diff --git a/README.md b/README.md index e67c927..505c50e 100644 --- a/README.md +++ b/README.md @@ -21,21 +21,27 @@ docker run #### With SSL ```sh docker run - -e DATABASE_URL='postgresql://{postgres user}:{postgres password}@{postgres host}/{postgres database}' + -e DATABASE_URL='postgresql://{postgres user}:{postgres password}@{postgres host}/{postgres database}' + -e HTTP_PORT=8080 + -e SSL_PORT=8443 -e SSL_ENABLED='true' - -v /data/findtheti-me/certs:/etc/findtheti-me/certs # Place your cert files in /data/findtheti-me/certs and ensure they have permissions of at least 644 - -p {http port to run on}:8080 # if SSL_REDIRECT=false, this can be skipped - -p {ssl port to run on}:8443 + -v /data/findtheti-me/certs:/etc/findtheti-me/certs # Place your cert files in /data/findtheti-me/certs + -p {http port to run on}:8080 # if SSL_REDIRECT=false, this can be skipped. If enabled, ensure the SSL_PORT is configured the same as it is exposed. + -p 8443:8443 # See above mvv97/findthetime:latest ``` -### Example docker-compose.yml +Ensure the cert files are owned by user:group `10001:10001`, as those correspond to the container user. + +#### Example docker-compose.yml w/ SSL + ```yml -version: "3.4" +version: '3.4' services: postgresql: + container_name: ftt_db image: "docker.io/library/postgres:16-alpine" restart: unless-stopped volumes: @@ -49,17 +55,48 @@ services: image: "docker.io/mvv97/findthetime:latest" restart: unless-stopped environment: - DATABASE_URL: "postgres://${PG_USER:-findthetime}:${PG_PASS}@postgresql/${PG_DB:-findthetime}" - SSL_ENABLED: 'true' # when this is set to false ( default ), the ssl port is not listened to. - SSL_REDIRECT: 'true' - SSL_PORT: '8443' - SSL_CERT_PATH: '/etc/findtheti-me/certs/server.cert' - SSL_KEY_PATH: '/etc/findtheti-me/certs/server.key' + DATABASE_URL: "postgres://${PG_USER:-findthetime}:${PG_PASS}@ftt_db/${PG_DB:-findthetime}" + LOG_LEVEL: 'debug' + HTTP_PORT: '8114' + SSL_ENABLED: 'true' + SSL_PORT: '8115' + SSL_CERT_PATH: '/etc/findtheti-me/certs/fullchain.pem' + SSL_KEY_PATH: '/etc/findtheti-me/certs/privkey.pem' volumes: - '/data/findtheti-me/certs:/etc/findtheti-me/certs' ports: - - '8080:8080' - - '8443:8443' + - '8114:8114' + - '8115:8115' +``` + +#### Example docker-compose.yml w/o SSL + +```yml +version: '3.4' + +services: + + postgresql: + container_name: ftt_db + image: "docker.io/library/postgres:16-alpine" + restart: unless-stopped + volumes: + - '/data/findtheti-me/postgres_data:/var/lib/postgresql/data' + environment: + POSTGRES_PASSWORD: ${PG_PASS:?database password required} + POSTGRES_USER: ${PG_USER:-findthetime} + POSTGRES_DB: ${PG_DB:-findthetime} + + findthetime: + image: "docker.io/mvv97/findthetime:latest" + restart: unless-stopped + environment: + DATABASE_URL: "postgres://${PG_USER:-findthetime}:${PG_PASS}@ftt_db/${PG_DB:-findthetime}" + LOG_LEVEL: 'debug' + HTTP_PORT: '8114' + SSL_ENABLED: 'false' + ports: + - '8114:8114' ``` Ensure you have the necessary environment variables configured: `PG_DB`, `PG_USER` and `PG_PASS`. @@ -86,7 +123,6 @@ Finally, run `./findtheti-me` in the root, and the application should start. In order to enable SSL, configure `SSL_ENABLED=true`, `SSL_PORT` with the desired port ( `8443` by default ), and `SSL_CERT_PATH` and `SSL_KEY_PATH` with the paths to your certificate and key files ( `/etc/letsencrypt/live/your.domain/cert.pem` and `/etc/letsencrypt/live/your.domain/key.pem`, for example ). -Ensure the permissions of these files are at least `644`, as the container user will need to be able to read them. **Note that there is currently no support for encrypted private keys ( those that start with `-----BEGIN ENCRYPTED PRIVATE KEY-----`). Attempting to use such will be met with the error:**