diff --git a/README.md b/README.md index 01babe5..27a9225 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,70 @@ -# Self-Hosted Penpot Deployment +# Penpot Infrastructure Setup This repository contains the infrastructure configuration to run Penpot via Docker Compose. -## Deployment Instructions +## Step-by-Step Deployment Guide -1. **Clone the repository:** - git clone http://git.amiirkhl.ir/interanet/penpot-deployment.git - cd penpot-deployment +### Step A: Clone the Repository +First, bring the repository to your local server and navigate into the directory. -2. **Setup Environment Variables:** - cp .env.example .env - # Edit the .env file and add your secret keys, passwords, and SMTP details - nano .env +```bash +git clone http://git.amiirkhl.ir/interanet/penpot-deployment.git +cd penpot-deployment +``` -3. **Start the Services:** - docker compose up -d +### Step B: SSL/TLS Certificate Configuration +Caddy handles the reverse proxy and SSL routing. Since the actual certificate files are ignored in version control for security, you must provide them manually before starting the containers. -4. **Create the First Admin User:** - Once the containers are running, you need to create your main admin account via the command line: - docker exec -it penpot-backend ./manage.sh create-profile +Navigate to the certificates directory: +```bash +cd config/certs +``` + +You will see sample files (`fullchain.pem.sample` and `private.key.sample`). You need to place your actual SSL certificates here and name them exactly as follows: +- `fullchain.pem` (Your combined certificate file) +- `private.key` (Your private key file) + +You can create these files and paste your certificate contents into them: +```bash +nano fullchain.pem +nano private.key +``` +Ensure the permissions on these files allow Docker to read them (e.g., `chmod 644`). + +### Step C: Environment Variables and Dynamic Access +Return to the root of the project and set up your environment variables. + +```bash +cd ../../ +cp .env.example .env +nano .env +``` + +Inside your `.env` file, alongside your secret keys, passwords, and SMTP details, you must define your Caddy routing variables. You can dynamically toggle between Domain-only access and Domain+IP access without changing the `Caddyfile`. + +For **Domain-only** access (Standard): +```env +CADDY_SITE_ADDRESS=https://design.amiirkhl.ir +CADDY_HTTP_ADDRESSES=http://caddy +``` + +For **Domain and Direct IP** access (Useful for DNS troubleshooting): +```env +CADDY_SITE_ADDRESS=https://design.amiirkhl.ir +CADDY_HTTP_ADDRESSES=http://YOUR_SERVER_IP, http://caddy +``` +*(Whenever you change these variables in the future to toggle IP access, simply run `docker compose up -d caddy` to apply the changes).* + +### Step D: Start the Services +Once your certificates are in place and your `.env` is configured, launch the stack in detached mode. + +```bash +docker compose up -d +``` + +### Step E: Create the First Admin User +Once the containers are running and the database has initialized, you need to create your main admin account via the command line. + +```bash +docker exec -it penpot-backend ./manage.sh create-profile +``` \ No newline at end of file