mirror of
https://github.com/rzmk/learnhouse.git
synced 2025-12-19 04:19:25 +00:00
feat: enhance network isolation and environment variable documentation for Coolify deployments
This commit is contained in:
WhiteX
rzmk
parent
7d4c9e767a
commit
03dccc692b
3 changed files with 196 additions and 5 deletions
73
COOLIFY_ENV_VARS.md
Normal file
73
COOLIFY_ENV_VARS.md
Normal file
|
|
@ -0,0 +1,73 @@
|
||||||
|
# Environment Variables for Coolify Deployments
|
||||||
|
|
||||||
|
## DEV Environment (adr-lms.whitex.cloud)
|
||||||
|
```
|
||||||
|
DEPLOYMENT_NAME=dev
|
||||||
|
LEARNHOUSE_DOMAIN=adr-lms.whitex.cloud
|
||||||
|
LEARNHOUSE_COOKIE_DOMAIN=adr-lms.whitex.cloud
|
||||||
|
LEARNHOUSE_CONTACT_EMAIL=adr-lm@whitex.cloud
|
||||||
|
LEARNHOUSE_EMAIL_PROVIDER=resend
|
||||||
|
LEARNHOUSE_IS_AI_ENABLED=false
|
||||||
|
LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:CfhIfLu2c1VEEpGmhs80NUUvUMzyCq1lmzBZmFJDdrs@redis:6379/1
|
||||||
|
LEARNHOUSE_RESEND_API_KEY=re_LenY3zNh_S5ShneCyS3Pbf6HX75Yt8jet
|
||||||
|
LEARNHOUSE_SELF_HOSTED=true
|
||||||
|
LEARNHOUSE_SITE_DESCRIPTION=ADR LMS is platform tailored for learning experiences.
|
||||||
|
LEARNHOUSE_SITE_NAME=ADR LMS
|
||||||
|
LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse_dev:Yvvxnnf1+qr6r+6d92NvbaXWeGuRqmsroFdildw9ez4@db:5432/learnhouse_dev
|
||||||
|
LEARNHOUSE_SSL=true
|
||||||
|
LEARNHOUSE_SYSTEM_EMAIL_ADDRESS=adr-lms@whitex.cloud
|
||||||
|
NEXTAUTH_SECRET=FokIexhXga0KpAF06a7ADqt0HIJf8n9XJeRptZctDG0
|
||||||
|
NEXTAUTH_URL=https://adr-lms.whitex.cloud
|
||||||
|
NEXT_PUBLIC_API_URL=https://adr-lms.whitex.cloud/api/v1/
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_API_URL=https://adr-lms.whitex.cloud/api/v1/
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL=https://adr-lms.whitex.cloud/
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG=default
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_DOMAIN=adr-lms.whitex.cloud
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG=false
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN=adr-lms.whitex.cloud
|
||||||
|
POSTGRES_DB=learnhouse_dev
|
||||||
|
POSTGRES_PASSWORD=Yvvxnnf1+qr6r+6d92NvbaXWeGuRqmsroFdildw9ez4
|
||||||
|
POSTGRES_USER=learnhouse_dev
|
||||||
|
REDIS_PASSWORD=CfhIfLu2c1VEEpGmhs80NUUvUMzyCq1lmzBZmFJDdrs
|
||||||
|
```
|
||||||
|
|
||||||
|
## LIVE Environment (edu.adradviser.ro)
|
||||||
|
```
|
||||||
|
DEPLOYMENT_NAME=live
|
||||||
|
LEARNHOUSE_DOMAIN=edu.adradviser.ro
|
||||||
|
LEARNHOUSE_COOKIE_DOMAIN=edu.adradviser.ro
|
||||||
|
LEARNHOUSE_CONTACT_EMAIL=adr-lm@whitex.cloud
|
||||||
|
LEARNHOUSE_EMAIL_PROVIDER=resend
|
||||||
|
LEARNHOUSE_IS_AI_ENABLED=false
|
||||||
|
LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:tRK6fpKHGM2lWY8AYvL7L5kRQhncF2gydYOxG4l8vNY@redis:6379/0
|
||||||
|
LEARNHOUSE_RESEND_API_KEY=re_LenY3zNh_S5ShneCyS3Pbf6HX75Yt8jet
|
||||||
|
LEARNHOUSE_SELF_HOSTED=true
|
||||||
|
LEARNHOUSE_SITE_DESCRIPTION=ADR LMS is platform tailored for learning experiences.
