diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md index 42f37800..5be9cc79 100644 --- a/DEPLOYMENT.md +++ b/DEPLOYMENT.md @@ -17,9 +17,7 @@ cd Memoh The script will automatically: - Check Docker and Docker Compose installation -- Create `.env` configuration file (if not exists) -- Generate random JWT secret -- Create `config.toml` configuration file +- Create `config.toml` configuration file (if not exists) - Build MCP image - Start all services @@ -30,30 +28,26 @@ The script will automatically: Default admin credentials: - Username: `admin` -- Password: `admin123` (change in `.env`) +- Password: `admin123` (change in `config.toml`) ## Manual Deployment If you prefer not to use the automated script: ```bash -# 1. Create configuration files -cp .env.example .env -cp config.docker.toml config.toml +# 1. Create configuration file +cp docker/config/config.docker.toml config.toml # 2. Edit configuration (Important!) -nano .env +nano config.toml -# 3. Generate JWT secret -openssl rand -base64 32 +# 3. Build MCP image +docker build -f docker/Dockerfile.mcp -t memoh-mcp:latest . -# 4. Build MCP image -docker build -f cmd/mcp/Dockerfile -t memoh-mcp:latest . - -# 5. Start services +# 4. Start services docker compose up -d -# 6. View logs +# 5. View logs docker compose logs -f ``` @@ -79,17 +73,6 @@ Advantages: ## Common Commands -### Using Make (Recommended) -```bash -make help # Show all commands -make deploy # One-click deployment -make logs # View logs -make restart # Restart services -make ps # View status -make backup # Backup data -make bots # View Bot containers -``` - ### Using Docker Compose ```bash docker compose up -d # Start services @@ -99,23 +82,39 @@ docker compose ps # View status docker compose restart # Restart services ``` +### Bot Container Management + +View all Bot containers: +```bash +docker ps -a | grep memoh-bot +``` + ## Configuration -### Environment Variables (.env) +### Environment Variables -Key configuration items: - -```bash -# PostgreSQL password (must change) -POSTGRES_PASSWORD=your_secure_password - -# JWT secret (must change) -JWT_SECRET=your_random_jwt_secret +Configuration is managed through `config.toml` file. Key configuration items: +```toml # Admin account -ADMIN_USERNAME=admin -ADMIN_PASSWORD=your_admin_password -ADMIN_EMAIL=admin@yourdomain.com +[admin] +username = "admin" +password = "admin123" # Must change +email = "admin@yourdomain.com" + +# Auth configuration +[auth] +jwt_secret = "YZq8kXrW5dFpNt9mLxQvHbRjKsMnOePw" # Must change +jwt_expires_in = "168h" + +# PostgreSQL password +[postgres] +host = "postgres" +port = 5432 +user = "memoh" +password = "memoh123" # Must change +database = "memoh" +sslmode = "disable" ``` ### Application Configuration (config.toml) @@ -125,7 +124,7 @@ Main configuration items: ```toml [postgres] host = "postgres" -password = "your_secure_password" # Must match POSTGRES_PASSWORD in .env +password = "your_secure_password" # Must change in config.toml [containerd] socket_path = "unix:///var/run/docker.sock" # Use host Docker @@ -163,8 +162,6 @@ Bot containers are dynamically created by the main service and run directly on t ```bash # View all Bot containers -make bots -# or docker ps -a | grep memoh-bot # View Bot logs @@ -192,7 +189,7 @@ docker run --rm -v memoh_memoh_bot_data:/data -v $(pwd)/backups:/backup alpine \ tar czf /backup/bot_data_$(date +%Y%m%d).tar.gz -C /data . # Backup configuration files -tar czf backups/config_$(date +%Y%m%d).tar.gz config.toml .env +tar