generated from bisco/codex-bootstrap
docs: add first startup procedure
This commit is contained in:
@@ -45,6 +45,85 @@ Open:
|
||||
Use the development credentials copied into `.env` only locally. Change them before
|
||||
sharing the environment.
|
||||
|
||||
## First startup procedure
|
||||
|
||||
Use this checklist for the first run of a new environment.
|
||||
|
||||
1. Create the environment file:
|
||||
|
||||
```bash
|
||||
cp .env.example .env
|
||||
```
|
||||
|
||||
2. Edit `.env` before starting containers:
|
||||
|
||||
- set strong `MARIADB_PASSWORD`, `MARIADB_ROOT_PASSWORD`, and `WP_ADMIN_PASSWORD`;
|
||||
- set `WP_URL` to the public URL, for example `https://lab.younerd.org`;
|
||||
- set `LETSENCRYPT_DOMAIN` to the same hostname when direct Let's Encrypt is used;
|
||||
- keep `LETSENCRYPT_STAGING=1` for the first certificate test;
|
||||
- configure `DB_DATA_PATH`, `WORDPRESS_DATA_PATH`, `LETSENCRYPT_DATA_PATH`, and
|
||||
`CERTBOT_CHALLENGES_PATH` for the host directories that must persist.
|
||||
|
||||
3. Prepare host-based volumes and permissions:
|
||||
|
||||
```bash
|
||||
./scripts/prepare-host-volumes.sh
|
||||
```
|
||||
|
||||
On Linux hosts, rerun with `sudo` if the script warns that it cannot change
|
||||
ownership:
|
||||
|
||||
```bash
|
||||
sudo ./scripts/prepare-host-volumes.sh
|
||||
```
|
||||
|
||||
4. Start the runtime services:
|
||||
|
||||
```bash
|
||||
docker compose up --build -d
|
||||
docker compose ps
|
||||
```
|
||||
|
||||
With `LETSENCRYPT_ENABLED=1` and no certificate yet, NGINX intentionally returns
|
||||
`503` for normal application traffic while still serving ACME challenge and health
|
||||
routes. Certbot should start after the proxy becomes healthy.
|
||||
|
||||
5. Install/configure WordPress on the real persistent volume:
|
||||
|
||||
```bash
|
||||
docker compose --profile tools run --rm wp-cli /scripts/bootstrap.sh
|
||||
```
|
||||
|
||||
Do not add `-f docker-compose.test.yml` here. The test override uses disposable test
|
||||
volumes and is only for automated checks.
|
||||
|
||||
6. Follow certificate issuance:
|
||||
|
||||
```bash
|
||||
docker compose logs -f proxy certbot
|
||||
```
|
||||
|
||||
After the staging certificate flow is working, switch to the production CA:
|
||||
|
||||
```dotenv
|
||||
LETSENCRYPT_STAGING=0
|
||||
```
|
||||
|
||||
Then restart the affected services:
|
||||
|
||||
```bash
|
||||
docker compose up -d proxy certbot
|
||||
```
|
||||
|
||||
7. Final sanity checks:
|
||||
|
||||
```bash
|
||||
docker compose ps
|
||||
docker compose logs --tail=100 proxy wordpress db certbot
|
||||
```
|
||||
|
||||
Open the configured `WP_URL` and `/wp-admin/`.
|
||||
|
||||
Persistent data uses host-based bind mounts by default:
|
||||
|
||||
- `./runtime/db` for MariaDB;
|
||||
|
||||
Reference in New Issue
Block a user