110 lines
3.4 KiB
Markdown
110 lines
3.4 KiB
Markdown
|
|
# High Availability Passbolt CE Deployment with NGINX Reverse Proxy Architecture
|
|
|
|
## System Architecture Overview
|
|
|
|
This repository provides a containerized high-availability configuration for Passbolt CE implementation utilizing Docker orchestration. The architecture consists of dual Passbolt CE instances operating behind an NGINX reverse proxy with isolated database schemas within a shared DBMS.
|
|
|
|
## Technical Prerequisites
|
|
|
|
- Docker Engine (version 20.10.x or higher)
|
|
- Docker Compose v2.x
|
|
- Minimum 4GB RAM
|
|
- x86_64/amd64 architecture support
|
|
|
|
## Deployment Instructions
|
|
|
|
### Initial Setup
|
|
|
|
1. Clone the repository:
|
|
```bash
|
|
git clone <repository_url>
|
|
cd <repository_name>
|
|
```
|
|
|
|
2. Initialize the deployment:
|
|
```bash
|
|
docker-compose -f docker-compose-ce.yaml up -d
|
|
```
|
|
|
|
### Service Endpoints
|
|
|
|
Primary production endpoints are accessible at:
|
|
- Instance 1: `https://passbolt.local/docker`
|
|
- Instance 2: `https://passbolt.local:4443/k8s`
|
|
|
|
**Technical Note:** URL paths (`/docker`, `/k8s`) are configurable endpoints that can be modified according to organizational requirements. Template extensibility allows for additional instance deployment by updating the following configuration files:
|
|
- `.mysql/init.sql`: Database credentials and schema initialization
|
|
- `.docker-compose-ce.yaml`: Container orchestration parameters
|
|
- `.nginx/`: Proxy configuration files
|
|
|
|
## Technical Configuration
|
|
|
|
### NGINX Reverse Proxy Configuration
|
|
|
|
The NGINX container implements a reverse proxy configuration with the following specifications:
|
|
|
|
- Port Mapping:
|
|
- HTTP: 8080:80
|
|
- HTTPS: 4433:443
|
|
- Configuration Path:
|
|
- Primary: `./nginx/core.conf.d/proxy.conf`
|
|
- Global: `./nginx/nginx.conf`
|
|
|
|
### Passbolt Instance Configuration
|
|
|
|
Each Passbolt instance operates with isolated configurations and dedicated database schemas. Configuration is managed through environment variables:
|
|
|
|
```yaml
|
|
Environment Variables:
|
|
APP_FULL_BASE_URL: ${PROTOCOL}://${DOMAIN}:${PORT}/${PATH}
|
|
APP_BASE: /${PATH}
|
|
DATASOURCES_DEFAULT_HOST: ${DB_HOST}
|
|
DATASOURCES_DEFAULT_USERNAME: ${DB_USER}
|
|
DATASOURCES_DEFAULT_PASSWORD: ${DB_PASS}
|
|
DATASOURCES_DEFAULT_DATABASE: ${DB_NAME}
|
|
```
|
|
|
|
Container initialization implements health checks ensuring database availability before service startup.
|
|
|
|
### Administrator Provisioning
|
|
|
|
Administrator accounts must be provisioned for each Passbolt instance. Execute the following for each container:
|
|
|
|
```bash
|
|
docker-compose -f docker-compose-ce.yaml exec ${CONTAINER_NAME} su -m -c "/usr/share/php/passbolt/bin/cake \
|
|
passbolt register_user \
|
|
-u ${ADMIN_EMAIL} \
|
|
-f ${ADMIN_FIRSTNAME} \
|
|
-l ${ADMIN_LASTNAME} \
|
|
-r admin" -s /bin/sh www-data
|
|
```
|
|
|
|
Response: `https://passbolt.local:4443/${PATH}/setup/install/${USER_ID}/${TOKEN_ID}`
|
|
|
|
### Persistent Storage Configuration
|
|
|
|
The deployment utilizes Docker volumes for persistent data storage:
|
|
|
|
```yaml
|
|
Volumes:
|
|
database_volume:
|
|
purpose: DBMS data persistence
|
|
|
|
gpg_volume[1|2]:
|
|
purpose: GPG keyring storage
|
|
|
|
jwt_volume[1|2]:
|
|
purpose: JWT authentication key storage
|
|
|
|
init_sql:
|
|
purpose: Database initialization scripts
|
|
contents: Schema creation, user provisioning, privilege management
|
|
```
|
|
|
|
## Licensing Information
|
|
|
|
This deployment configuration is distributed under Passbolt CE licensing terms. All intellectual property rights are reserved by Passbolt SA.
|
|
|
|
Reference: [Passbolt CE License Agreement](https://www.passbolt.com/terms)
|
|
|