czf backups/config_$(date +%Y%m%d).tar.gz config.toml ``` ### Restore @@ -264,10 +261,10 @@ services: - "443:443" volumes: - ./ssl:/etc/nginx/ssl:ro - - ./nginx-https.conf:/etc/nginx/conf.d/default.conf:ro + - ./docker/config/nginx-https.conf:/etc/nginx/conf.d/default.conf:ro ``` -Create `nginx-https.conf`: +Create `docker/config/nginx-https.conf`: ```nginx server { listen 80; @@ -287,7 +284,7 @@ server { ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; - # Other configurations same as nginx.conf + # Other configurations same as docker/config/nginx.conf # ... } ``` @@ -311,8 +308,7 @@ services: ### 3. Security Recommendations Production environment recommendations: -- Use separate `.env` file -- Change all default passwords +- Change all default passwords in `config.toml` - Use strong JWT secret - Configure firewall rules - Use HTTPS @@ -358,9 +354,6 @@ git pull # Rebuild and restart docker compose up -d --build - -# Or use Make -make update ``` ## Complete Uninstall @@ -382,8 +375,8 @@ docker rmi $(docker images | grep memoh | awk '{print $3}') ⚠️ Important Security Notes: 1. **Docker Socket Access**: The main service container has access to the host Docker socket, which means the application can manage other containers on the host. Only run in trusted environments. -2. **Change Default Passwords**: Must change all default passwords in `.env` -3. **Strong JWT Secret**: Use a strong random JWT secret +2. **Change Default Passwords**: Must change all default passwords in `config.toml` +3. **Strong JWT Secret**: Use a strong random JWT secret (generate with `openssl rand -base64 32`) 4. **Firewall**: Configure firewall to only open necessary ports 5. **HTTPS**: Use HTTPS in production 6. **Regular Backups**: Regularly backup data diff --git a/deploy.sh b/deploy.sh index 50b9f664..58c867ee 100755 --- a/deploy.sh +++ b/deploy.sh @@ -15,14 +15,20 @@ echo "" # Check Docker if ! command -v docker &> /dev/null; then echo -e "${RED}Error: Docker is not installed${NC}" - echo "Please install Docker first: https://docs.docker.com/get-docker/" + echo "Please install Docker first:" + echo " - Linux: curl -fsSL https://get.docker.com | sh" + echo " - macOS: brew install --cask docker" + echo " - Windows: https://docs.docker.com/desktop/install/windows-install/" + echo " - Official guide: https://docs.docker.com/get-docker/" exit 1 fi # Check Docker Compose if ! docker compose version &> /dev/null; then echo -e "${RED}Error: Docker Compose is not installed or version is too old${NC}" - echo "Please install Docker Compose v2.0+: https://docs.docker.com/compose/install/" + echo "Docker Compose v2.0+ is required (bundled with Docker Desktop)" + echo " - Linux: sudo apt-get install docker-compose-plugin" + echo " - Or follow: https://docs.docker.com/compose/install/" exit 1 fi @@ -33,14 +39,14 @@ echo "" # Check config.toml if [ ! -f config.toml ]; then echo -e "${YELLOW}⚠ config.toml does not exist, creating...${NC}" - cp config.docker.toml config.toml + cp docker/config/config.docker.toml config.toml echo -e "${GREEN}✓ config.toml created${NC}" echo "" fi # Build MCP image echo -e "${GREEN}Building MCP image...