# Configucci Docker Deployment Guide

## Quick Start

### Local Deployment (Windows/Linux/Mac)

```bash
# Make script executable (Linux/Mac only)
chmod +x deploy-docker.sh

# Deploy locally
./deploy-docker.sh

# Or on Windows (PowerShell)
bash deploy-docker.sh
```

### Remote Deployment (Linux Server)

```bash
# Deploy to remote server
./deploy-docker.sh user@your-server.com

# Example
./deploy-docker.sh root@192.168.1.100
```

---

## Manual Deployment

### 1. Build and Run Locally

```bash
# Build image
docker-compose build

# Start container
docker-compose up -d

# View logs
docker-compose logs -f

# Stop
docker-compose down
```

### 2. Deploy to Linux Server

#### Option A: Using Deployment Script (Recommended)

```bash
# From your local machine
./deploy-docker.sh user@your-server.com
```

#### Option B: Manual Steps on Server

```bash
# SSH to server
ssh user@your-server.com

# Install Docker (if not installed)
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER
exit

# SSH again (to apply group changes)
ssh user@your-server.com

# Clone repository
git clone https://git.six83.ru/ssa/configucci.git
cd configucci

# Build and run
docker-compose build
docker-compose up -d

# View logs
docker-compose logs -f
```

---

## Accessing the Application

After deployment, access the app at:

- **Local:** http://localhost:11088
- **Server:** http://your-server-ip:11088

---

## Useful Docker Commands

```bash
# View running containers
docker-compose ps

# View logs
docker-compose logs -f

# Restart application
docker-compose restart

# Stop application
docker-compose down

# Rebuild and restart
docker-compose build --no-cache
docker-compose up -d

# View resource usage
docker stats configucci-app

# Execute command in container
docker exec -it configucci-app sh

# Remove everything (container + image)
docker-compose down --rmi all
```

---

## Production Setup with SSL

### 1. Install Nginx Proxy Manager (Recommended)

```yaml
# Add to docker-compose.yml
version: '3.8'

services:
  proxy:
    image: jc21/nginx-proxy-manager:latest
    ports:
      - "80:80"
      - "81:81"
      - "443:443"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    restart: unless-stopped

  configucci:
    # ... existing configucci config
```

Then access `http://your-server:81` to configure SSL via web UI.

### 2. Or Use Certbot Directly

```bash
# On host server (not in Docker)
sudo apt install certbot -y

# Get certificate
sudo certbot certonly --standalone -d your-domain.com

# Mount certificates in docker-compose.yml
volumes:
  - /etc/letsencrypt:/etc/letsencrypt:ro
```

---

## Environment Variables

You can customize the build by setting environment variables:

```bash
# In docker-compose.yml or .env file
GIT_URL=https://git.six83.ru/ssa/configucci.git
GIT_BRANCH=ai
```

---

## Troubleshooting

### Container Won't Start

```bash
# Check logs
docker-compose logs

# Check if port 80 is in use
sudo netstat -tlnp | grep :80

# Use different port
# Edit docker-compose.yml: ports: - "8080:80"
```

### Build Fails

```bash
# Clean build cache
docker-compose build --no-cache

# Remove all Docker resources
docker system prune -a
```

### Can't Access Application

```bash
# Check firewall
sudo ufw status
sudo ufw allow 80/tcp

# Check container is running
docker-compose ps

# Test from server
curl http://localhost
```

---

## Automated Deployment with CI/CD

Create `.gitlab-ci.yml` or GitHub Actions workflow:

```yaml
# Example: GitHub Actions
name: Deploy

on:
  push:
    branches: [ai]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Deploy to server
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.SERVER_HOST }}
          username: ${{ secrets.SERVER_USER }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          script: |
            cd /opt/configucci
            git pull
            docker-compose build --no-cache
            docker-compose up -d
```

---

## Backup and Restore

### Backup

```bash
# Backup configuration
tar -czf configucci-backup.tar.gz docker-compose.yml nginx.conf
```

### Restore

```bash
tar -xzf configucci-backup.tar.gz
docker-compose up -d
```

---

## Monitoring

### Install Docker Monitoring

```bash
# Install cAdvisor for container monitoring
docker run \
  --volume=/:/rootfs:ro \
  --volume=/var/run:/var/run:ro \
  --volume=/sys:/sys:ro \
  --volume=/var/lib/docker/:/var/lib/docker:ro \
  --volume=/dev/disk/:/dev/disk:ro \
  --publish=8080:8080 \
  --name=cadvisor \
  google/cadvisor:latest
```

Access at: `http://your-server:8080`

---

## Security Recommendations

1. **Use HTTPS** - Always use SSL in production
2. **Firewall** - Only open necessary ports
3. **Regular Updates** - Keep Docker and system updated
4. **Non-root User** - Run container as non-root
5. **Resource Limits** - Set CPU/memory limits in docker-compose.yml

```yaml
# Add resource limits
deploy:
  resources:
    limits:
      cpus: '0.5'
      memory: 512M
```

---

## Support

For issues, check:
- Docker logs: `docker-compose logs`
- Nginx logs: `docker exec configucci-app cat /var/log/nginx/error.log`
- Application health: `docker inspect --format='{{.State.Health.Status}}' configucci-app`