I couldn't wait until the official guide on how to do this is released, so I tried to figure it out and this is how I got it working.
The .env file for docker-compose
PL_SUPPORT_EMAIL=support@example.com
PL_SERVER_PORT=3000
PL_SERVER_URL=https://example.com/api
PL_PWA_PORT=8080
PL_PWA_URL=https://example.com
PL_EMAIL_USER=mail@example.com
PL_EMAIL_SERVER=mail.example.com
PL_EMAIL_PORT=587
PL_EMAIL_PASSWORD=strong-password
PL_DB_PATH=/data
PL_REPORT=true
PL_BILLING_ENABLED=false
PL_BILLING_DISABLE_PAYMENT=true
PL_BILLING_STRIPE_PUBLIC_KEY=
The docker-compose.yml
version: "3.7"
services:
server:
build:
context: .
dockerfile: Dockerfile-server
environment:
- PL_PWA_URL
- PL_EMAIL_USER
- PL_EMAIL_SERVER
- PL_EMAIL_PORT
- PL_EMAIL_PASSWORD
- PL_EMAIL_FROM
- PL_REPORT_ERRORS
- PL_BILLING_ENABLED
- PL_BILLING_STRIPE_SECRET
- PL_BILLING_STRIPE_PUBLIC_KEY
- PL_MFA
- PL_REPL_PORT
ports:
- "${PL_SERVER_PORT:-3000}:3000"
- "${PL_BILLING_PORT:-4000}:4000"
volumes:
- db-vol-1:/data
- docs-vol-1:/docs
- logs-vol-1:/logs
networks:
internal:
aliases:
- server
pwa:
build:
context: .
dockerfile: Dockerfile-pwa
environment:
- PL_SUPPORT_EMAIL
- PL_SERVER_URL
- PL_PWA_URL
- PL_BILLING_ENABLED
- PL_BILLING_STRIPE_PUBLIC_KEY
ports:
- "${PL_PWA_PORT:-8080}:8080"
volumes:
- pwa-vol-1:/pwa
networks:
internal:
aliases:
- pwa
command: ["build_and_start"]
networks:
internal:
driver: bridge
driver_opts:
com.docker.network.bridge.name: br-padloc
volumes:
logs-vol-1:
db-vol-1:
pwa-vol-1:
docs-vol-1:Before building make the following changes in packages/electron/package.json
diff --git a/packages/electron/package.json b/packages/electron/package.json
index dc374260..37903fae 100644
--- a/packages/electron/package.json
+++ b/packages/electron/package.json
@@ -25,7 +25,6 @@
"css-loader": "^3.0.0",
"electron": "^6.0.7",
"electron-builder": "^21.2.0",
- "electron-notarize": "^0.2.0",
"file-loader": "^4.0.0",
"html-webpack-plugin": "^3.2.0",
"style-loader": "^0.23.1",
@@ -60,7 +59,6 @@
"schemes": [
"padloc"
]
- },
- "afterSign": "scripts/notarize.js"
+ }
}
}
Then execute
PL_SUPPORT_EMAIL=support@example.com \
PL_SERVER_URL=https://example.com/api \
npm run build
The nginx config
upstream padloc-pwa {
server padloc_pwa_1:8080;
}
upstream padloc-server {
server padloc_server_1:3000;
}
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443;
server_name example.com;
ssl_certificate /etc/nginx/ssl/example.com/cert.pem;
ssl_certificate_key /etc/nginx/ssl/example.com/key.pem;
include /etc/nginx/includes/ssl.conf;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "DENY" always;
add_header Referrer-Policy "strict-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
include /etc/nginx/includes/gzip.conf;
location ^~ /api {
proxy_pass http://padloc-server/;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
location / {
proxy_pass http://padloc-pwa/;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
location ~ /.well-known/acme-challenge/ {
allow all;
root /var/www/html;
}
}