About

Docker Compose setup for CSP Reporter using PostgreSQL, Valkey and Nginx.

Setup

System

Date and time

It requires systemd-timesyncd to be installed in the system.

sudo timedatectl set-timezone America/Mexico_City
sudo timedatectl set-ntp on

Docker cleanup

It will prune stopped images, containers and networks, as per the official docs.

sudo cp systemd/docker-prune.{service,timer} /usr/lib/systemd/system/
sudo systemctl daemon-reload
sudo systemctl restart docker-prune.service
sudo systemctl enable --now docker-prune.timer

Requirements

• Docker Compose >= 2.20.3

VSCode extensions

• Docker
• EditorConfig for VS Code
• Prettier - Code formatter
• Markdown All in One

Submodules

Clone with submodules

git clone -b main --recurse-submodules --remote-submodules -j 10 -- https://github.com/AlfredoRamos/csp-reporter-docker.git

Initialize

git submodule init

Add

git submodule add -b main -- https://github.com/AlfredoRamos/csp-reporter-backend.git backend
git submodule add -b main -- https://github.com/AlfredoRamos/csp-reporter-frontend.git frontend

Update

git submodule update --init --remote -j 10

Change branch

git submodule set-branch -b main -- backend && git submodule set-branch -b main -- frontend

Reset

git submodule foreach 'git remote prune origin && git fetch origin && git checkout main && git reset --hard origin/main'

Configuration

Production

In order to work correctly, the environment variables need to be adjusted to use the appropiate Docker Compose service.

Backend

See the README in the AlfredoRamos/csp-reporter-backend repository.

Frontend

See the README in the AlfredoRamos/csp-reporter-frontend repository.

Additionally copy the signing and encryption keys for JWT (JWS + JWE) validation and parsing.

mkdir -p frontend/keys
sudo cp -a backend/internal/keys/{signing-public,encryption-private}.json frontend/keys/

Run app

Production

Build images

docker compose --env-file backend/.env build --pull

Start containers

docker compose --env-file backend/.env up --no-build --force-recreate --remove-orphans -d

Stop containers

docker compose down --remove-orphans

Upgrade containers

The following commands help to minimize or avoid at all the downtime while upgrading the application.

docker compose --env-file backend/.env up --scale csp-reporter=2 --no-recreate -d
docker rm -f csp-reporter_csp-reporter_<n>
docker compose --env-file backend/.env up --scale csp-reporter=1 --no-recreate -d

Remove cached application

The frontend and backend are created only once by Docker Compose, so if you don't see the changes you made in the application, remove the appdata volume after stoping the containers.

docker volume rm <prefix>_appdata

Where <prefix> is usually the folder where the YML file is located.

SSL

The SSL public and private key files need their permissions to be fixed directly in the host, as they will be mounted inside, or inside the containers.

docker compose run --rm postgresql chmod 600 /var/lib/postgresql/server.{crt,key}
docker compose run --rm postgresql chown 70 /var/lib/postgresql/server.{crt,key}

Manual frontend transpiling

The transpilation is done automatically by the containers, however if you need to do it manually you'll need to run the following commands.

docker compose run --rm csp-reporter npm --prefix frontend install frontend
docker compose run --rm csp-reporter npm run --prefix frontend build

Development

Setup

(cd frontend && npm ci --omit dev && npm run build)

Start containers

docker compose -f compose.dev.yaml --env-file backend/.env up --build --force-recreate --remove-orphans -d

Stop containers

docker compose down --remove-orphans