From 9a14e2f5e4c135170931d68cd7b6a10a9601f860 Mon Sep 17 00:00:00 2001
From: jensilo <k@jensheise.com>
Date: Sat, 16 Dec 2023 18:07:01 +0100
Subject: [PATCH] deployment example files and documentation

---
 docker/app/.env.dist                      |  3 ++
 docker/app/.gitignore                     |  3 ++
 docker/app/docker-compose.yml             | 66 +++++++++++++++++++++++
 docker/traefik.example/docker-compose.yml | 27 ++++++++++
 docker/traefik.example/traefik.yml.dist   | 22 ++++++++
 5 files changed, 121 insertions(+)
 create mode 100644 docker/app/.env.dist
 create mode 100644 docker/app/.gitignore
 create mode 100644 docker/app/docker-compose.yml
 create mode 100644 docker/traefik.example/docker-compose.yml
 create mode 100644 docker/traefik.example/traefik.yml.dist

diff --git a/docker/app/.env.dist b/docker/app/.env.dist
new file mode 100644
index 0000000..529d56f
--- /dev/null
+++ b/docker/app/.env.dist
@@ -0,0 +1,3 @@
+POSTGRES_PASSWORD = [CHOOSE A SECURE PASSWORD FOR POSTGRESQL DB]
+BASE_URL = [URL TO HARMONY]
+HTTP = [ HTTP ("http") or HTTPS ("https") ]
\ No newline at end of file
diff --git a/docker/app/.gitignore b/docker/app/.gitignore
new file mode 100644
index 0000000..5eaac99
--- /dev/null
+++ b/docker/app/.gitignore
@@ -0,0 +1,3 @@
+harmony/**
+pg/**
+.env
\ No newline at end of file
diff --git a/docker/app/docker-compose.yml b/docker/app/docker-compose.yml
new file mode 100644
index 0000000..ed01cb8
--- /dev/null
+++ b/docker/app/docker-compose.yml
@@ -0,0 +1,66 @@
+version: "3.8"
+
+services:
+  pg:
+    image: postgres:16.1-alpine3.19
+    # The container restarts automatically unless you stop it with "docker compose down"
+    restart: unless-stopped
+    networks:
+      - services
+    volumes:
+      # The postgres data is stored in the pg/data folder on your host machine, allowing postgres to persist data even if the container is removed
+      - ./pg/data:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: harmony
+      # This is the password you set in the .env file
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      PGDATA: /var/lib/postgresql/data/pgdata
+
+  web:
+    image: jnslo/harmony:latest
+    # The container restarts automatically unless you stop it with "docker compose down"
+    restart: unless-stopped
+    networks:
+      - appnet
+      - services
+    volumes:
+      # You can override the default configuration by placing a local configuration file in harmony/config/local
+      - ./harmony/config/local:/app/config/local
+    environment:
+      BASE_URL: ${HTTP}://${BASE_URL}
+      DB_HOST: pg
+      DB_PORT: 5432
+      DB_USER: harmony
+      # This is the password you set in the .env file
+      DB_PASS: ${POSTGRES_PASSWORD}
+      DB_NAME: harmony
+    # Attention: You need to either expose the port by uncommenting the following port mapping or by using Traefik (see below).
+    # For production use Traefik is highly recommended as it allows you to use HTTPS and is more secure and isolated than exposing bare ports.
+    ports:
+      # This will bind your host machine's port 8080 to the container's port 8213
+      # In that case the BASE_URL should be localhost:8080 and HTTP should be http.
+      # Disable this for production and use BASE_URL: yourdomain.com and HTTP: https.
+      - "8080:8213"
+    # Uncomment the following labels to allow Traefik to route to this service. See explanations above each label for more information.
+    # Also, see the default /docker/traefik.example setup that is included in this repository. It is not necessary to implement this exact setup,
+    # but it might help you understand how to configure Traefik. For more see the Traefik documentation.
+    #labels:
+      # Enable Traefik for this service, otherwise it will not be routed to
+      #- "traefik.enable=true"
+      # You need to specify the domain name through the .env file (see .env.dist)
+      #- "traefik.http.routers.web.rule=Host(`${BASE_URL}`)"
+      # You need to specify the entrypoint by name that is configured for HTTPS in your Traefik setup, usually "websecure"
+      # HTTPS is required for most oauth providers to work and is recommended for production.
+      #- "traefik.http.routers.web.entrypoints=websecure"
+      # This is important as the default port of HARMONY inside the container is 8213
+      #- "traefik.http.services.web.loadbalancer.server.port=8213"
+      # Optional letsencrypt certificate resolver
+      #- "traefik.http.routers.web.tls.certresolver=letsencrypt"
+
+networks:
+  # This network is used by Traefik to route to services
+  appnet:
+    external: true
+  # This network is used only inside this docker-compose.yml and the associated containers to allow them to communicate with each other
+  services:
+    internal: true
diff --git a/docker/traefik.example/docker-compose.yml b/docker/traefik.example/docker-compose.yml
new file mode 100644
index 0000000..4b3a23a
--- /dev/null
+++ b/docker/traefik.example/docker-compose.yml
@@ -0,0 +1,27 @@
+version: "3.8"
+
+services:
+  traefik:
+    image: traefik:v3.0
+    container_name: traefik
+    # Restart the container automatically unless you stop it with "docker compose down"
+    restart: unless-stopped
+    networks:
+      - appnet
+    ports:
+      - "80:80"
+      # Important: HTTPS is required for most oauth providers to work and is recommended for production
+      - "443:443"
+    volumes:
+      # This is necessary for Traefik to be able to route to other containers
+      - /var/run/docker.sock:/var/run/docker.sock
+      # You can override the default configuration by replacing the provided traefik.yml file
+      - ./traefik.yml:/etc/traefik/traefik.yml
+      # This will be handled by Traefik automatically
+      - ./acme.json:/acme.json
+
+networks:
+  # You have to create this network before running "docker compose up" as it is external
+  # This network is used by Traefik to route to services
+  appnet:
+    external: true
diff --git a/docker/traefik.example/traefik.yml.dist b/docker/traefik.example/traefik.yml.dist
new file mode 100644
index 0000000..8b1a04c
--- /dev/null
+++ b/docker/traefik.example/traefik.yml.dist
@@ -0,0 +1,22 @@
+entryPoints:
+  web:
+    address: ":80"
+  # Important: HTTPS is required for most oauth providers to work and is recommended for production
+  websecure:
+    address: ":443"
+
+providers:
+  docker:
+    # For security reasons, you should not expose all containers by default
+    exposedByDefault: false
+    # This network is used by Traefik to route to services
+    network: appnet
+
+certificatesResolvers:
+  # You can replace this however you want, but if you keep it, you should set the email
+  letsencrypt:
+    acme:
+      email: [! YOUR EMAIL !]
+      storage: acme.json
+      httpChallenge:
+        entryPoint: web
-- 
GitLab