feat: enhance network isolation and environment variable documentation for Coolify deployments

2025-12-19 04:19:25 +00:00 · 2025-06-09 01:39:45 +03:00 · 2025-06-09 01:39:45 +03:00 · 03dccc692b
commit 03dccc692b
parent 7d4c9e767a
3 changed files with 196 additions and 5 deletions
--- a/COOLIFY_ENV_VARS.md
+++ b/COOLIFY_ENV_VARS.md
@ -0,0 +1,73 @@
+# Environment Variables for Coolify Deployments
+
+## DEV Environment (adr-lms.whitex.cloud)
+```
+DEPLOYMENT_NAME=dev
+LEARNHOUSE_DOMAIN=adr-lms.whitex.cloud
+LEARNHOUSE_COOKIE_DOMAIN=adr-lms.whitex.cloud
+LEARNHOUSE_CONTACT_EMAIL=adr-lm@whitex.cloud
+LEARNHOUSE_EMAIL_PROVIDER=resend
+LEARNHOUSE_IS_AI_ENABLED=false
+LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:CfhIfLu2c1VEEpGmhs80NUUvUMzyCq1lmzBZmFJDdrs@redis:6379/1
+LEARNHOUSE_RESEND_API_KEY=re_LenY3zNh_S5ShneCyS3Pbf6HX75Yt8jet
+LEARNHOUSE_SELF_HOSTED=true
+LEARNHOUSE_SITE_DESCRIPTION=ADR LMS is platform tailored for learning experiences.
+LEARNHOUSE_SITE_NAME=ADR LMS
+LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse_dev:Yvvxnnf1+qr6r+6d92NvbaXWeGuRqmsroFdildw9ez4@db:5432/learnhouse_dev
+LEARNHOUSE_SSL=true
+LEARNHOUSE_SYSTEM_EMAIL_ADDRESS=adr-lms@whitex.cloud
+NEXTAUTH_SECRET=FokIexhXga0KpAF06a7ADqt0HIJf8n9XJeRptZctDG0
+NEXTAUTH_URL=https://adr-lms.whitex.cloud
+NEXT_PUBLIC_API_URL=https://adr-lms.whitex.cloud/api/v1/
+NEXT_PUBLIC_LEARNHOUSE_API_URL=https://adr-lms.whitex.cloud/api/v1/
+NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL=https://adr-lms.whitex.cloud/
+NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG=default
+NEXT_PUBLIC_LEARNHOUSE_DOMAIN=adr-lms.whitex.cloud
+NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG=false
+NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN=adr-lms.whitex.cloud
+POSTGRES_DB=learnhouse_dev
+POSTGRES_PASSWORD=Yvvxnnf1+qr6r+6d92NvbaXWeGuRqmsroFdildw9ez4
+POSTGRES_USER=learnhouse_dev
+REDIS_PASSWORD=CfhIfLu2c1VEEpGmhs80NUUvUMzyCq1lmzBZmFJDdrs
+```
+
+## LIVE Environment (edu.adradviser.ro)
+```
+DEPLOYMENT_NAME=live
+LEARNHOUSE_DOMAIN=edu.adradviser.ro
+LEARNHOUSE_COOKIE_DOMAIN=edu.adradviser.ro
+LEARNHOUSE_CONTACT_EMAIL=adr-lm@whitex.cloud
+LEARNHOUSE_EMAIL_PROVIDER=resend
+LEARNHOUSE_IS_AI_ENABLED=false
+LEARNHOUSE_REDIS_CONNECTION_STRING=redis://default:tRK6fpKHGM2lWY8AYvL7L5kRQhncF2gydYOxG4l8vNY@redis:6379/0
+LEARNHOUSE_RESEND_API_KEY=re_LenY3zNh_S5ShneCyS3Pbf6HX75Yt8jet
+LEARNHOUSE_SELF_HOSTED=true
+LEARNHOUSE_SITE_DESCRIPTION=ADR LMS is platform tailored for learning experiences.
+LEARNHOUSE_SITE_NAME=ADR LMS
+LEARNHOUSE_SQL_CONNECTION_STRING=postgresql://learnhouse:kOZ8JgUNNSbPKSlfIBDBs5Ycs+ZOVZ3NZZooQrOyOqI@db:5432/learnhouse
+LEARNHOUSE_SSL=true
+LEARNHOUSE_SYSTEM_EMAIL_ADDRESS=adr-lms@whitex.cloud
+NEXTAUTH_SECRET=LPBwWytdQu9QDQHTdHEOHsHGhXDqdu6I686dXLVHH4g
+NEXTAUTH_URL=https://edu.adradviser.ro
+NEXT_PUBLIC_API_URL=https://edu.adradviser.ro/api/v1/
+NEXT_PUBLIC_LEARNHOUSE_API_URL=https://edu.adradviser.ro/api/v1/
+NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL=https://edu.adradviser.ro/
+NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG=default