|
||||||
|
LEARNHOUSE_SITE_NAME=ADR LMS
|
||||||
|
LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse:kOZ8JgUNNSbPKSlfIBDBs5Ycs+ZOVZ3NZZooQrOyOqI@db:5432/learnhouse
|
||||||
|
LEARNHOUSE_SSL=true
|
||||||
|
LEARNHOUSE_SYSTEM_EMAIL_ADDRESS=adr-lms@whitex.cloud
|
||||||
|
NEXTAUTH_SECRET=LPBwWytdQu9QDQHTdHEOHsHGhXDqdu6I686dXLVHH4g
|
||||||
|
NEXTAUTH_URL=https://edu.adradviser.ro
|
||||||
|
NEXT_PUBLIC_API_URL=https://edu.adradviser.ro/api/v1/
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_API_URL=https://edu.adradviser.ro/api/v1/
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL=https://edu.adradviser.ro/
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG=default
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_DOMAIN=edu.adradviser.ro
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG=false
|
||||||
|
NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN=edu.adradviser.ro
|
||||||
|
POSTGRES_DB=learnhouse
|
||||||
|
POSTGRES_PASSWORD=kOZ8JgUNNSbPKSlfIBDBs5Ycs+ZOVZ3NZZooQrOyOqI
|
||||||
|
POSTGRES_USER=learnhouse
|
||||||
|
REDIS_PASSWORD=tRK6fpKHGM2lWY8AYvL7L5kRQhncF2gydYOxG4l8vNY
|
||||||
|
```
|
||||||
|
|
||||||
|
## Key Differences for Isolation
|
||||||
|
|
||||||
|
The critical environment variables that ensure complete isolation:
|
||||||
|
|
||||||
|
1. **DEPLOYMENT_NAME**: Different for each environment (`dev` vs `live`)
|
||||||
|
2. **Domain Variables**: Point to different domains
|
||||||
|
3. **Database Credentials**: Different databases and users
|
||||||
|
4. **Redis Connection**: Different Redis databases (1 vs 0)
|
||||||
|
5. **Secrets**: Different NEXTAUTH_SECRET values
|
||||||
106
README_Network_Isolation_Dynamic.md
Normal file
106
README_Network_Isolation_Dynamic.md
Normal file
|
|
@ -0,0 +1,106 @@
|
||||||
|
# Network Isolation Setup for LearnHouse Deployments
|
||||||
|
|
||||||
|
This setup provides complete network isolation between your DEV and LIVE LearnHouse deployments using a single dynamic Docker Compose file and environment variables.