${NC}" -if docker build -f cmd/mcp/Dockerfile -t memoh-mcp:latest . > /dev/null 2>&1; then +if docker build -f docker/Dockerfile.mcp -t memoh-mcp:latest . > /dev/null 2>&1; then echo -e "${GREEN}✓ MCP image built successfully${NC}" else echo -e "${YELLOW}⚠ MCP image build failed, will try to pull at runtime${NC}" diff --git a/docker-compose.yml b/docker-compose.yml index 0d7b2872..d9e5e440 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,7 +6,7 @@ services: environment: POSTGRES_DB: memoh POSTGRES_USER: memoh - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-memoh123} + POSTGRES_PASSWORD: memoh123 volumes: - postgres_data:/var/lib/postgresql/data - ./db/migrations:/docker-entrypoint-initdb.d:ro @@ -51,31 +51,9 @@ services: server: build: - context: . + context: ./docker dockerfile: Dockerfile.server container_name: memoh-server - environment: - - LOG_LEVEL=${LOG_LEVEL:-info} - - SERVER_ADDR=:8080 - - POSTGRES_HOST=postgres - - POSTGRES_PORT=5432 - - POSTGRES_USER=memoh - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-memoh123} - - POSTGRES_DB=memoh - - POSTGRES_SSLMODE=disable - - QDRANT_BASE_URL=http://qdrant:6334 - - QDRANT_COLLECTION=memory - - CONTAINERD_SOCKET=unix:///var/run/docker.sock - - AGENT_GATEWAY_HOST=agent - - AGENT_GATEWAY_PORT=8081 - - JWT_SECRET=${JWT_SECRET:-YZq8kXrW5dFpNt9mLxQvHbRjKsMnOePw} - - JWT_EXPIRES_IN=168h - - ADMIN_USERNAME=${ADMIN_USERNAME:-admin} - - ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin123} - - ADMIN_EMAIL=${ADMIN_EMAIL:-admin@memoh.local} - - MCP_BUSYBOX_IMAGE=memoh-mcp:latest - - MCP_DATA_ROOT=/var/lib/memoh/data - - MCP_DATA_MOUNT=/data volumes: - ./config.toml:/app/config.toml:ro - /var/run/docker.sock:/var/run/docker.sock @@ -94,11 +72,10 @@ services: agent: build: context: . - dockerfile: Dockerfile.agent + dockerfile: docker/Dockerfile.agent container_name: memoh-agent - environment: - - NODE_ENV=production - - PORT=8081 + volumes: + - ./config.toml:/app/config.toml:ro ports: - "8081:8081" depends_on: @@ -110,10 +87,10 @@ services: web: build: context: . - dockerfile: Dockerfile.web + dockerfile: docker/Dockerfile.web args: - - VITE_API_URL=${VITE_API_URL:-http://localhost:8080} - - VITE_AGENT_URL=${VITE_AGENT_URL:-http://localhost:8081} + - VITE_API_URL=http://localhost:8080 + - VITE_AGENT_URL=http://localhost:8081 container_name: memoh-web ports: - "80:80" diff --git a/Dockerfile.agent b/docker/Dockerfile.agent similarity index 96% rename from Dockerfile.agent rename to docker/Dockerfile.agent index d0ef24a5..da4c4cef 100644 --- a/Dockerfile.agent +++ b/docker/Dockerfile.agent @@ -16,7 +16,6 @@ WORKDIR /app RUN apk add --no-cache ca-certificates wget -COPY config.toml / COPY --from=builder /build/dist /app/dist COPY --from=builder /build/node_modules /app/node_modules COPY --from=builder /build/package.json /app/package.json diff --git a/cmd/mcp/Dockerfile b/docker/Dockerfile.mcp similarity index 100% rename from cmd/mcp/Dockerfile rename to docker/Dockerfile.mcp diff --git a/Dockerfile.server b/docker/Dockerfile.server similarity index 100% rename from Dockerfile.server rename to docker/Dockerfile.server diff --git a/Dockerfile.web b/docker/Dockerfile.web similarity index 91% rename from Dockerfile.web rename to docker/Dockerfile.web index c19f54f2..c1532a7a 100644 --- a/Dockerfile.web +++ b/docker/Dockerfile.web @@ -23,7 +23,7 @@ FROM nginx:alpine COPY --from=builder /build/packages/web/dist /usr/share/nginx/html -COPY nginx.conf /etc/nginx/conf.d/default.conf +COPY docker/config/nginx.conf /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/config.docker.toml b/docker/config/config.docker.toml similarity index 100% rename from config.docker.toml rename to docker/config/config.docker.toml diff --git a/nginx.conf b/docker/config/nginx.conf similarity index 100% rename from nginx.conf rename to docker/config/nginx.conf