Skip to content

Improve self-hosted deployment process#1

Open
LukaSikic wants to merge 1 commit intomainfrom
improve-deployment-process
Open

Improve self-hosted deployment process#1
LukaSikic wants to merge 1 commit intomainfrom
improve-deployment-process

Conversation

@LukaSikic
Copy link
Copy Markdown
Contributor

@LukaSikic LukaSikic commented Apr 9, 2026

Summary

  • .dist config pattern: Config files (nginx.conf, php-fpm.conf, php.ini) are now shipped as .dist defaults. Active configs are gitignored, so client customizations never conflict with git pull
  • Version pinning: Docker images use pinned versions (1.0.0) instead of :latest to prevent config/image version mismatch
  • init.sh: First-time setup script — copies .dist defaults, generates unique SSL certs per installation, creates .env from example
  • update.sh: Zero-conflict update script — stops containers, pulls repo + images, diffs configs to warn about upstream changes, starts containers
  • docker-compose.override.yml support for client-specific compose customizations (ports, volumes, etc.)
  • Removed shared SSL certs from repo (security issue — every client had the same private key)
  • Removed deprecated version key from docker-compose.yml

How it works

File Owner Git tracked
docker-compose.yml PentestPad Yes
docker-compose.override.yml Client No (gitignored)
docker/*.dist PentestPad Yes
docker/nginx/nginx.conf, docker/php/* Client No (gitignored)
.env Client No (gitignored)

Migration for existing clients

# Save customized configs
cp docker/nginx/nginx.conf docker/nginx/nginx.conf.backup
cp docker/php/php-fpm.conf docker/php/php-fpm.conf.backup
cp docker/php/php.ini docker/php/php.ini.backup

# Pull new structure
git pull

# Run init to set up from defaults
./init.sh

# Restore any customizations from backups

Test plan

  • Fresh clone + ./init.sh creates all config files and certs
  • docker compose up -d works after init
  • ./update.sh runs without conflicts
  • Editing local config files doesn't cause git conflicts on pull
  • docker-compose.override.yml merges correctly with base compose

@LukaSikic
Improve self-hosted deployment: .dist config pattern, version pinning…
c7c4acf 
…, init/update scripts

- Move config files (nginx.conf, php-fpm.conf, php.ini) to .dist defaults;
  active configs are now gitignored so client customizations never conflict
  with git pull
- Remove shared SSL certs from repo; init.sh generates unique per-install certs
- Pin Docker image versions (no more :latest) to prevent config/image mismatch
- Add VERSION file for tracking deployed versions
- Add init.sh for first-time setup (copies defaults, generates certs, creates .env)
- Add update.sh for zero-conflict updates (pulls, diffs configs, warns of changes)
- Add docker-compose.override.yml support for client compose customizations
- Remove deprecated docker-compose version key
- Update README with quick start and update instructions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LukaSikic