|
||||||
|
|
||||||
|
## Single Dynamic Compose File
|
||||||
|
|
||||||
|
- `docker-compose-coolify.yml` - Works for both DEV and LIVE deployments using environment variables
|
||||||
|
|
||||||
|
## Key Environment Variables for Isolation
|
||||||
|
|
||||||
|
### Required for Network Isolation
|
||||||
|
- `DEPLOYMENT_NAME` - Unique identifier for each deployment (e.g., "dev", "live", "staging")
|
||||||
|
- `LEARNHOUSE_DOMAIN` - Domain for this specific deployment
|
||||||
|
- `LEARNHOUSE_COOKIE_DOMAIN` - Exact domain for cookies (should match LEARNHOUSE_DOMAIN)
|
||||||
|
|
||||||
|
### How It Works
|
||||||
|
The compose file uses `${DEPLOYMENT_NAME:-learnhouse}` patterns to create:
|
||||||
|
- **Networks**: `{DEPLOYMENT_NAME}-network` (e.g., `dev-network`, `live-network`)
|
||||||
|
- **Traefik Routes**: `{DEPLOYMENT_NAME}` router names
|
||||||
|
- **Volumes**: Handled automatically by Coolify (each deployment gets isolated volumes)
|
||||||
|
|
||||||
|
## Coolify Deployment Instructions
|
||||||
|
|
||||||
|
### For DEV Environment (adr-lms.whitex.cloud)
|
||||||
|
|
||||||
|
1. In Coolify, create a new resource/service
|
||||||
|
2. Use the standard `docker-compose-coolify.yml` file
|
||||||
|
3. Set these **key environment variables**:
|
||||||
|
```
|
||||||
|
DEPLOYMENT_NAME=dev
|
||||||
|
LEARNHOUSE_DOMAIN=adr-lms.whitex.cloud
|
||||||
|
LEARNHOUSE_COOKIE_DOMAIN=adr-lms.whitex.cloud
|
||||||
|
NEXTAUTH_URL=https://adr-lms.whitex.cloud
|
||||||
|
# ... your other DEV environment variables
|
||||||
|
```
|
||||||
|
|
||||||
|
### For LIVE Environment (edu.adradviser.ro)
|
||||||
|
|
||||||
|
1. In Coolify, create a new resource/service
|
||||||
|
2. Use the same `docker-compose-coolify.yml` file
|
||||||
|
3. Set these **key environment variables**:
|
||||||
|
```
|
||||||
|
DEPLOYMENT_NAME=live
|
||||||
|
LEARNHOUSE_DOMAIN=edu.adradviser.ro
|
||||||
|
LEARNHOUSE_COOKIE_DOMAIN=edu.adradviser.ro
|
||||||
|
NEXTAUTH_URL=https://edu.adradviser.ro
|
||||||
|
# ... your other LIVE environment variables
|
||||||
|
```
|
||||||
|
|
||||||
|
## Network Isolation Results
|
||||||
|
|
||||||
|
With `DEPLOYMENT_NAME=dev`:
|
||||||
|
- Network: `dev-network`
|
||||||
|
- Traefik Router: `dev`
|
||||||
|
- Volumes: Automatically isolated by Coolify
|
||||||
|
|
||||||
|
With `DEPLOYMENT_NAME=live`:
|
||||||
|
- Network: `live-network`
|
||||||
|
- Traefik Router: `live`
|
||||||
|
- Volumes: Automatically isolated by Coolify
|
||||||
|
|
||||||
|
## Benefits
|
||||||
|
|
||||||
|
✅ **Single File Maintenance**: One compose file for all environments
|
||||||
|
✅ **Complete Backend Isolation**: Different networks prevent cross-communication
|
||||||
|
✅ **Separate Data Storage**: Coolify automatically isolates volumes per deployment
|
||||||
|
✅ **Unique Traefik Routes**: No router name conflicts
|
||||||
|
✅ **Exact Cookie Domain Matching**: Prevents any cookie sharing
|
||||||
|
✅ **Environment Flexibility**: Easy to add new environments (staging, testing, etc.)