+NEXT_PUBLIC_LEARNHOUSE_DOMAIN=edu.adradviser.ro
+NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG=false
+NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN=edu.adradviser.ro
+POSTGRES_DB=learnhouse
+POSTGRES_PASSWORD=kOZ8JgUNNSbPKSlfIBDBs5Ycs+ZOVZ3NZZooQrOyOqI
+POSTGRES_USER=learnhouse
+REDIS_PASSWORD=tRK6fpKHGM2lWY8AYvL7L5kRQhncF2gydYOxG4l8vNY
+```
+
+## Key Differences for Isolation
+
+The critical environment variables that ensure complete isolation:
+
+1. **DEPLOYMENT_NAME**: Different for each environment (`dev` vs `live`)
+2. **Domain Variables**: Point to different domains
+3. **Database Credentials**: Different databases and users
+4. **Redis Connection**: Different Redis databases (1 vs 0)
+5. **Secrets**: Different NEXTAUTH_SECRET values
--- a/README_Network_Isolation_Dynamic.md
+++ b/README_Network_Isolation_Dynamic.md
@ -0,0 +1,106 @@
+# Network Isolation Setup for LearnHouse Deployments
+
+This setup provides complete network isolation between your DEV and LIVE LearnHouse deployments using a single dynamic Docker Compose file and environment variables.
+
+## Single Dynamic Compose File
+
+- `docker-compose-coolify.yml` - Works for both DEV and LIVE deployments using environment variables
+
+## Key Environment Variables for Isolation
+
+### Required for Network Isolation
+- `DEPLOYMENT_NAME` - Unique identifier for each deployment (e.g., "dev", "live", "staging")
+- `LEARNHOUSE_DOMAIN` - Domain for this specific deployment
+- `LEARNHOUSE_COOKIE_DOMAIN` - Exact domain for cookies (should match LEARNHOUSE_DOMAIN)
+
+### How It Works
+The compose file uses `${DEPLOYMENT_NAME:-learnhouse}` patterns to create:
+- **Networks**: `{DEPLOYMENT_NAME}-network` (e.g., `dev-network`, `live-network`)
+- **Traefik Routes**: `{DEPLOYMENT_NAME}` router names
+- **Volumes**: Handled automatically by Coolify (each deployment gets isolated volumes)
+
+## Coolify Deployment Instructions
+
+### For DEV Environment (adr-lms.whitex.cloud)
+
+1. In Coolify, create a new resource/service
+2. Use the standard `docker-compose-coolify.yml` file
+3. Set these **key environment variables**:
+   ```
+   DEPLOYMENT_NAME=dev
+   LEARNHOUSE_DOMAIN=adr-lms.whitex.cloud
+   LEARNHOUSE_COOKIE_DOMAIN=adr-lms.whitex.cloud
+   NEXTAUTH_URL=https://adr-lms.whitex.cloud
+   # ... your other DEV environment variables
+   ```
+
+### For LIVE Environment (edu.adradviser.ro)
+
+1. In Coolify, create a new resource/service  
+2. Use the same `docker-compose-coolify.yml` file
+3. Set these **key environment variables**:
+   ```
+   DEPLOYMENT_NAME=live
+   LEARNHOUSE_DOMAIN=edu.adradviser.ro
+   LEARNHOUSE_COOKIE_DOMAIN=edu.adradviser.ro
+   NEXTAUTH_URL=https://edu.adradviser.ro
+   # ... your other LIVE environment variables
+   ```
+
+## Network Isolation Results
+
+With `DEPLOYMENT_NAME=dev`:
+- Network: `dev-network`
+- Traefik Router: `dev`
+- Volumes: Automatically isolated by Coolify
+
+With `DEPLOYMENT_NAME=live`:
+- Network: `live-network`  
+- Traefik Router: `live`
+- Volumes: Automatically isolated by Coolify
+
+## Benefits
+
