hhf/passbolt_ce_docker_compose_subfolders
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Dual Passbolt CE Instances with Shared DBMS Backend and NGINX Reverse Proxy
2 commits 1 branch 0 tags 29 KiB
Find a file
hhf f2f3da2238 Add docker-compose-ce.yaml
2024-11-24 00:31:22 +05:30
docker-compose-ce.yaml Add docker-compose-ce.yaml 2024-11-24 00:31:22 +05:30
README.md Add README.md 2024-11-24 00:30:21 +05:30

README.md

High Availability Passbolt CE Deployment with NGINX Reverse Proxy Architecture

System Architecture Overview

This repository provides a containerized high-availability configuration for Passbolt CE implementation utilizing Docker orchestration. The architecture consists of dual Passbolt CE instances operating behind an NGINX reverse proxy with isolated database schemas within a shared DBMS.

Technical Prerequisites

  • Docker Engine (version 20.10.x or higher)
  • Docker Compose v2.x
  • Minimum 4GB RAM
  • x86_64/amd64 architecture support

Deployment Instructions

Initial Setup

  1. Clone the repository:
git clone <repository_url>
cd <repository_name>
  1. Initialize the deployment:
docker-compose -f docker-compose-ce.yaml up -d

Service Endpoints

Primary production endpoints are accessible at:

  • Instance 1: https://passbolt.local/docker
  • Instance 2: https://passbolt.local:4443/k8s

Technical Note: URL paths (/docker, /k8s) are configurable endpoints that can be modified according to organizational requirements. Template extensibility allows for additional instance deployment by updating the following configuration files:

  • .mysql/init.sql: Database credentials and schema initialization
  • .docker-compose-ce.yaml: Container orchestration parameters
  • .nginx/: Proxy configuration files

Technical Configuration

NGINX Reverse Proxy Configuration

The NGINX container implements a reverse proxy configuration with the following specifications:

  • Port Mapping:
    • HTTP: 8080:80
    • HTTPS: 4433:443
  • Configuration Path:
    • Primary: ./nginx/core.conf.d/proxy.conf
    • Global: ./nginx/nginx.conf

Passbolt Instance Configuration

Each Passbolt instance operates with isolated configurations and dedicated database schemas. Configuration is managed through environment variables:

Environment Variables:
  APP_FULL_BASE_URL: ${PROTOCOL}://${DOMAIN}:${PORT}/${PATH}
  APP_BASE: /${PATH}
  DATASOURCES_DEFAULT_HOST: ${DB_HOST}
  DATASOURCES_DEFAULT_USERNAME: ${DB_USER}
  DATASOURCES_DEFAULT_PASSWORD: ${DB_PASS}
  DATASOURCES_DEFAULT_DATABASE: ${DB_NAME}

Container initialization implements health checks ensuring database availability before service startup.

Administrator Provisioning

Administrator accounts must be provisioned for each Passbolt instance. Execute the following for each container:

docker-compose -f docker-compose-ce.yaml exec ${CONTAINER_NAME} su -m -c "/usr/share/php/passbolt/bin/cake \
  passbolt register_user \
  -u ${ADMIN_EMAIL} \
  -f ${ADMIN_FIRSTNAME} \
  -l ${ADMIN_LASTNAME} \
  -r admin" -s /bin/sh www-data

Response: https://passbolt.local:4443/${PATH}/setup/install/${USER_ID}/${TOKEN_ID}

Persistent Storage Configuration

The deployment utilizes Docker volumes for persistent data storage:

Volumes:
  database_volume: 
    purpose: DBMS data persistence
    
  gpg_volume[1|2]:
    purpose: GPG keyring storage
    
  jwt_volume[1|2]:
    purpose: JWT authentication key storage
    
  init_sql:
    purpose: Database initialization scripts
    contents: Schema creation, user provisioning, privilege management

Licensing Information

This deployment configuration is distributed under Passbolt CE licensing terms. All intellectual property rights are reserved by Passbolt SA.

Reference: Passbolt CE License Agreement