hhf/passbolt_ce_docker_compose_subfolders
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add README.md

Browse source
This commit is contained in:
HHF Technology 2024-11-24 00:30:21 +05:30
commit 5fdff45ff0
1 changed files with 110 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
README.md Normal file
View file

@ -0,0 +1,110 @@
# High Availability Passbolt CE Deployment with NGINX Reverse Proxy Architecture
## System Architecture Overview
This repository provides a containerized high-availability configuration for Passbolt CE implementation utilizing Docker orchestration. The architecture consists of dual Passbolt CE instances operating behind an NGINX reverse proxy with isolated database schemas within a shared DBMS.
## Technical Prerequisites
- Docker Engine (version 20.10.x or higher)
- Docker Compose v2.x
- Minimum 4GB RAM
- x86_64/amd64 architecture support
## Deployment Instructions
### Initial Setup
1. Clone the repository:
```bash
git clone <repository_url>
cd <repository_name>
```
2. Initialize the deployment:
```bash
docker-compose -f docker-compose-ce.yaml up -d
```
### Service Endpoints
Primary production endpoints are accessible at:
- Instance 1: `https://passbolt.local/docker`
- Instance 2: `https://passbolt.local:4443/k8s`
**Technical Note:** URL paths (`/docker`, `/k8s`) are configurable endpoints that can be modified according to organizational requirements. Template extensibility allows for additional instance deployment by updating the following configuration files:
- `.mysql/init.sql`: Database credentials and schema initialization
- `.docker-compose-ce.yaml`: Container orchestration parameters
- `.nginx/`: Proxy configuration files
## Technical Configuration
### NGINX Reverse Proxy Configuration
The NGINX container implements a reverse proxy configuration with the following specifications:
- Port Mapping:
- HTTP: 8080:80
- HTTPS: 4433:443
- Configuration Path:
- Primary: `./nginx/core.conf.d/proxy.conf`
- Global: `./nginx/nginx.conf`
### Passbolt Instance Configuration
Each Passbolt instance operates with isolated configurations and dedicated database schemas. Configuration is managed through environment variables:
```yaml
Environment Variables:
APP_FULL_BASE_URL: ${PROTOCOL}://${DOMAIN}:${PORT}/${PATH}
APP_BASE: /${PATH}
DATASOURCES_DEFAULT_HOST: ${DB_HOST}
DATASOURCES_DEFAULT_USERNAME: ${DB_USER}
DATASOURCES_DEFAULT_PASSWORD: ${DB_PASS}
DATASOURCES_DEFAULT_DATABASE: ${DB_NAME}
```
Container initialization implements health checks ensuring database availability before service startup.
### Administrator Provisioning
Administrator accounts must be provisioned for each Passbolt instance. Execute the following for each container:
```bash
docker-compose -f docker-compose-ce.yaml exec ${CONTAINER_NAME} su -m -c "/usr/share/php/passbolt/bin/cake \
passbolt register_user \
-u ${ADMIN_EMAIL} \
-f ${ADMIN_FIRSTNAME} \
-l ${ADMIN_LASTNAME} \
-r admin" -s /bin/sh www-data
```
Response: `https://passbolt.local:4443/${PATH}/setup/install/${USER_ID}/${TOKEN_ID}`
### Persistent Storage Configuration
The deployment utilizes Docker volumes for persistent data storage:
```yaml
Volumes:
database_volume:
purpose: DBMS data persistence
gpg_volume[1|2]:
purpose: GPG keyring storage
jwt_volume[1|2]:
purpose: JWT authentication key storage
init_sql:
purpose: Database initialization scripts
contents: Schema creation, user provisioning, privilege management
```
## Licensing Information
This deployment configuration is distributed under Passbolt CE licensing terms. All intellectual property rights are reserved by Passbolt SA.
Reference: [Passbolt CE License Agreement](https://www.passbolt.com/terms)