- Pull the official image:
docker pull passwordimmunity/server- Create a docker-compose.yml:
version: '3'
services:
db:
image: postgres:14
environment:
POSTGRES_DB: passwordimmunity
POSTGRES_USER: passwordimmunity
POSTGRES_PASSWORD: your_secure_password
volumes:
- ./data/db:/var/lib/postgresql/data
restart: always
server:
image: passwordimmunity/server
depends_on:
- db
environment:
DATABASE_URL: postgresql://passwordimmunity:your_secure_password@db:5432/passwordimmunity
DOMAIN: https://your-domain.com
ports:
- "8000:80"
volumes:
- ./data/attachments:/data/attachments
restart: always
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./ssl:/etc/nginx/ssl:ro
depends_on:
- server
restart: always-
System Requirements:
- 2+ CPU cores
- 4GB+ RAM
- 20GB+ storage
- PostgreSQL 12+
- Nginx/Apache
-
Database Setup:
CREATE DATABASE passwordimmunity;
CREATE USER passwordimmunity WITH PASSWORD 'your_secure_password';
GRANT ALL PRIVILEGES ON DATABASE passwordimmunity TO passwordimmunity;- Application Setup:
# Create service user
sudo useradd -r -s /bin/false passwordimmunity
# Create directories
sudo mkdir -p /opt/passwordimmunity
sudo chown passwordimmunity:passwordimmunity /opt/passwordimmunity
# Copy application files
sudo cp -r /path/to/build/* /opt/passwordimmunity/
# Create systemd service
sudo nano /etc/systemd/system/passwordimmunity.serviceExample systemd service file:
[Unit]
Description=PasswordImmunity Server
After=network.target postgresql.service
[Service]
Type=simple
User=passwordimmunity
Group=passwordimmunity
WorkingDirectory=/opt/passwordimmunity
Environment=DATABASE_URL=postgresql://passwordimmunity:your_secure_password@localhost/passwordimmunity
ExecStart=/opt/passwordimmunity/passwordimmunity
Restart=always
[Install]
WantedBy=multi-user.target- Web Server Configuration:
Example Nginx configuration:
server {
listen 443 ssl http2;
server_name your-domain.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}- Firewall Configuration:
# Allow only necessary ports
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable- SSL/TLS Setup:
# Using certbot for Let's Encrypt
sudo certbot --nginx -d your-domain.com- Database Security:
- Enable SSL connections
- Regular security updates
- Automated backups
- Connection pooling
- Application Security:
- Rate limiting
- Failed login protection
- IP filtering
- Regular security audits
- System Monitoring:
- CPU usage
- Memory usage
- Disk space
- Network traffic
- Application Monitoring:
- Request latency
- Error rates
- Active users
- Authentication attempts
- Database Monitoring:
- Connection count
- Query performance
- Lock waiting
- Index usage
- Database Backups:
# Automated daily backups
pg_dump -U passwordimmunity passwordimmunity > backup_$(date +%Y%m%d).sql- Application Data:
- Regular backups of /data directory
- Attachment storage backups
- Configuration backups
- Backup Verification:
- Regular restore testing
- Integrity checks
- Backup rotation
- Horizontal Scaling:
- Load balancer configuration
- Multiple application instances
- Read replicas for database
- Vertical Scaling:
- CPU optimization
- Memory optimization
- Database tuning
- Common Issues:
- Database connection errors
- Memory issues
- CPU bottlenecks
- Network latency
- Logging:
- Application logs
- Database logs
- Web server logs
- System logs
- Regular Tasks:
- Security updates
- Database optimization
- Log rotation
- Backup verification
- Emergency Procedures:
- Failover process
- Data recovery
- Incident response
- Service restoration