Skip to main content

Deployments guides

Docker

Install and configure dependencies

MySQL

If you plan to use SQLite, please skip this step.
To install the MySQL server files, run the following command: 
sudo apt update && sudo apt install mysql-server
To start the MySQL service: 
sudo systemctl start mysql.service
Set a password for the MySQL root user. Connect to MySQL: 
sudo mysql
Use the following command to create a user and password: 
mysql> ALTER USER "locker_secrets"@"%" IDENTIFIED WITH mysql_native_password BY "password";
Now create a database with the same name: 
mysql> CREATE DATABASE locker_secrets;
And grant privileges to the user on that database: 
mysql> GRANT ALL PRIVILEGES ON locker_secrets.* TO 'locker_secrets'@'%';

Nginx

To install Nginx, run the following command: 
sudo apt update && sudo apt install nginx

Running the Locker Secrets API

Create a directory to deploy the Locker Secrets API application: 
mkdir locker_api && cd locker_api
Write the .env file with the content below: 
PROD_ENV=prod
DJANGO_SECRET_KEY=[YOUR_DJANGO_SECRET_KEY]
If you choose SQLite as the database, you need to mount a directory to avoid data loss after container restart: 
mkdir db
Run the Docker command, replacing api_port and web_socket_port with your custom values: 
docker run --env-file .env -p 127.0.0.1:[api_port]:[api_port] --restart always cystack/locker-secrets-api
Configure Nginx and HTTPS: Create a file named api in the /etc/nginx/sites-enabled directory with the following content: 
server {
    listen       [nginx_port] ssl;
    server_name  [locker_secrets_api_domain];

    ssl_certificate     /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://127.0.0.1:[api_port];
    }
}
Restart the Nginx service: 
sudo service nginx restart
Now the Locker Secrets API is running at https://locker_secrets_api_domain:[nginx_port].

Running the Locker Secrets Web

Create a directory to deploy the Locker Secrets Web application: 
mkdir locker_web && cd locker_web
Write the .env file with the content below: 
REACT_APP_API_URL=https://[locker_secrets_api_domain]:[nginx_port]
Run the Docker command, replacing web_port with a custom value: 
docker run --env-file .env --restart always -p 127.0.0.1:[web_port]:[web_port] cystack/locker-secrets-web
Configure Nginx and HTTPS: Create a file named web in the /etc/nginx/sites-enabled directory with the following content: 
server {
    listen       [nginx_port] ssl;
    server_name  [locker_secrets_web_domain];

    ssl_certificate     /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://127.0.0.1:[web_port];
    }
}
Restart the Nginx service: 
sudo service nginx restart
Now the Locker Secrets Web is running at https://locker_secrets_web_domain:[nginx_port].

docker-compose

Run all Locker Secrets components at once

Create a directory to deploy Locker Secrets: 
mkdir locker_secrets && cd locker_secrets
Write a docker-compose.yml file with the following content. Make sure you replace values such as Locker Secrets domain, MySQL passwords, Nginx API port, and Nginx web port with the appropriate values: 
services:
  web:
    image: cystack/locker-secrets-web
    environment:
      REACT_APP_API_URL: "https://locker_secrets_domain"
      REACT_APP_WS_URL: "wss://locker_secrets_domain/ws/sync"
    depends_on:
      nginx:
        condition: service_started
  api:
    image: cystack/locker-secrets-api
    environment:
      PROD_ENV: "prod"
      DJANGO_SECRET_KEY: "[YOUR_DJANGO_SECRET_KEY]"
Create a directory named conf and a default.conf file inside it: 
mkdir conf && touch conf/default.conf
Content of default.conf: 
server {
    listen       [nginx_port] ssl;
    server_name  [locker_secrets_domain];

    ssl_certificate     /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;

    location / {
        proxy_pass http://web:[web_port];
    }

    location /api {
        proxy_pass http://api:[api_port];
    }
}
Create a directory named ssl, move your certificate file and key file into it. Then start all services at once: 
docker-compose up -d
Now you can access https://your_domain_or_ip:web_port to view the Locker Secrets Web graphical user interface.