Deployment Overview of Strapi on Server¶

Prerequisites and Basic Requirements¶

The following requirements must be met on the server before the application is operational:

• Operating System: Ubuntu

• Privileges: Root access is required for Docker installation and configuration management.

• Domain: The application is configured for the hostkey.in zone.

• Ports:

• Port 1337 for the Strapi application.

• Port 5432 for the PostgreSQL database.

• Port 443 for HTTPS traffic via the proxy.

FQDN of the Final Panel¶

The application is accessible via the following Fully Qualified Domain Name (FQDN) format:

• strapi<Server ID>.hostkey.in

File and Directory Structure¶

The deployment utilizes the following directory structure for configuration, data, and certificates:

• /opt/strapi: Main volume directory for Strapi application data.

• /root/nginx: Directory containing Nginx and Certbot configuration files.

• /root/nginx/compose.yml: Docker Compose file for the proxy and SSL services.

• /data/nginx/nginx-certbot.env: Environment file for Nginx Certbot configuration.

• /data/nginx/user_conf.d: Directory for custom Nginx user configurations.

• /var/lib/postgresql/data: Persistent storage for the PostgreSQL database.

Application Installation Process¶

The application is deployed using Docker containers. The installation involves the following components and versions:

• Strapi: Deployed using the image docker-repo.hostkey.com/docker-anonymous/strapi:latest.

• PostgreSQL: Deployed using the image postgres:15.

• Nginx/Certbot: Deployed using the image jonasal/nginx-certbot:latest to handle SSL termination and reverse proxying.

The deployment creates a dedicated Docker network named strapi_network to facilitate communication between the Strapi application and the database.

Access Rights and Security¶

Security and access are managed through the following mechanisms:

• Firewall: External access to the Strapi application is routed through Nginx on port 443 (HTTPS). Direct access to the internal ports (1337 and 5432) is restricted to the Docker network or localhost unless explicitly exposed.

• Users: The Strapi volume directory (/opt/strapi) is owned by user ID 1000 and group ID 1000.

• Restrictions: The Nginx service runs in host network mode to manage SSL certificates and reverse proxy rules.

Databases¶

The application uses a PostgreSQL database with the following configuration:

• Connection Method: Internal Docker network connection.

• Storage Location: /var/lib/postgresql/data.

• Database Settings:

• Database Name: strapi

• Database User: strapi_user

• Database Host: strapi-db

• Database Port: 5432

Docker Containers and Their Deployment¶

The system deploys three primary containers using Docker:

1. PostgreSQL Container

2. Name: strapi-db

3. Image: postgres:15

4. Restart Policy: always

5. Network: strapi_network

6. Volumes: Maps /var/lib/postgresql/data to the container's data directory.

7. Ports: Exposes 5432 internally.

8. Strapi Container

9. Name: strapi

10. Image: docker-repo.hostkey.com/docker-anonymous/strapi:latest

11. Restart Policy: always

12. Network: strapi_network

13. Volumes: Maps /opt/strapi to /srv/app inside the container.

14. Ports: Exposes 1337 internally.

15. Environment Variables:

    • DATABASE_CLIENT: postgres

    • DATABASE_NAME: strapi

    • DATABASE_HOST: strapi-db

    • DATABASE_PORT: 5432

    • DATABASE_USERNAME: strapi_user

    • DATABASE_PASSWORD: strapi_password

16. Nginx/Certbot Container

17. Name: Defined in /root/nginx/compose.yml

18. Image: jonasal/nginx-certbot:latest

19. Restart Policy: unless-stopped

20. Network Mode: host

21. Volumes:

    • nginx_secrets (external) mapped to /etc/letsencrypt.

    • /data/nginx/user_conf.d mapped to /etc/nginx/user_conf.d.

22. Environment:

    • CERTBOT_EMAIL: [email protected]

Proxy Servers¶

The deployment includes an Nginx reverse proxy with SSL support managed by Certbot:

• Software: Nginx with Certbot integration.

• Configuration Location: /root/nginx/compose.yml.

• SSL Certificates: Stored in the nginx_secrets volume at /etc/letsencrypt.

• Custom Domains: Configured to handle the hostkey.in zone.

• Email for Certbot: [email protected].

Permission Settings¶

File and directory permissions are set as follows:

• /opt/strapi: Owner 1000:1000, Mode 0755.

• /root/nginx: Owner root:root, Mode 0755.

• /root/nginx/compose.yml: Owner root:root, Mode 0644.

Location of Configuration Files and Data¶

• Strapi Data: /opt/strapi

• Nginx Configuration: /root/nginx/compose.yml

• Nginx Environment: /data/nginx/nginx-certbot.env

• Nginx User Config: /data/nginx/user_conf.d

• Database Data: /var/lib/postgresql/data

• SSL Certificates: /etc/letsencrypt (via Docker volume nginx_secrets)

Available Ports for Connection¶

The following ports are configured for the application:

• Port 1337: Internal Strapi application port.

• Port 5432: Internal PostgreSQL database port.

• Port 443: External HTTPS port for the Nginx proxy.

Starting, Stopping, and Updating¶

The services are managed using Docker and Docker Compose commands:

• Start Nginx/Certbot:

  cd /root/nginx
  docker compose up -d
  

• Check Running Containers:

  docker ps
  

• Restart Strapi Container:

  docker restart strapi
  

• Restart Database Container:

  docker restart strapi-db
  

• Update Images: Pull the latest images using docker pull for the respective image names, then restart the containers.