Deployment Overview of Restyaboard on Server¶

Prerequisites and Basic Requirements¶

The deployment requires an Ubuntu-based Linux environment with root privileges. The following components must be present or installed:

• Operating System: Ubuntu (compatible with apt package manager).

• Privileges: Root access or sudo privileges to manage Docker services and system directories.

• Network: The server must have internet access to pull container images from Docker Hub.

• Ports:

  • Port 443 (HTTPS) for external access.

  • Port 80 (HTTP) for SSL certificate validation via Certbot.

  • Port 8080 (Internal) for local application communication.

Application Access URL¶

The Restyaboard instance is accessible via the following Fully Qualified Domain Name (FQDN) format:

• URL Format: restyaboard<Server ID>.hostkey.in:443

  • Replace <Server ID> with the specific identifier assigned to the server instance.

  • The application uses HTTPS (port 443) as the external interface.

File and Directory Structure¶

The application data and configuration files are organized within the following directory structure on the host system:

• Application Data:

  • /opt/restyaboard/postgres: Persistent storage for PostgreSQL database files.

  • /opt/restyaboard/uploads: Storage directory for user-uploaded files.

• Proxy Configuration:

  • /root/nginx: Directory containing Docker Compose files for the Nginx proxy.

  • /data/nginx/user_conf.d: Directory containing custom Nginx configuration files, including restyaboard<Server ID>.hostkey.in.conf.

• SSL Certificates:

  • /etc/letsencrypt: External volume mounted for storing Let's Encrypt SSL certificates (managed by the nginx-secrets volume).

Application Installation Process¶

The Restyaboard application is deployed using Docker containers. The process involves setting up a PostgreSQL database, creating a dedicated network, and running the application container.

• Software Version: The deployment utilizes restyaplatform/restyaboard:v1.7.1.

• Database Engine: PostgreSQL version 15 (postgres:15).

• Deployment Method: Manual execution of Docker commands to pull images and start containers with specific environment variables and volume mappings.

Docker Containers and Their Deployment¶

The architecture consists of two primary containers and a dedicated Docker network.

Network Configuration

• Network Name: restya_net

• Purpose: Isolated communication between the application and database containers.

Database Container

• Name: restya_db

• Image: postgres:15

• Command:

  docker run -d \
    --name restya_db \
    --network restya_net \
    -e POSTGRES_USER=postgres \
    -e POSTGRES_PASSWORD=<generated_password> \
    -e POSTGRES_DB=restyaboard \
    -v /opt/restyaboard/postgres:/var/lib/postgresql/data \
    --restart unless-stopped \
    postgres:15
  

• Role Creation: A dedicated database role restya is created within the container with login privileges.

Application Container

• Name: restya_app

• Image: restyaplatform/restyaboard:v1.7.1

• Command:

  docker run -d \
    --name restya_app \
    --network restya_net \
    -e POSTGRES_HOST=restya_db \
    -e POSTGRES_PORT=5432 \
    -e POSTGRES_ADMIN_USER=postgres \
    -e POSTGRES_ADMIN_PASS=<generated_password> \
    -e RESTYA_DB_USERNAME=restya \
    -e RESTYA_DB_USERPASS=<generated_password> \
    -e RESTYA_DB=restyaboard \
    -p 127.0.0.1:8080:80 \
    --restart unless-stopped \
    restyaplatform/restyaboard:v1.7.1
  

Databases¶

The application uses a PostgreSQL database for data storage.

• Connection Method: Internal network communication via the hostname restya_db.

• Storage Location: Persisted on the host filesystem at /opt/restyaboard/postgres.

• Database Settings: | Parameter | Value | Description | | :--- | :--- | :--- | | Database Name | restyaboard | The primary database for the application. | | Admin User | postgres | Superuser for administrative tasks. | | App User | restya | Dedicated role for the Restyaboard application. | | Port | 5432 | Internal PostgreSQL port. | | Password | <generated_password> | Secured via Ansible variables (restya_db_password). |

• Schema Initialization: If the oauth_clients or settings tables are missing, the schema is automatically imported from the restya_app container using the restyaboard_with_empty_data.sql or similar SQL files found in /var/lib/nginx/html/sql.

Proxy Servers¶

Nginx acts as a reverse proxy to handle SSL termination and route traffic to the internal application.

• Proxy Image: jonasal/nginx-certbot:latest

• Service Name: nginx

• Deployment Command:

  docker compose -p certproxy up -d nginx
  

• Configuration Path: /root/nginx/compose.yml

• Custom Domain Configuration:

  • The proxy passes traffic to the internal application at http://127.0.0.1:8080.

  • Configuration file: /data/nginx/user_conf.d/restyaboard<Server ID>.hostkey.in.conf.

  • The proxy_pass directive is set to http://127.0.0.1:8080.

• SSL/Certbot: Managed via the nginx-certbot environment variable [email protected]. Certificates are stored in the nginx_secrets volume mounted at /etc/letsencrypt.

Available Ports for Connection¶

The following ports are utilized for internal and external communication:

• 443: HTTPS external traffic (Public access via Nginx).

• 80: HTTP traffic (Used for SSL certificate renewal and redirection).

• 8080: Internal application traffic (Bound to 127.0.0.1, accessible only locally).

• 5432: PostgreSQL database port (Accessible only within the restya_net Docker network).

Access Rights and Security¶

• Firewall: External access is restricted to ports 80 and 443. Port 8080 is bound only to the loopback interface (127.0.0.1), preventing direct external access to the application container.

• File Permissions:

  • /opt/restyaboard/postgres: 0755 (readable/writable by owner, readable by others).

  • /opt/restyaboard/uploads: 0755.

  • /root/nginx: 0755, owned by root:root.

  • /data/nginx/user_conf.d: Config files set to 0644.

• User Restrictions: The application database role restya is created with specific login credentials, separate from the superuser postgres.

Starting, Stopping, and Updating¶

Container Management

• Start Database: docker start restya_db

• Start Application: docker start restya_app

• Stop Database: docker stop restya_db

• Stop Application: docker stop restya_app

• Restart Application: docker restart restya_app

Proxy Management

• Start/Update Proxy: docker compose -p certproxy up -d nginx (Executed from /root/nginx)

• Stop Proxy: docker compose -p certproxy stop nginx

Image Updates

• Pull New Images:

  • docker pull postgres:15

  • docker pull restyaplatform/restyaboard:v1.7.1

• Restart Containers: After pulling new images, restart the containers using docker restart <container_name> to apply changes.