# Penpot Infrastructure Setup

This repository contains the infrastructure configuration to run Penpot via Docker Compose.

## Step-by-Step Deployment Guide

### Step A: Clone the Repository
First, bring the repository to your local server and navigate into the directory.

```bash
git clone http://git.amiirkhl.ir/interanet/penpot-deployment.git
cd penpot-deployment
```

### Step B: SSL/TLS Certificate Configuration
Caddy handles the reverse proxy and SSL routing. Since the actual certificate files are ignored in version control for security, you must provide them manually before starting the containers.

Navigate to the certificates directory:
```bash
cd config/certs
```

You will see sample files (`fullchain.pem.sample` and `private.key.sample`). You need to place your actual SSL certificates here and name them exactly as follows:
- `fullchain.pem` (Your combined certificate file)
- `private.key` (Your private key file)

You can create these files and paste your certificate contents into them:
```bash
nano fullchain.pem
nano private.key
```
Ensure the permissions on these files allow Docker to read them (e.g., `chmod 644`).

### Step C: Environment Variables and Dynamic Access
Return to the root of the project and set up your environment variables.

```bash
cd ../../
cp .env.example .env
nano .env 
```

Inside your `.env` file, alongside your secret keys, passwords, and SMTP details, you must define your Caddy routing variables. You can dynamically toggle between Domain-only access and Domain+IP access without changing the `Caddyfile`.

For **Domain-only** access (Standard):
```env
CADDY_SITE_ADDRESS=https://design.amiirkhl.ir
CADDY_HTTP_ADDRESSES=http://caddy
```

For **Domain and Direct IP** access (Useful for DNS troubleshooting):
```env
CADDY_SITE_ADDRESS=https://design.amiirkhl.ir
CADDY_HTTP_ADDRESSES=http://YOUR_SERVER_IP, http://caddy
```
*(Whenever you change these variables in the future to toggle IP access, simply run `docker compose up -d caddy` to apply the changes).*

### Step D: Start the Services
Once your certificates are in place and your `.env` is configured, launch the stack in detached mode.

```bash
docker compose up -d
```

### Step E: Create the First Admin User
Once the containers are running and the database has initialized, you need to create your main admin account via the command line.

```bash
docker exec -it penpot-backend ./manage.sh create-profile
```