# Deploiement Docker — Central ## Pre-requis ### Docker ```bash # Ubuntu sudo apt update sudo apt install -y ca-certificates curl gnupg sudo install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt update sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin sudo usermod -aG docker $USER ``` Se deconnecter/reconnecter pour que le groupe `docker` prenne effet. ### Nginx ```bash sudo apt install -y nginx sudo systemctl enable nginx sudo systemctl start nginx ``` ### PostgreSQL PostgreSQL tourne sur l'hote ou dans un conteneur separe, accessible depuis Central via `host.docker.internal`. Creer la base de donnees de production : ```bash cd /var/www/postgres docker compose exec postgres psql -U admin ``` ```sql -- Si le user n'existe pas encore CREATE USER malio WITH PASSWORD 'motdepasse'; -- Creer la base CREATE DATABASE central_prod OWNER malio; \q ``` ## Premiere installation ### 1. Creer le dossier de deploiement ```bash sudo mkdir -p /var/www/central sudo chown -R $(whoami):$(whoami) /var/www/central cd /var/www/central ``` ### 2. Se connecter au registry Docker Gitea ```bash docker login gitea.malio.fr ``` - Username : le compte Gitea autorise au registry - Password : le token registry ### 3. Creer les fichiers de deploiement Copier les fichiers du repo : - `infra/prod/docker-compose.yml` - `infra/prod/deploy.sh` Option equivalent ecrite en clair pour `docker-compose.yml` : ```yaml services: app: image: gitea.malio.fr/malio-dev/central:${CENTRAL_IMAGE_TAG:-latest} container_name: central-app env_file: .env ports: - "8084:80" volumes: - ./config/jwt:/var/www/html/config/jwt:ro - ./uploads:/var/www/html/var/uploads - /var/www/sirh:/var/www/maintenance/sirh - /var/www/lesstime:/var/www/maintenance/lesstime - /var/www/inventory:/var/www/maintenance/inventory - /var/www/ferme:/var/www/maintenance/ferme extra_hosts: - "host.docker.internal:host-gateway" restart: unless-stopped ``` Rendre le script executable : ```bash cp /chemin/vers/le/repo/Central/infra/prod/deploy.sh ./deploy.sh chmod +x deploy.sh ``` ### 4. Creer le fichier `.env` Exemple minimal de production : ```env APP_ENV=prod APP_DEBUG=0 APP_SECRET= DATABASE_URL="postgresql://malio:motdepasse@host.docker.internal:5432/central_prod?serverVersion=16&charset=utf8" DEFAULT_URI=http://central.malio-dev.fr APP_SHARE_DIR=var/share CORS_ALLOW_ORIGIN='^http://central\.malio-dev\.fr$' JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem JWT_PASSPHRASE= JWT_COOKIE_SECURE=0 JWT_TOKEN_TTL=86400 JWT_COOKIE_TTL=86400 ENCRYPTION_KEY= SIRH_MAINTENANCE_PATH=/var/www/maintenance/sirh/maintenance.on LESSTIME_MAINTENANCE_PATH=/var/www/maintenance/lesstime/maintenance.on INVENTORY_MAINTENANCE_PATH=/var/www/maintenance/inventory/maintenance.on FERME_MAINTENANCE_PATH=/var/www/maintenance/ferme/maintenance.on ``` ### 5. Generer les cles JWT ```bash mkdir -p config/jwt openssl genpkey -algorithm RSA -out config/jwt/private.pem -pkeyopt rsa_keygen_bits:4096 openssl rsa -pubout -in config/jwt/private.pem -out config/jwt/public.pem sudo chown 33:33 config/jwt/private.pem config/jwt/public.pem sudo chmod 644 config/jwt/private.pem config/jwt/public.pem ``` ### 6. Creer les dossiers persistants ```bash mkdir -p uploads ``` ### 7. Verifier l'acces aux apps managées Central pilote les fichiers `maintenance.on` des autres projets via des volumes montes en lecture/ecriture. Verifier que les dossiers existent : ```bash ls -ld /var/www/sirh /var/www/lesstime /var/www/inventory /var/www/ferme ``` Si Central ne peut pas ecrire `maintenance.on`, il faudra ajuster les permissions sur ces dossiers pour que le processus du conteneur puisse creer/supprimer ce fichier. ### 8. Configurer Nginx systeme Creer `/etc/nginx/sites-available/central.conf` : ```nginx server { listen 80; listen [::]:80; server_name central.malio-dev.fr; location / { proxy_pass http://127.0.0.1:8084; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 55m; } } ``` Activer le site : ```bash sudo ln -sf /etc/nginx/sites-available/central.conf /etc/nginx/sites-enabled/central.conf sudo nginx -t && sudo systemctl reload nginx ``` ### 9. Deployer ```bash cd /var/www/central ./deploy.sh ``` Le script : - pull l'image Docker - redemarre le conteneur - lance les migrations Doctrine - vide et rechauffe le cache Symfony ## Deployer une nouvelle version ```bash cd /var/www/central ./deploy.sh # latest ./deploy.sh v0.1.0 # version specifique ``` ## Verification apres deploiement 1. Ouvrir `http://central.malio-dev.fr` 2. Se connecter avec un compte admin 3. Verifier que la page Applications charge 4. Activer la maintenance sur SIRH 5. Verifier que `https://sirh.malio-dev.fr` renvoie la page de maintenance 6. Desactiver la maintenance depuis Central ## Rollback ### Image seule ```bash cd /var/www/central ./deploy.sh v0.1.0 ``` ### Avec rollback de migration ```bash cd /var/www/central sudo docker compose exec -T -u www-data app php bin/console doctrine:migrations:migrate prev --no-interaction ./deploy.sh v0.1.0 ``` ## Voir les logs ```bash cd /var/www/central sudo docker compose logs -f sudo docker compose logs -f --tail=100 ``` Logs Symfony : ```bash cd /var/www/central sudo docker compose exec -T app cat var/log/prod.log ``` ## Structure finale du dossier ```text /var/www/central/ ├── docker-compose.yml ├── deploy.sh ├── .env ├── config/jwt/ │ ├── private.pem │ └── public.pem └── uploads/ ```