faicel/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Page: 07-Stacks-Deployment
Pages
00-Architecture-Overview 01-System-Hardware 02-Operating-System 03-SSH-Hardening 04-Docker-Installation 05-Docker-Swarm 06-Network-Architecture 07-Stacks-Deployment 08-Reverse-Proxy 09-Certbot-Lets-Encrypt 10-TURN-server 11-PostgreSQL-Configuration 12-MinIO-Configuration 13-Forgejo-Configuration 14-Mattermost-Configuration 15-Backup-and-Recovery 16-Security-Checklist Home
1 07-Stacks-Deployment
faycel edited this page 2026-02-26 21:00:29 +00:00
Table of Contents

This page documents the deployment of the production stacks using Docker Swarm.

Snapshot date: 2026-02
Deployment mode: Docker Swarm
Node role: Single Manager

1. Directory Structure

Production directory layout:

/home/ubuntu/docker/
└── swarm/
    ├── data/
    │   └── data.yml
    ├── infra/
    │   ├── infra.yml
    │   └── certbot/
    │       ├── conf/
    │       └── www/
    ├── apps/
    │   └── apps.yml
    └── secrets/

Stack Separation

Stack Purpose
data PostgreSQL and MinIO
infra Nginx, Certbot, networking
apps Forgejo, Mattermost

Certbot volumes:

  • /home/ubuntu/docker/swarm/infra/certbot/conf
  • /home/ubuntu/docker/swarm/infra/certbot/www

This structure ensures separation between persistent data, infrastructure, and application logic.

Stack Separation

Stack Purpose
data Databases and object storage
infra Reverse proxy, certificates, networking
apps Application services

This separation allows controlled deployment and troubleshooting.

2. Deployment Order

Stacks must be deployed in the following order:

  1. data
  2. apps
  3. infra

Rationale:

  • Databases must be available before applications start.
  • Application services must exist before Nginx starts, otherwise upstream resolution may fail.
  • Infrastructure stack is deployed last to expose stable services.

3. Deploy Stacks

From inside swarm/ directory:

cd swarm/

Deploy data stack:

sudo docker stack deploy -c data/data.yml data

Deploy application stack:

sudo docker stack deploy -c apps/apps.yml apps

Deploy infrastructure stack:

sudo docker stack deploy -c infra/infra.yml infra

4. Verify Deployment

List stacks:

sudo docker stack ls

List services:

sudo docker service ls

Check specific service logs:

sudo docker service logs apps_forgejo

Check service tasks:

sudo docker service ps apps_forgejo

5. Inspect Running Services

Example:

sudo docker service inspect apps_mattermost

Verify:

  • Replicas
  • Network attachments
  • Secrets
  • Ports

6. Port Exposure

Expected public ports:

Service Port
Nginx 80 / 443
Forgejo SSH 2222
TURN 3478/udp

All other services must remain internal.

Verify listening ports:

sudo ss -tulpn

7. Rolling Updates

To update a stack after modification:

sudo docker stack deploy -c apps/apps.yml apps

Swarm performs rolling updates automatically.

8. Force Service Restart

If needed:

sudo docker service update --force apps_forgejo

9. Remove a Stack

sudo docker stack rm apps

Wait for services to stop:

sudo docker service ls

10. Production Notes

  • Never use docker run directly in production.
  • Always deploy via stack files.
  • Keep stack files version-controlled.
  • Document all changes.
  1. Architecture Overview
  2. System Hardware
  3. Operating System
  4. SSH Hardening
  5. Docker Installation
  6. Docker Swarm Configuration
  7. Network Architecture
  8. Stacks Deployment
  9. Reverse Proxy
  10. Certbot & Let's Encrypt
  11. TURN Server (Coturn)
  12. PostgreSQL Configuration
  13. MinIO Configuration
  14. Forgejo Configuration
  15. Mattermost Configuration
  16. Backup and Recovery
  17. Security Checklist