From 3ea3a004c0badfbcf2cc3a30518acb59079b5421 Mon Sep 17 00:00:00 2001
From: tristan <tristan@yuno.malio.fr>
Date: Mon, 30 Mar 2026 17:44:39 +0200
Subject: [PATCH] docs : add Docker deployment documentation

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 doc/deployment-docker.md | 135 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100644 doc/deployment-docker.md

diff --git a/doc/deployment-docker.md b/doc/deployment-docker.md
new file mode 100644
index 0000000..25a6c8d
--- /dev/null
+++ b/doc/deployment-docker.md
@@ -0,0 +1,135 @@
+# Deploiement Docker — SIRH
+
+## Pre-requis
+
+Installer Docker et Docker Compose sur la machine :
+
+```bash
+# Ubuntu
+sudo apt update
+sudo apt install -y ca-certificates curl gnupg
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo apt update
+sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+sudo usermod -aG docker $USER
+```
+
+Se deconnecter/reconnecter pour que le groupe `docker` prenne effet.
+
+## Premier deploiement
+
+### 1. Creer le dossier de deploiement
+
+```bash
+sudo mkdir -p /var/www/sirh
+sudo chown -R $(whoami):$(whoami) /var/www/sirh
+```
+
+### 2. Copier les fichiers depuis le repo
+
+```bash
+cp deploy/docker/docker-compose.prod.yml /var/www/sirh/docker-compose.yml
+cp deploy/docker/deploy.sh /var/www/sirh/deploy.sh
+cp deploy/docker/.env.example /var/www/sirh/.env
+chmod +x /var/www/sirh/deploy.sh
+```
+
+### 3. Configurer l'environnement
+
+Editer `/var/www/sirh/.env` avec les vraies valeurs :
+- `APP_SECRET` : generer avec `openssl rand -hex 32`
+- `DATABASE_URL` : `postgresql://user:pass@host.docker.internal:5432/sirh?serverVersion=16&charset=utf8`
+- `JWT_PASSPHRASE` : generer avec `openssl rand -hex 32`
+
+### 4. Generer les cles JWT
+
+```bash
+cd /var/www/sirh
+mkdir -p config/jwt
+docker run --rm -v $(pwd)/config/jwt:/jwt php:8.4-cli bash -c \
+  "apt-get update -qq && apt-get install -y -qq openssl > /dev/null && \
+   openssl genpkey -algorithm RSA -out /jwt/private.pem -pkeyopt rsa_keygen_bits:4096 && \
+   openssl rsa -pubout -in /jwt/private.pem -out /jwt/public.pem"
+```
+
+### 5. Creer le dossier uploads
+
+```bash
+mkdir -p /var/www/sirh/uploads
+```
+
+### 6. Configurer le login au registry Gitea
+
+```bash
+docker login gitea.malio.fr
+# Username: ton user Gitea
+# Password: ton token Gitea
+```
+
+### 7. Configurer Nginx systeme
+
+```bash
+sudo cp deploy/nginx/sirh-docker.conf /etc/nginx/sites-available/sirh.conf
+sudo ln -sf /etc/nginx/sites-available/sirh.conf /etc/nginx/sites-enabled/sirh.conf
+sudo nginx -t && sudo systemctl reload nginx
+```
+
+### 8. Deployer
+
+```bash
+cd /var/www/sirh
+./deploy.sh
+```
+
+## Deployer une release
+
+```bash
+cd /var/www/sirh
+./deploy.sh           # deploie la derniere version (latest)
+./deploy.sh v0.1.61   # deploie une version specifique
+```
+
+## Rollback
+
+### Image seule (pas de changement de schema BDD)
+
+```bash
+./deploy.sh v0.1.60
+```
+
+### Avec rollback de migration
+
+```bash
+# 1. Rollback schema (pendant que la version actuelle tourne encore)
+docker compose exec -T app php bin/console doctrine:migrations:migrate prev --no-interaction
+# 2. Deployer l'ancienne version
+./deploy.sh v0.1.60
+```
+
+## Voir les logs
+
+```bash
+cd /var/www/sirh
+docker compose logs -f          # tous les logs
+docker compose logs -f --tail=100  # 100 dernieres lignes
+```
+
+## Migration depuis l'ancien deploiement (tar.gz)
+
+Si l'application tourne deja en bare metal :
+
+1. Installer Docker (voir pre-requis)
+2. Creer le dossier `/var/www/sirh-docker/` (ne pas ecraser l'ancien)
+3. Copier les fichiers :
+   ```bash
+   cp /var/www/sirh/.env /var/www/sirh-docker/.env
+   cp -a /var/www/sirh/config/jwt /var/www/sirh-docker/config/jwt
+   cp -a /var/www/sirh/var/uploads /var/www/sirh-docker/uploads
+   ```
+4. Editer `/var/www/sirh-docker/.env` : changer `DATABASE_URL` pour utiliser `host.docker.internal` au lieu de `127.0.0.1`
+5. Mettre a jour Nginx systeme : remplacer la conf par `deploy/nginx/sirh-docker.conf`
+6. Arreter l'ancien PHP-FPM : `sudo systemctl stop php8.4-fpm`
+7. Deployer : `cd /var/www/sirh-docker && ./deploy.sh`
+8. Verifier que tout marche, puis supprimer l'ancien dossier