This guide outlines the necessary configuration changes to prepare the OnRabble project for deployment in a production environment. Be sure to update the following files based on your infrastructure and secrets management practices.
.env.prodPurpose: Sets environment variables for the production deployment of the chatserver Docker service.
PUBLIC_HOSTNAME=example.comThis file is loaded by the chatserver container at runtime and should contain your domain name.
Caddy acts as a reverse proxy to route traffic between Docker services.
caddy/Caddyfile.prodPurpose: Configures Caddy as the HTTPS reverse proxy for the application in production.
Start by setting your email at the top of the file so Caddy can register TLS certificates with Let’s Encrypt:
{
email dev@onrabble.com
}Then replace all instances of example.com with your domain.
For example:
onrabble.com {
@index path /index
rewrite @index /
reverse_proxy web:3000
}
chat.onrabble.com {
reverse_proxy chatserver:8080 {
header_up Host {host}
header_up X-Forwarded-Proto {scheme}
}
log {
output stdout
level debug
}
}
# Proxy to Keycloak
keycloak.onrabble.com {
# health check reverse proxy
@health path /health /health/*
reverse_proxy @health keycloak:9000
reverse_proxy keycloak:8080
log {
output stdout
level debug
}
}Keycloak provides the authentication service for OnRabble. Two files define the production configuration:
keycloak/.env.prodkeycloak/chat-realm.prod.jsonkeycloak/.env.prodPurpose: Sets environment variables for the Keycloak service in production.
Ensure KC_HOSTNAME reflects the full url of your keycloak service (e.g. keycloak.onrabble.com).
Configure the database connection fields:
KC_DBKC_DB_URL_HOSTKC_DB_USERNAMEKC_DB_PASSWORDKC_DB_URLSet secure values for KC_BOOTSTRAP_ADMIN_USERNAME and KC_BOOTSTRAP_ADMIN_PASSWORD.
# Keycloak Base Configuration
KC_HOSTNAME=keycloak.onrabble.com
KC_HOSTNAME_STRICT=false
# Keycloak Database Configuration
KC_DB=postgres
KC_DB_URL_HOST=postgres
KC_DB_USERNAME=keycloak
KC_DB_PASSWORD=keycloak
KC_DB_URL=jdbc:postgresql://postgres/keycloak
KC_BOOTSTRAP_ADMIN_USERNAME=admin
KC_BOOTSTRAP_ADMIN_PASSWORD=changeme
# Keycloak Realm Names
REALM_NAME=Chatserver
CHAT_CLIENT_NAME=ChatClient
WEB_CLIENT_NAME=WebClientkeycloak/chat-realm.prod.jsonPurpose: Defines the Keycloak realm and client configuration.
Update the users array to set your initial admin username and password. Do not remove the realmRoles field.
"users": [
{
"username": "Daftpy",
"enabled": true,
"credentials": [
{
"type": "admin",
"value": "adminpass"
}
],
"realmRoles": [ "admin" ]
}
],Then update the redirectUris and webOrigins fields to match your frontend domain, including the https:// prefix:
{
"clientId": "${WEB_CLIENT_NAME}",
"enabled": true,
"publicClient": true,
"directAccessGrantsEnabled": true,
"standardFlowEnabled": true,
"redirectUris": [
"https://onrabble.com/*"
],
"webOrigins": [
"https://onrabble.com"
]
}The admin dashboard is powered by a React Router frontend application, configured using Vite.
web/.env.productionPurpose: Environment variables for the admin dashboard frontend.
VITE_HOSTNAME=onrabble.comEnsure VITE_HOSTNAME is set to your domain name.
example.com with your actual domainchat, keycloak, and www subdomainsdocker-compose -f docker-compose.prod.yml up -d --build