(config) Harden Docker deployment for remote servers
Run the Django control panel with Gunicorn instead of the development runserver and serve static files through WhiteNoise. Add restart policies, healthchecks, .env-driven production settings, and a sample .env file for single-server deployments. Update the Docker entrypoint to collect static assets and document the remote server deployment and update flow in the README.
This commit is contained in:
44
README.md
44
README.md
@@ -128,7 +128,8 @@ Run the scheduler alongside the web admin:
|
||||
docker compose up --build web scheduler worker
|
||||
```
|
||||
|
||||
The container persists `/opt/pobsync` and the SQLite database in Docker volumes.
|
||||
The web service runs Django through Gunicorn and serves static files with WhiteNoise. The container persists `/opt/pobsync`
|
||||
and the SQLite database in Docker volumes.
|
||||
Backup data is always available at `/backups` inside the containers. By default this uses `./backups` on the host.
|
||||
Override the host-side mount with `POBSYNC_BACKUP_ROOT`:
|
||||
|
||||
@@ -139,6 +140,47 @@ POBSYNC_BACKUP_ROOT=/mnt/backups/pobsync docker compose up --build web scheduler
|
||||
The Django setup UI keeps the backup root fixed at `/backups`; only the Docker mount decides which host directory
|
||||
that points to.
|
||||
|
||||
## Remote Server Deployment
|
||||
|
||||
For a single backup server, use Docker Compose with the SQLite services and put a reverse proxy such as Caddy, nginx,
|
||||
or Traefik in front of `web`.
|
||||
|
||||
Create a `.env` from the example:
|
||||
|
||||
```
|
||||
cp .env.example .env
|
||||
```
|
||||
|
||||
Set at least:
|
||||
|
||||
```
|
||||
POBSYNC_BACKUP_ROOT=/mnt/backups/pobsync
|
||||
POBSYNC_DJANGO_ALLOWED_HOSTS=backup.example.com,localhost,127.0.0.1
|
||||
POBSYNC_DJANGO_SECRET_KEY=<long-random-secret>
|
||||
POBSYNC_DJANGO_DEBUG=0
|
||||
POBSYNC_WEB_BIND=127.0.0.1
|
||||
```
|
||||
|
||||
Deploy or update:
|
||||
|
||||
```
|
||||
git pull
|
||||
docker compose build web scheduler worker
|
||||
docker compose up -d --force-recreate web scheduler worker
|
||||
docker compose exec web python manage.py migrate
|
||||
```
|
||||
|
||||
Check service state:
|
||||
|
||||
```
|
||||
docker compose ps
|
||||
docker compose logs --tail=100 worker
|
||||
docker compose logs --tail=100 scheduler
|
||||
```
|
||||
|
||||
`web`, `scheduler`, and `worker` use `restart: unless-stopped` and Docker healthchecks. If `POBSYNC_WEB_BIND` is
|
||||
`127.0.0.1`, expose the app through your reverse proxy instead of directly publishing it to the internet.
|
||||
|
||||
## Django-Managed SSH Keys
|
||||
|
||||
SSH keys can be managed from the Django UI at `/ssh-credentials/`. Add a private key there, optionally paste
|
||||
|
||||
Reference in New Issue
Block a user