|
||||||
|
|
||||||
|
## Verification
|
||||||
|
|
||||||
|
After deployment, verify isolation:
|
||||||
|
|
||||||
|
1. **Check Docker networks**:
|
||||||
|
```bash
|
||||||
|
docker network ls | grep -E "(dev|live)-network"
|
||||||
|
```
|
||||||
|
|
||||||
|
2. **Verify volumes** (Coolify handles this automatically):
|
||||||
|
```bash
|
||||||
|
docker volume ls | grep your-project-name
|
||||||
|
```
|
||||||
|
|
||||||
|
3. **Test cookie domains** in browser DevTools:
|
||||||
|
- DEV cookies: domain `adr-lms.whitex.cloud`
|
||||||
|
- LIVE cookies: domain `edu.adradviser.ro`
|
||||||
|
|
||||||
|
## Adding New Environments
|
||||||
|
|
||||||
|
To add a staging environment:
|
||||||
|
```
|
||||||
|
DEPLOYMENT_NAME=staging
|
||||||
|
LEARNHOUSE_DOMAIN=staging.example.com
|
||||||
|
LEARNHOUSE_COOKIE_DOMAIN=staging.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
This automatically creates `staging-network` and Coolify handles volume isolation.
|
||||||
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
If you experience cookie mixing:
|
||||||
|
1. **Verify DEPLOYMENT_NAME** is set differently for each deployment
|
||||||
|
2. **Check cookie domains** match exactly in browser DevTools
|
||||||
|
3. **Clear browser data** for both domains
|
||||||
|
4. **Confirm network isolation** using the verification commands above
|
||||||
|
|
@ -42,10 +42,13 @@ services:
|
||||||
retries: 10
|
retries: 10
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.learnhouse.rule=Host(`${LEARNHOUSE_DOMAIN}`)"
|
- "traefik.http.routers.${DEPLOYMENT_NAME:-learnhouse}.rule=Host(`${LEARNHOUSE_DOMAIN}`)"
|
||||||
- "traefik.http.routers.learnhouse.entrypoints=websecure"
|
- "traefik.http.routers.${DEPLOYMENT_NAME:-learnhouse}.entrypoints=websecure"
|
||||||
- "traefik.http.services.learnhouse.loadbalancer.server.port=80"
|
- "traefik.http.services.${DEPLOYMENT_NAME:-learnhouse}.loadbalancer.server.port=80"
|
||||||
- "traefik.http.routers.learnhouse.tls=true"
|
- "traefik.http.routers.${DEPLOYMENT_NAME:-learnhouse}.tls=true"
|
||||||
|
networks:
|
||||||
|
- ${DEPLOYMENT_NAME:-learnhouse}-network
|
||||||
|
- traefik
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:16-alpine
|
image: postgres:16-alpine
|
||||||
|
|
@ -63,6 +66,8 @@ services:
|
||||||
interval: 5s
|
interval: 5s
|
||||||
timeout: 4s
|
timeout: 4s
|
||||||
retries: 5
|
retries: 5
|
||||||
|
networks:
|
||||||
|
- ${DEPLOYMENT_NAME:-learnhouse}-network
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
image: redis:7.2.3
|
image: redis:7.2.3
|
||||||
|
|
@ -81,6 +86,8 @@ services:
|
||||||
interval: 5s
|
interval: 5s
|
||||||
timeout: 4s
|
timeout: 4s
|
||||||
retries: 5
|
retries: 5
|
||||||
|
networks:
|
||||||
|
- ${DEPLOYMENT_NAME:-learnhouse}-network
|
||||||
|
|
||||||
chromadb:
|
chromadb:
|
||||||
image: chromadb/chroma:0.5.16
|
image: chromadb/chroma:0.5.16
|
||||||
|
|
@ -92,6 +99,8 @@ services:
|
||||||
interval: 10s
|
interval: 10s
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
retries: 5
|
retries: 5
|
||||||
|
networks:
|
||||||
|
- ${DEPLOYMENT_NAME:-learnhouse}-network
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
postgres-data:
|
postgres-data:
|
||||||
|
|
@ -99,6 +108,9 @@ volumes:
|
||||||
app-uploads:
|
app-uploads:
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
${DEPLOYMENT_NAME:-learnhouse}-network:
|
||||||
|
name: ${DEPLOYMENT_NAME:-learnhouse}-network
|
||||||
|
driver: bridge
|
||||||
|
traefik:
|
||||||
name: traefik
|
name: traefik
|
||||||
external: true
|
external: true
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue