Files
cgalo5758 7bff4ac603 Validate startup config and retry Temporal
Fail fast with aggregated config errors after resolving secret files,
before services initialize. Add Valkey session config, remove the unused
session-secret, and fix the production CSP env key.

Retry initial Temporal dials with bounded backoff and gate the test
Temporal service on healthy DB and Keycloak dependencies.
2026-07-01 19:04:26 -05:00

1.3 KiB

title, audience, summary
title audience summary
Hosting member-console
admin
Build the container image and generate the secrets needed to run a member-console instance.

Hosting member-console

Operational steps for running your own member-console instance. For how the console fits alongside a public site and identity provider, see deployment-architecture.md; for identity-provider configuration, see identity-provider-setup.md.

Building the image

The container image is built with Docker Buildx for both ARM64 and AMD64. Tag it for your own registry:

docker buildx build \
  --platform linux/arm64,linux/amd64 \
  -t your-registry.example/your-org/member-console:latest \
  -t your-registry.example/your-org/member-console:$(date +%Y-%m-%d) \
  --push \
  .

The canonical image is published to git.coopcloud.tech/wiki-cafe/member-console. Substitute your own registry when self-hosting.

Generating secrets

Generate the CSRF secret before deploying, and store it securely:

openssl rand -hex 16      # csrf-secret (32-character hex string)

Sessions are stored server-side in Valkey/Redis and need no signing secret; point valkey-addr at your instance (default localhost:6379).