81 lines
2.3 KiB
Markdown
81 lines
2.3 KiB
Markdown
# Complete Docker + Traefik + SSL Setup for Quixotic
|
|
|
|
## Files Created/Modified
|
|
|
|
### Docker Configuration
|
|
- `docker-compose.yml` - Main orchestration with Traefik v3.0 + Certbot
|
|
- `Dockerfile` - Multi-stage build, fixed ARM64 ffmpeg compatibility
|
|
- `.env.docker` - Environment variables for production
|
|
- `traefik.yml` - Static Traefik configuration
|
|
- `.dockerignore` - Docker build exclusions
|
|
- `Dockerfile.base` - Base image (created but not used)
|
|
|
|
### SSL Setup
|
|
- `ssl-setup.sh` - Automated SSL setup script for domains
|
|
- Traefik configured for HTTP challenge (not TLS challenge)
|
|
- Certbot service for additional certificate management
|
|
- Auto-renewal every 12 hours
|
|
|
|
## Key Features Implemented
|
|
|
|
### Traefik Reverse Proxy
|
|
- Automatic HTTPS with Let's Encrypt
|
|
- HTTP to HTTPS redirect
|
|
- Dashboard on port 8080 with basic auth
|
|
- Docker provider with label-based routing
|
|
|
|
### Docker Optimization
|
|
- Multi-stage build for smaller images
|
|
- Health checks for application
|
|
- Persistent volumes for SSL certs and downloads
|
|
- Non-root user for security
|
|
|
|
### SSL/TLS
|
|
- HTTP challenge for certificate validation
|
|
- Automatic certificate renewal
|
|
- Domain-based configuration via environment
|
|
|
|
### Architecture Fixes
|
|
- Fixed ffmpeg ARM64 compatibility issue
|
|
- Changed from copied binaries to Alpine packages
|
|
- Proper paths: `/usr/bin/ffmpeg` instead of `/usr/local/bin/ffmpeg`
|
|
|
|
## Usage Commands
|
|
|
|
```bash
|
|
# Local development
|
|
docker-compose --env-file .env.docker up -d
|
|
|
|
# Production with SSL
|
|
./ssl-setup.sh yourdomain.com your-email@domain.com
|
|
|
|
# Management
|
|
npm run docker:up
|
|
npm run docker:down
|
|
npm run docker:logs
|
|
npm run docker:rebuild
|
|
```
|
|
|
|
## Access Points
|
|
- App: https://yourdomain.com (or http://localhost)
|
|
- Traefik dashboard: http://localhost:8080
|
|
- Health check: /health endpoint
|
|
|
|
## Issues Resolved
|
|
1. ❌ ffmpeg architecture mismatch (ARM vs x86_64)
|
|
✅ Fixed with Alpine packages instead of copied binaries
|
|
|
|
2. ❌ npm ci lockfile sync issues
|
|
✅ Changed to npm install + npm prune
|
|
|
|
3. ❌ SSL certificate complexity
|
|
✅ Automated with Traefik + Let's Encrypt + HTTP challenge
|
|
|
|
4. ❌ Verbose logging in SoundCloud service
|
|
✅ Removed debug console.log statements
|
|
|
|
## Current Status
|
|
- ✅ Docker builds successfully
|
|
- ✅ Traefik proxy working
|
|
- ✅ SSL automation ready
|
|
- ⚠️ ffmpeg conversion still needs testing after ARM64 fix |