> ## Documentation Index
> Fetch the complete documentation index at: https://support.locker.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Deployment Guides

> Guide to deploying Locker Secrets Manager using Docker and Docker Compose

## Deployments guides

## Docker

### Install and configure dependencies

#### MySQL

<Note>
  If you plan to use SQLite, please skip this step.
</Note>

To install the MySQL server files, run the following command:

```shell theme={null}
sudo apt update && sudo apt install mysql-server
```

To start the MySQL service:

```shell theme={null}
sudo systemctl start mysql.service
```

Set a password for the MySQL root user. Connect to MySQL:

```shell theme={null}
sudo mysql
```

Use the following command to create a user and password:

```shell theme={null}
mysql> ALTER USER "locker_secrets"@"%" IDENTIFIED WITH mysql_native_password BY "password";
```

Now create a database with the same name:

```shell theme={null}
mysql> CREATE DATABASE locker_secrets;
```

And grant privileges to the user on that database:

```shell theme={null}
mysql> GRANT ALL PRIVILEGES ON locker_secrets.* TO 'locker_secrets'@'%';
```

#### Nginx

To install Nginx, run the following command:

```shell theme={null}
sudo apt update && sudo apt install nginx
```

### Running the Locker Secrets API

Create a directory to deploy the Locker Secrets API application:

```shell theme={null}
mkdir locker_api && cd locker_api
```

Write the `.env` file with the content below:

```shell theme={null}
PROD_ENV=prod
DJANGO_SECRET_KEY=[YOUR_DJANGO_SECRET_KEY]
```

If you choose SQLite as the database, you need to mount a directory to avoid data loss after container restart:

```shell theme={null}
mkdir db
```

Run the Docker command, replacing `api_port` and `web_socket_port` with your custom values:

```shell theme={null}
docker run --env-file .env -p 127.0.0.1:[api_port]:[api_port] --restart always cystack/locker-secrets-api
```

Configure Nginx and HTTPS: Create a file named `api` in the `/etc/nginx/sites-enabled` directory with the following content:

```nginx theme={null}
server {
    listen       [nginx_port] ssl;
    server_name  [locker_secrets_api_domain];

    ssl_certificate     /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://127.0.0.1:[api_port];
    }
}
```

Restart the Nginx service:

```shell theme={null}
sudo service nginx restart
```

Now the Locker Secrets API is running at `https://locker_secrets_api_domain:[nginx_port]`.

### Running the Locker Secrets Web

Create a directory to deploy the Locker Secrets Web application:

```shell theme={null}
mkdir locker_web && cd locker_web
```

Write the `.env` file with the content below:

```shell theme={null}
REACT_APP_API_URL=https://[locker_secrets_api_domain]:[nginx_port]
```

Run the Docker command, replacing `web_port` with a custom value:

```shell theme={null}
docker run --env-file .env --restart always -p 127.0.0.1:[web_port]:[web_port] cystack/locker-secrets-web
```

Configure Nginx and HTTPS: Create a file named `web` in the `/etc/nginx/sites-enabled` directory with the following content:

```nginx theme={null}
server {
    listen       [nginx_port] ssl;
    server_name  [locker_secrets_web_domain];

    ssl_certificate     /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://127.0.0.1:[web_port];
    }
}
```

Restart the Nginx service:

```shell theme={null}
sudo service nginx restart
```

Now the Locker Secrets Web is running at `https://locker_secrets_web_domain:[nginx_port]`.

***

## docker-compose

### Run all Locker Secrets components at once

Create a directory to deploy Locker Secrets:

```shell theme={null}
mkdir locker_secrets && cd locker_secrets
```

Write a `docker-compose.yml` file with the following content. Make sure you replace values such as Locker Secrets domain, MySQL passwords, Nginx API port, and Nginx web port with the appropriate values:

```yaml theme={null}
services:
  web:
    image: cystack/locker-secrets-web
    environment:
      REACT_APP_API_URL: "https://locker_secrets_domain"
      REACT_APP_WS_URL: "wss://locker_secrets_domain/ws/sync"
    depends_on:
      nginx:
        condition: service_started
  api:
    image: cystack/locker-secrets-api
    environment:
      PROD_ENV: "prod"
      DJANGO_SECRET_KEY: "[YOUR_DJANGO_SECRET_KEY]"
```

Create a directory named `conf` and a `default.conf` file inside it:

```shell theme={null}
mkdir conf && touch conf/default.conf
```

Content of `default.conf`:

```nginx theme={null}
server {
    listen       [nginx_port] ssl;
    server_name  [locker_secrets_domain];

    ssl_certificate     /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;

    location / {
        proxy_pass http://web:[web_port];
    }

    location /api {
        proxy_pass http://api:[api_port];
    }
}
```

Create a directory named `ssl`, move your certificate file and key file into it. Then start all services at once:

```shell theme={null}
docker-compose up -d
```

Now you can access `https://your_domain_or_ip:web_port` to view the Locker Secrets Web graphical user interface.