Docker Compose Deployment
Docker Compose provides the simplest way to deploy Probo with all required services on a single server. This deployment method is ideal for:
- Small to medium organizations
- Development and testing environments
- Single-server production deployments
- Quick proof-of-concept setups
Prerequisites
Section titled “Prerequisites”- Docker 20.10+
- Docker Compose 2.0+
- 4 GB RAM minimum
- 20 GB storage space
Quick Start
Section titled “Quick Start”-
Download the production compose file:
Terminal window curl -o compose.prod.yaml https://raw.githubusercontent.com/getprobo/probo/main/compose.prod.yaml -
Generate required secrets:
Terminal window export PROBOD_ENCRYPTION_KEY=$(openssl rand -base64 32)export AUTH_COOKIE_SECRET=$(openssl rand -base64 32)export AUTH_PASSWORD_PEPPER=$(openssl rand -base64 32)export TRUST_AUTH_TOKEN_SECRET=$(openssl rand -base64 32) -
Create environment file:
Terminal window cat > .env << EOF# Required secretsPROBOD_ENCRYPTION_KEY=${PROBOD_ENCRYPTION_KEY}AUTH_COOKIE_SECRET=${AUTH_COOKIE_SECRET}AUTH_PASSWORD_PEPPER=${AUTH_PASSWORD_PEPPER}TRUST_AUTH_TOKEN_SECRET=${TRUST_AUTH_TOKEN_SECRET}# Application settingsPROBOD_BASE_URL=https://your-domain.comAPI_ADDR=0.0.0.0:8080API_CORS_ALLOWED_ORIGINS=https://your-domain.com# Email settings (configure your SMTP)SMTP_ADDR=smtp.example.com:587SMTP_USER=your-smtp-usernameSMTP_PASSWORD=your-smtp-passwordSMTP_TLS_REQUIRED=trueMAILER_SENDER_EMAIL=no-reply@your-domain.comEOF -
Start the services:
Terminal window docker compose -f compose.prod.yaml up -d -
Verify deployment:
Terminal window # Check service healthcurl http://localhost:8080/health# View logsdocker compose -f compose.prod.yaml logs -f probo
Production Configuration
Section titled “Production Configuration”TLS/SSL Setup
Section titled “TLS/SSL Setup”For production, configure TLS certificates:
services: probo: environment: PROBOD_BASE_URL: "https://your-domain.com" volumes: - "/path/to/ssl/cert.pem:/etc/ssl/cert.pem:ro" - "/path/to/ssl/key.pem:/etc/ssl/key.pem:ro"External Database
Section titled “External Database”To use an external PostgreSQL database:
services: probo: environment: PG_ADDR: "your-db-host:5432" PG_USERNAME: "probod" PG_PASSWORD: "your-secure-password" PG_DATABASE: "probod" depends_on: []
# Remove the postgres servicepostgres: deploy: replicas: 0External S3 Storage
Section titled “External S3 Storage”To use AWS S3 or another S3-compatible service:
services: probo: environment: AWS_REGION: "us-east-1" AWS_BUCKET: "your-probo-bucket" AWS_ACCESS_KEY_ID: "your-access-key" AWS_SECRET_ACCESS_KEY: "your-secret-key" # Remove AWS_ENDPOINT for AWS S3 # AWS_ENDPOINT: ""
# Remove SeaweedFS serviceseaweedfs: deploy: replicas: 0Service Architecture
Section titled “Service Architecture”The Docker Compose deployment includes:
Core Services
Section titled “Core Services”- probo - Main application (ports 8080, 8081, 8443)
- postgres - PostgreSQL database (port 5432)
- seaweedfs - S3-compatible storage (port 8333 for S3 API, 9333 for master)
- chrome - PDF generation service (port 9222)
Networking
Section titled “Networking”Services communicate over a dedicated Docker network with automatic service discovery.
Data Persistence
Section titled “Data Persistence”- probo-data - Application data and uploads
- postgres-data - Database files
- seaweedfs-data - Object storage files
Load Balancer Setup
Section titled “Load Balancer Setup”For high availability, place Probo behind a load balancer:
Nginx Configuration
Section titled “Nginx Configuration”upstream probo { server 127.0.0.1:8080; # Add more servers for HA # server 127.0.0.1:8081;}
server { listen 443 ssl http2; server_name your-domain.com;
ssl_certificate /path/to/cert.pem; ssl_certificate_key /path/to/key.pem;
location / { proxy_pass http://probo; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }}HAProxy Configuration
Section titled “HAProxy Configuration”global log stdout local0 chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660
defaults mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms
frontend probo_frontend bind *:443 ssl crt /path/to/cert.pem redirect scheme https if !{ ssl_fc } default_backend probo_backend
backend probo_backend balance roundrobin server probo1 127.0.0.1:8080 check # Add more servers for HA # server probo2 127.0.0.1:8081 checkMonitoring
Section titled “Monitoring”Health Checks
Section titled “Health Checks”# Application healthcurl http://localhost:8080/health
# Metrics endpointcurl http://localhost:8081/metrics
# Database connectivitydocker compose exec postgres pg_isready -U postgres
# SeaweedFS healthcurl http://localhost:9333/cluster/statusLog Management
Section titled “Log Management”# View all service logsdocker compose -f compose.prod.yaml logs -f
# Specific service logsdocker compose -f compose.prod.yaml logs -f probodocker compose -f compose.prod.yaml logs -f postgres
# Configure log rotationdocker compose -f compose.prod.yaml logs --follow --tail=100Backup and Recovery
Section titled “Backup and Recovery”Database Backup
Section titled “Database Backup”# Create backupdocker compose exec postgres pg_dump -U postgres probod > backup.sql
# Restore backupdocker compose exec -T postgres psql -U postgres probod < backup.sqlFile Storage Backup
Section titled “File Storage Backup”# Backup SeaweedFS datadocker run --rm -v probo_seaweedfs-data:/data -v $(pwd):/backup alpine \ tar czf /backup/seaweedfs-backup.tar.gz -C /data .
# Restore SeaweedFS datadocker run --rm -v probo_seaweedfs-data:/data -v $(pwd):/backup alpine \ tar xzf /backup/seaweedfs-backup.tar.gz -C /dataTroubleshooting
Section titled “Troubleshooting”Common Issues
Section titled “Common Issues”-
Port conflicts:
Terminal window # Check port usagenetstat -tulpn | grep :8080# Change ports in compose fileports:- "8081:8080" # Use different host port -
Database connection errors:
Terminal window # Check database logsdocker compose logs postgres# Test connectiondocker compose exec probo pg_isready -h postgres -U postgres -
File permission issues:
Terminal window # Fix volume permissionssudo chown -R 999:999 postgres-data/
Performance Tuning
Section titled “Performance Tuning”For better performance, adjust resource limits:
services: probo: deploy: resources: limits: cpus: "2.0" memory: 4G reservations: cpus: "1.0" memory: 2G
postgres: deploy: resources: limits: cpus: "2.0" memory: 4GSecurity Considerations
Section titled “Security Considerations”- Use strong secrets - Generate cryptographically secure secrets
- Enable TLS - Always use HTTPS in production
- Network isolation - Use Docker networks to isolate services
- Regular updates - Keep Docker images updated
- Backup encryption - Encrypt backups at rest and in transit
Upgrading
Section titled “Upgrading”# Pull latest imagesdocker compose -f compose.prod.yaml pull
# Restart services with new imagesdocker compose -f compose.prod.yaml up -d
# Check logs for any issuesdocker compose -f compose.prod.yaml logs -f probo