# High Availability Passbolt CE Deployment with NGINX Reverse Proxy Architecture ## System Architecture Overview This repository provides a containerized high-availability configuration for Passbolt CE implementation utilizing Docker orchestration. The architecture consists of dual Passbolt CE instances operating behind an NGINX reverse proxy with isolated database schemas within a shared DBMS. ## Technical Prerequisites - Docker Engine (version 20.10.x or higher) - Docker Compose v2.x - Minimum 4GB RAM - x86_64/amd64 architecture support ## Deployment Instructions ### Initial Setup 1. Clone the repository: ```bash git clone cd ``` 2. Initialize the deployment: ```bash docker-compose -f docker-compose-ce.yaml up -d ``` ### Service Endpoints Primary production endpoints are accessible at: - Instance 1: `https://passbolt.local/docker` - Instance 2: `https://passbolt.local:4443/k8s` **Technical Note:** URL paths (`/docker`, `/k8s`) are configurable endpoints that can be modified according to organizational requirements. Template extensibility allows for additional instance deployment by updating the following configuration files: - `.mysql/init.sql`: Database credentials and schema initialization - `.docker-compose-ce.yaml`: Container orchestration parameters - `.nginx/`: Proxy configuration files ## Technical Configuration ### NGINX Reverse Proxy Configuration The NGINX container implements a reverse proxy configuration with the following specifications: - Port Mapping: - HTTP: 8080:80 - HTTPS: 4433:443 - Configuration Path: - Primary: `./nginx/core.conf.d/proxy.conf` - Global: `./nginx/nginx.conf` ### Passbolt Instance Configuration Each Passbolt instance operates with isolated configurations and dedicated database schemas. Configuration is managed through environment variables: ```yaml Environment Variables: APP_FULL_BASE_URL: ${PROTOCOL}://${DOMAIN}:${PORT}/${PATH} APP_BASE: /${PATH} DATASOURCES_DEFAULT_HOST: ${DB_HOST} DATASOURCES_DEFAULT_USERNAME: ${DB_USER} DATASOURCES_DEFAULT_PASSWORD: ${DB_PASS} DATASOURCES_DEFAULT_DATABASE: ${DB_NAME} ``` Container initialization implements health checks ensuring database availability before service startup. ### Administrator Provisioning Administrator accounts must be provisioned for each Passbolt instance. Execute the following for each container: ```bash docker-compose -f docker-compose-ce.yaml exec ${CONTAINER_NAME} su -m -c "/usr/share/php/passbolt/bin/cake \ passbolt register_user \ -u ${ADMIN_EMAIL} \ -f ${ADMIN_FIRSTNAME} \ -l ${ADMIN_LASTNAME} \ -r admin" -s /bin/sh www-data ``` Response: `https://passbolt.local:4443/${PATH}/setup/install/${USER_ID}/${TOKEN_ID}` ### Persistent Storage Configuration The deployment utilizes Docker volumes for persistent data storage: ```yaml Volumes: database_volume: purpose: DBMS data persistence gpg_volume[1|2]: purpose: GPG keyring storage jwt_volume[1|2]: purpose: JWT authentication key storage init_sql: purpose: Database initialization scripts contents: Schema creation, user provisioning, privilege management ``` ## Licensing Information This deployment configuration is distributed under Passbolt CE licensing terms. All intellectual property rights are reserved by Passbolt SA. Reference: [Passbolt CE License Agreement](https://www.passbolt.com/terms)