Using in production
This is not an exhaustive step-by-step guide on how you might install it into production.
It should be fairly easy if you look a little bit to the code & config properties that you can override.
You need a valid domain, and map your server IP to these domains (CNAME A):
<your-domain>.com
www.<your-domain>.com
auth.<your-domain>.com
backoffice.<your-domain>.com
cube.<your-domain>.com
Clone the following repo on your server:
git clone https://github.com/openartcoded/app-docker.git
Checkout the latest stable-ish release, for example:
git checkout v2022.1.0
Copy the docker-compose.override.example.yml file:
cp docker-compose.override.example.yml docker-compose.override.yml
Open docker-compose.override.yml with your favorite editor and changes the following properties:
| Property | Example | Description |
|---|---|---|
| MONGO_INITDB_ROOT_USERNAME | mongo | username for the mongo database |
| MONGO_INITDB_ROOT_PASSWORD | mongo | password for the mongo database |
| CAMEL_MAIL_IMAP_USERNAME | expense@your-domain.com | Email account that will receive expenses |
| CAMEL_MAIL_IMAP_PASSWORD | secret_password | Password of the expense email address |
| MAIL_SENDER_USERNAME | noreply@your-domain.com | Email account that will send email |
| MAIL_SENDER_PASSWORD | secret_password | Email account pwd that will send email |
| ARTEMIS_PASSWORD | secret_password | Artemis password |
| POSTGRES_PASSWORD | secret_password | Postgres password for keycloak |
| DRIVE_APPLICATION_NAME | yourdomain | Google drive application's name |
| KEYCLOAK_HOSTNAME | auth.somehost.org | Keycloak's hostname |
If you're familiar with docker secrets, it is a better way of doing this
Change all network aliases with your domain:
keycloak:
networks:
artcoded:
aliases:
- auth.your-domain.com
roundcube:
image: roundcube/roundcubemail:latest
networks:
artcoded:
aliases:
- cube.your-domain.com
...
Modify your gateways based on config/gateway-dev.yml
Google Drive
In order to send your backups into google drive, you need to create an application : https://developers.google.com/drive
This is an optional feature, for now the services using it can be commented.
Https proxy
You can use the same configuration as me, simply put your certificates at the right places and adapt the configuration accordingly:
git clone https://github.com/openartcoded/proxy-nginx
Keycloak
You have to generate your own realm, users & roles. Go to https://auth.your-domain.com to proceed.
You might have to uncomment : #KEYCLOAK_USER: KEYCLOAK_USER
#KEYCLOAK_PASSWORD: KEYCLOAK_PASSWORD
Prometheus & Grafana
You might have to change the userin docker-composer.override.yml if it's not 1000.
For prometheus, you probably need to create a service account & a role "ROLE_PROMETHEUS" on keycloak (see config/prometheus_dev.yml for an example of prometheus config)