7bff4ac603
Fail fast with aggregated config errors after resolving secret files, before services initialize. Add Valkey session config, remove the unused session-secret, and fix the production CSP env key. Retry initial Temporal dials with bounded backoff and gate the test Temporal service on healthy DB and Keycloak dependencies.
1.3 KiB
1.3 KiB
title, audience, summary
| title | audience | summary | |
|---|---|---|---|
| Hosting member-console |
|
Build the container image and generate the secrets needed to run a member-console instance. |
Hosting member-console
Operational steps for running your own member-console instance. For how the console fits alongside a public site and identity provider, see deployment-architecture.md; for identity-provider configuration, see identity-provider-setup.md.
Building the image
The container image is built with Docker Buildx for both ARM64 and AMD64. Tag it for your own registry:
docker buildx build \
--platform linux/arm64,linux/amd64 \
-t your-registry.example/your-org/member-console:latest \
-t your-registry.example/your-org/member-console:$(date +%Y-%m-%d) \
--push \
.
The canonical image is published to
git.coopcloud.tech/wiki-cafe/member-console. Substitute your own registry when self-hosting.
Generating secrets
Generate the CSRF secret before deploying, and store it securely:
openssl rand -hex 16 # csrf-secret (32-character hex string)
Sessions are stored server-side in Valkey/Redis and need no signing secret; point
valkey-addrat your instance (defaultlocalhost:6379).