81c0efb0b8
- Deleted .env.dev.example and .env.production.example files to streamline configuration management. - Updated Dockerfile to install production dependencies recursively, ensuring all necessary packages are included during the build process.
3.9 KiB
3.9 KiB
🚀 Pre-built Images Deployment Guide
This guide shows how to deploy using pre-built Docker images instead of building on Plesk.
Benefits
- ✅ No build failures on Plesk
- ✅ Faster deployments (no compilation time)
- ✅ Consistent images across environments
- ✅ Better security (build in controlled environment)
- ✅ Easy rollbacks and version control
Prerequisites
- GitHub Account (for free container registry)
- Docker installed locally (for building images)
- Plesk with Docker extension
Step 1: Setup GitHub Container Registry
- Go to GitHub → Settings → Developer settings → Personal access tokens → Tokens (classic)
- Create a new token with these permissions:
write:packages(to push images)read:packages(to pull images)
- Save the token securely
Step 2: Login to GitHub Container Registry
# Replace YOUR_USERNAME and YOUR_TOKEN
echo "YOUR_TOKEN" | docker login ghcr.io -u YOUR_USERNAME --password-stdin
Step 3: Update Build Script
Edit scripts/build-and-push.sh:
# Change this line:
NAMESPACE="your-github-username" # Replace with your actual GitHub username
Step 4: Build and Push Images
# Build and push with version tag
./scripts/build-and-push.sh v1.0.0
# Or build and push as latest
./scripts/build-and-push.sh
Step 5: Update Plesk Compose File
Edit compose-plesk.yaml and replace:
image: ghcr.io/your-github-username/portal-frontend:latest
image: ghcr.io/your-github-username/portal-backend:latest
With your actual GitHub username.
Step 6: Deploy to Plesk
- Upload compose-plesk.yaml to your Plesk server
- Plesk → Docker → Add Stack
- Paste the contents of
compose-plesk.yaml - Deploy
Step 7: Configure Plesk Reverse Proxy
- Plesk → Domains → your-domain.com → Apache & Nginx Settings
- Add to "Additional directives for HTTP":
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
location /api {
proxy_pass http://127.0.0.1:4000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Step 8: Secure Database Access
Add to Plesk Firewall:
# Allow Docker bridge network
ACCEPT from 172.17.0.0/16 to any port 5432
ACCEPT from 172.17.0.0/16 to any port 6379
# Deny external access to database
DROP from any to any port 5432
DROP from any to any port 6379
Updating Your Application
- Make code changes
- Build and push new images:
./scripts/build-and-push.sh v1.0.1 - Update compose-plesk.yaml with new version tag
- Redeploy in Plesk
Troubleshooting
Images not found
- Check if you're logged in:
docker login ghcr.io - Verify image names match your GitHub username
- Ensure images are public or Plesk can authenticate
Build failures
- Run locally first:
docker build -f apps/portal/Dockerfile . - Check Docker logs for specific errors
- Ensure all dependencies are in package.json
Connection issues
- Verify firewall allows Docker bridge network (172.17.0.0/16)
- Check that DATABASE_URL uses correct IP (172.17.0.1)
- Test database connection from backend container
Security Notes
- Database is only accessible from Docker bridge network
- Backend API is only accessible via reverse proxy
- Use strong passwords and JWT secrets
- Consider using Docker secrets for sensitive data
- Regularly update base images for security patches