Files

Michael Schiemer e26eb2aa12 feat: CI/CD pipeline setup complete - Ansible playbooks updated, secrets configured, workflow ready

2025-10-31 01:39:24 +01:00

5.2 KiB

Raw Blame History

Pragmatic Production Deployment Setup

Architecture Overview

This deployment setup uses separate Docker Compose stacks for better maintainability and clear separation of concerns.

Infrastructure Components

Production Server (94.16.110.151)
├── Stack 1: Traefik (Reverse Proxy & SSL)
├── Stack 2: Gitea (Git Server + MySQL + Redis)
├── Stack 3: Docker Registry (Private Registry)
├── Stack 4: Application (PHP + Nginx + Redis + Queue Workers)
├── Stack 5: PostgreSQL (Database)
└── Stack 6: Monitoring (Portainer + Grafana + Prometheus)

Development Machine
└── Gitea Actions Runner (local, Docker-in-Docker)

Deployment Flow

Developer → git push
         ↓
    Gitea (Production)
         ↓
    Gitea Actions (Dev Machine)
         ↓
    Build Docker Image
         ↓
    Push to Private Registry
         ↓
    SSH/Ansible → Production Server
         ↓
    docker compose pull
         ↓
    docker compose up -d

Directory Structure

deployment/
├── stacks/                    # Docker Compose stacks
│   ├── traefik/              # Reverse proxy with SSL
│   ├── gitea/                # Git server
│   ├── registry/             # Private Docker registry
│   ├── application/          # Main PHP application
│   ├── postgres/             # Database
│   └── monitoring/           # Portainer + Grafana + Prometheus
├── ansible/                   # Automation playbooks
│   ├── playbooks/            # Deployment automation
│   ├── inventory/            # Server inventory
│   └── secrets/              # Ansible Vault secrets
├── runner/                    # Gitea Actions runner (dev machine)
├── scripts/                   # Helper scripts
└── docs/                      # Deployment documentation

Getting Started

Prerequisites

Production Server:

Docker & Docker Compose installed
Firewall configured (ports 80, 443, 2222)
User deploy with Docker permissions
SSH access configured

Development Machine:

Docker & Docker Compose installed
Ansible installed
SSH key configured for production server

Initial Setup

Deploy Infrastructure Stacks (Production)

cd deployment/stacks/traefik && docker compose up -d
cd ../postgres && docker compose up -d
cd ../registry && docker compose up -d
cd ../gitea && docker compose up -d
cd ../monitoring && docker compose up -d

Setup Gitea Runner (Development)

cd deployment/runner
docker compose up -d

Deploy Application

cd deployment/ansible
ansible-playbook -i inventory/production.yml playbooks/deploy-application.yml

Stack Documentation

Each stack has its own README with detailed configuration:

Traefik - Reverse proxy setup
Gitea - Git server configuration
Registry - Private registry setup
Application - Application deployment
PostgreSQL - Database configuration
Monitoring - Monitoring stack

Deployment Commands

Manual Deployment

./scripts/deploy.sh

Rollback to Previous Version

./scripts/rollback.sh

Update Specific Stack

cd stacks/<stack-name>
docker compose pull
docker compose up -d

CI/CD Pipeline

The CI/CD pipeline is defined in .gitea/workflows/deploy.yml and runs on push to main branch:

Build Stage: Build Docker image
Push Stage: Push to private registry
Deploy Stage: Deploy to production via Ansible

Monitoring

Access monitoring tools:

Portainer: https://portainer.yourdomain.com
Grafana: https://grafana.yourdomain.com
Prometheus: https://prometheus.yourdomain.com

Backup & Recovery

Automated Backups

PostgreSQL: Daily backups with 7-day retention
Gitea Data: Weekly backups
Registry Images: On-demand backups

Manual Backup

ansible-playbook -i inventory/production.yml playbooks/backup.yml

Restore from Backup

ansible-playbook -i inventory/production.yml playbooks/restore.yml

Security

All external services behind Traefik with HTTPS
Private registry with BasicAuth
Secrets managed via Ansible Vault
Regular security updates via Watchtower

Troubleshooting

Check Stack Health

cd stacks/<stack-name>
docker compose ps
docker compose logs -f

Check Service Connectivity

curl -I https://app.yourdomain.com
docker network inspect traefik-public

View Logs

# Application logs
docker compose -f stacks/application/docker-compose.yml logs -f app-php

# Traefik logs
docker compose -f stacks/traefik/docker-compose.yml logs -f

Support

For issues and questions, see:

Migration from Docker Swarm

See Migration Guide for detailed instructions on migrating from the old Docker Swarm setup.

License

This deployment configuration is part of the Custom PHP Framework project.

5.2 KiB Raw Blame History