nessi/NexaVPN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
830491cb0d9e79915286dd3d802acdb5833bd547
NexaVPN/docs/deployment.md
nessi 830491cb0d chore: initial project scaffold with admin web, backend, desktop client, and deployment setup 
Add monorepo structure for NexaVPN WireGuard control plane including:
- .gitignore for node_modules, build artifacts, and environment files
- README with project overview, monorepo layout, and quick start guide
- Admin web UI with React, Vite, TypeScript, and nginx reverse proxy
- API client with type definitions for users, devices, policies, gateways, and audit logs
- Admin pages for dashboard, users, devices, policies, g
2026-03-15 16:32:34 +01:00

61 lines
1.4 KiB
Markdown
Raw Blame History

# Deployment Layout
## Services
- `postgres`
- primary relational database
- `backend`
- Go API and migration runner
- `admin-web`
- static React admin UI served by nginx
- `gateway`
- WireGuard plus nftables helper container or host-managed service
- `reverse-proxy`
- TLS termination and routing
## Docker Compose Networks
- `control`
- backend, postgres, admin-web, reverse-proxy
- `gateway`
- backend and gateway helper communication
## Volume Layout
- postgres data volume
- backend local state volume for dev logs if needed
- gateway config volume for rendered peer sync
## Bootstrap
1. Start PostgreSQL.
2. Run migrations.
3. Start the backend.
4. Seed roles, settings, and the initial admin user.
5. Start the admin UI and reverse proxy.
6. Register the first gateway.
## Example Commands
```bash
cd deploy
cp .env.example .env
docker compose up -d postgres
docker compose up -d backend admin-web reverse-proxy
```
For SQL bootstrap during early MVP testing:
```bash
psql "$DATABASE_URL" -f backend/migrations/000001_init.sql
psql "$DATABASE_URL" -f backend/seed/001_seed.sql
```
## Production Notes
- Terminate TLS at nginx or another reverse proxy.
- Restrict backend and database exposure to private networks.
- Run the gateway with the privileges required for WireGuard and nftables.
- Replace example secrets before deployment.
- Use an external secret manager when available.
Reference in New Issue View Git Blame Copy Permalink