# 🚀 Pre-built Images Deployment Guide This guide shows how to deploy using pre-built Docker images instead of building on Plesk. ## Benefits - ✅ No build failures on Plesk - ✅ Faster deployments (no compilation time) - ✅ Consistent images across environments - ✅ Better security (build in controlled environment) - ✅ Easy rollbacks and version control ## Prerequisites 1. **GitHub Account** (for free container registry) 2. **Docker installed locally** (for building images) 3. **Plesk with Docker extension** ## Step 1: Setup GitHub Container Registry 1. Go to GitHub → Settings → Developer settings → Personal access tokens → Tokens (classic) 2. Create a new token with these permissions: - `write:packages` (to push images) - `read:packages` (to pull images) 3. Save the token securely ## Step 2: Login to GitHub Container Registry ```bash # Replace YOUR_USERNAME and YOUR_TOKEN echo "YOUR_TOKEN" | docker login ghcr.io -u YOUR_USERNAME --password-stdin ``` ## Step 3: Update Build Script Edit `scripts/build-and-push.sh`: ```bash # Change this line: NAMESPACE="your-github-username" # Replace with your actual GitHub username ``` ## Step 4: Build and Push Images ```bash # Build and push with version tag ./scripts/build-and-push.sh v1.0.0 # Or build and push as latest ./scripts/build-and-push.sh ``` ## Step 5: Update Plesk Compose File Edit `compose-plesk.yaml` and replace: ```yaml image: ghcr.io/your-github-username/portal-frontend:latest image: ghcr.io/your-github-username/portal-backend:latest ``` With your actual GitHub username. ## Step 6: Deploy to Plesk 1. **Upload compose-plesk.yaml** to your Plesk server 2. **Plesk → Docker → Add Stack** 3. **Paste the contents** of `compose-plesk.yaml` 4. **Deploy** ## Step 7: Configure Plesk Reverse Proxy 1. **Plesk → Domains → your-domain.com → Apache & Nginx Settings** 2. **Add to "Additional directives for HTTP":** ```nginx location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; } location /api { proxy_pass http://127.0.0.1:4000; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } ``` ## Step 8: Secure Database Access Add to Plesk Firewall: ``` # Allow Docker bridge network ACCEPT from 172.17.0.0/16 to any port 5432 ACCEPT from 172.17.0.0/16 to any port 6379 # Deny external access to database DROP from any to any port 5432 DROP from any to any port 6379 ``` ## Updating Your Application 1. **Make code changes** 2. **Build and push new images:** ```bash ./scripts/build-and-push.sh v1.0.1 ``` 3. **Update compose-plesk.yaml** with new version tag 4. **Redeploy in Plesk** ## Troubleshooting ### Images not found - Check if you're logged in: `docker login ghcr.io` - Verify image names match your GitHub username - Ensure images are public or Plesk can authenticate ### Build failures - Run locally first: `docker build -f apps/portal/Dockerfile .` - Check Docker logs for specific errors - Ensure all dependencies are in package.json ### Connection issues - Verify firewall allows Docker bridge network (172.17.0.0/16) - Check that DATABASE_URL uses correct IP (172.17.0.1) - Test database connection from backend container ## Security Notes - Database is only accessible from Docker bridge network - Backend API is only accessible via reverse proxy - Use strong passwords and JWT secrets - Consider using Docker secrets for sensitive data - Regularly update base images for security patches