+✅ **Single File Maintenance**: One compose file for all environments
+✅ **Complete Backend Isolation**: Different networks prevent cross-communication
+✅ **Separate Data Storage**: Coolify automatically isolates volumes per deployment
+✅ **Unique Traefik Routes**: No router name conflicts
+✅ **Exact Cookie Domain Matching**: Prevents any cookie sharing
+✅ **Environment Flexibility**: Easy to add new environments (staging, testing, etc.)
+
+## Verification
+
+After deployment, verify isolation:
+
+1. **Check Docker networks**:
+   ```bash
+   docker network ls | grep -E "(dev|live)-network"
+   ```
+
+2. **Verify volumes** (Coolify handles this automatically):
+   ```bash
+   docker volume ls | grep your-project-name
+   ```
+
+3. **Test cookie domains** in browser DevTools:
+   - DEV cookies: domain `adr-lms.whitex.cloud`
+   - LIVE cookies: domain `edu.adradviser.ro`
+
+## Adding New Environments
+
+To add a staging environment:
+```
+DEPLOYMENT_NAME=staging
+LEARNHOUSE_DOMAIN=staging.example.com
+LEARNHOUSE_COOKIE_DOMAIN=staging.example.com
+```
+
+This automatically creates `staging-network` and Coolify handles volume isolation.
+
+## Troubleshooting
+
+If you experience cookie mixing:
+1. **Verify DEPLOYMENT_NAME** is set differently for each deployment
+2. **Check cookie domains** match exactly in browser DevTools
+3. **Clear browser data** for both domains
+4. **Confirm network isolation** using the verification commands above
--- a/docker-compose-coolify.yml
+++ b/docker-compose-coolify.yml
@ -42,10 +42,13 @@ services:
      retries: 10
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.learnhouse.rule=Host(`${LEARNHOUSE_DOMAIN}`)"
-      - "traefik.http.routers.learnhouse.entrypoints=websecure"
-      - "traefik.http.services.learnhouse.loadbalancer.server.port=80"
-      - "traefik.http.routers.learnhouse.tls=true"
+      - "traefik.http.routers.${DEPLOYMENT_NAME:-learnhouse}.rule=Host(`${LEARNHOUSE_DOMAIN}`)"
+      - "traefik.http.routers.${DEPLOYMENT_NAME:-learnhouse}.entrypoints=websecure"
+      - "traefik.http.services.${DEPLOYMENT_NAME:-learnhouse}.loadbalancer.server.port=80"
+      - "traefik.http.routers.${DEPLOYMENT_NAME:-learnhouse}.tls=true"
+    networks:
+      - ${DEPLOYMENT_NAME:-learnhouse}-network
+      - traefik

  db:
    image: postgres:16-alpine
@ -63,6 +66,8 @@ services:
      interval: 5s
      timeout: 4s
      retries: 5
+    networks:
+      - ${DEPLOYMENT_NAME:-learnhouse}-network

  redis:
    image: redis:7.2.3
@ -81,6 +86,8 @@ services:
      interval: 5s
      timeout: 4s
      retries: 5
+    networks:
+      - ${DEPLOYMENT_NAME:-learnhouse}-network

  chromadb:
    image: chromadb/chroma:0.5.16
@ -92,6 +99,8 @@ services:
      interval: 10s
      timeout: 5s
      retries: 5
+    networks:
+      - ${DEPLOYMENT_NAME:-learnhouse}-network

 volumes:
  postgres-data:
@ -99,6 +108,9 @@ volumes:
  app-uploads:

 networks:
-  default:
+  ${DEPLOYMENT_NAME:-learnhouse}-network:
+    name: ${DEPLOYMENT_NAME:-learnhouse}-network
+    driver: bridge
+  traefik:
    name: traefik
    external: true