Deployment Overview of Dokku on Server¶
Prerequisites and Basic Requirements¶
The deployment requires a server running the Ubuntu operating system. The installation process necessitates root privileges to execute system-level commands and manage Docker containers. A global domain must be configured for the Dokku instance to handle application routing. The system utilizes Docker for container orchestration and requires network access to download installation scripts and pull container images.
File and Directory Structure¶
The deployment establishes specific directories for configuration management and data storage:
/root/nginx: The primary directory for the Nginx proxy and Certbot configuration files./root/nginx/compose.yml: The Docker Compose file defining the Nginx and Certbot services./data/nginx/nginx-certbot.env: The environment file containing configuration variables for the Nginx container./data/nginx/user_conf.d: The directory storing user-specific Nginx configuration files./etc/letsencrypt: The mount point for SSL certificates managed by Certbot.
Application Installation Process¶
The Dokku application is installed using the official bootstrap script. The process involves downloading the script to the /tmp directory and executing it with the specific version tag.
- Download the bootstrap script to
/tmp/bootstrap.sh. - Execute the installation command with the
DOKKU_TAGenvironment variable set to the desired version. - Install core dependencies for the Dokku plugins.
- Set the global domain for the Dokku instance using the
dokku domains:set-globalcommand.
The installation commands are as follows:
sudo DOKKU_TAG=<version> bash /tmp/bootstrap.sh
dokku plugin:install-dependencies --core
dokku domains:set-global <domain>
Docker Containers and Their Deployment¶
The proxy infrastructure is deployed using Docker Compose. The configuration file is located at /root/nginx/compose.yml. The deployment utilizes the jonasal/nginx-certbot:latest image.
The Docker Compose configuration includes the following services and settings:
- Service Name:
nginx - Image:
jonasal/nginx-certbot:latest - Restart Policy:
unless-stopped - Network Mode:
host - Environment Variables:
CERTBOT_EMAIL: Set to[email protected]- Volumes:
nginx_secrets: Mounted to/etc/letsencryptfor SSL certificate storage./data/nginx/user_conf.d: Mounted to/etc/nginx/user_conf.dfor custom Nginx configurations.
To start the proxy services, the following command is executed from the /root/nginx directory:
Proxy Servers¶
The system uses Nginx as a reverse proxy with integrated Let's Encrypt (Certbot) support for SSL certificate management. The proxy is configured to handle traffic for custom domains defined in the user configuration files located in /data/nginx/user_conf.d.
The Nginx container is configured with the following parameters: - It runs in host network mode. - It reads environment variables from /data/nginx/nginx-certbot.env. - It manages SSL certificates automatically via the jonasal/nginx-certbot image.
Permission Settings¶
The file and directory permissions are set to ensure secure access for the root user and the Docker daemon:
- The
/root/nginxdirectory is owned byroot:rootwith permissions0755. - The
/root/nginx/compose.ymlfile is owned byroot:rootwith permissions0644. - The bootstrap script at
/tmp/bootstrap.shis set to executable mode0755.
Starting, Stopping, and Updating¶
The proxy services are managed via Docker Compose commands executed in the /root/nginx directory.
- Start Services:
- Stop Services:
- Update Services: To update the Nginx container to the latest version, pull the new image and restart the services:
Dokku application management is handled through the dokku command-line interface, which manages the lifecycle of deployed applications based on the configured global domain.