:5150"
make ps # STATUS should become "healthy"
```
Then open <https://tenisrajec.sk> — Caddy will have issued the certificate.
---
## Updating after code changes
```sh
cd ~/ht_booking
git pull
make restart
```
`make restart` rebuilds the image and recreates the container. The database
volume is untouched, so all bookings are preserved. Migrations for any new
schema run automatically on boot.
> If you changed templates/CSS, the image rebuilds `app.css` itself — you do
> not need to run `npm run build:css` on the server.
---
## Backups
The whole database is one SQLite file inside the `ht_booking_data` volume.
Copy it out at any time:
```sh
docker cp ht-booking:/usr/app/data/production.sqlite ./backup-$(date +%F).sqlite
```
Restore by stopping the app, copying a file back, and starting it:
```sh
make down
docker cp ./backup-2026-05-16.sqlite ht-booking:/usr/app/data/production.sqlite
make up
```
A nightly `cron` job running that `docker cp` into a backed-up directory is
enough for this site.
---
## Troubleshooting
| Symptom | Cause / fix |
|---|---|
| App exits immediately, logs mention `JWT_SECRET` / config | `JWT_SECRET` is empty in `.env.production`. Set it, `make restart`. |
| `502 Bad Gateway` from Caddy | App not up yet, or Caddy didn't join `tenisrajec-net`. Check `make ps` and step 5b. |
| Caddy can't get a certificate | DNS not pointing at the server yet, or ports 80/443 blocked. |
| `network tenisrajec-net not found` | Run step 3 before `make up` / recreating Caddy. |
| Need a shell in the container | `docker exec -it ht-booking bash` |
The app listens on `5150` **inside** its container only — it is intentionally
not published to the host. All traffic goes through Caddy.