Docker Deployment
DBX can be easily deployed using Docker containers, providing a consistent and isolated environment across different platforms. This guide covers various Docker deployment scenarios from simple single-container setups to production-ready configurations.
Overview
Docker deployment offers several advantages:
- Consistency - Same environment across development, staging, and production
- Isolation - DBX runs in its own container with isolated dependencies
- Portability - Easy to deploy on any platform that supports Docker
- Scalability - Simple horizontal scaling with container orchestration
- Versioning - Easy rollbacks and version management
Prerequisites
- Docker Engine 20.10+ or Docker Desktop
- Docker Compose 2.0+ (for multi-container setups)
- At least 512MB RAM available
- 1GB disk space for the container
Quick Start
Single Container Deployment
# Pull the latest image
docker pull effortlesslabs/0dbx_redis:latest
# Run with default configuration
docker run -p 3000:3000 effortlesslabs/0dbx_redis:latestUsing Docker Compose
Create a docker-compose.yml file:
version: "3.8"
services:
dbx:
image: effortlesslabs/0dbx_redis:latest
container_name: dbx
ports:
- "8080:8080"
environment:
- DBX_DATABASE_URL=redis://redis:6379
- DBX_API_KEY=your-secret-api-key
- DBX_LOG_LEVEL=info
depends_on:
- redis
restart: unless-stopped
networks:
- dbx-network
redis:
image: redis:7-alpine
container_name: dbx-redis
ports:
- "6379:6379"
volumes:
- redis-data:/data
restart: unless-stopped
networks:
- dbx-network
volumes:
redis-data:
networks:
dbx-network:
driver: bridgeRun the stack:
docker-compose up -dProduction Deployment
Multi-Container Production Setup
version: "3.8"
services:
dbx:
image: effortlesslabs/0dbx_redis:latest
container_name: dbx
ports:
- "8080:8080"
environment:
- DBX_DATABASE_URL=redis://redis:6379
- DBX_API_KEY=${DBX_API_KEY}
- DBX_LOG_LEVEL=info
- DBX_RATE_LIMIT_REQUESTS=1000
- DBX_RATE_LIMIT_WINDOW=60
- DBX_CORS_ORIGINS=${DBX_CORS_ORIGINS}
depends_on:
- redis
restart: unless-stopped
networks:
- dbx-network
volumes:
- dbx-logs:/var/log/dbx
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/api/admin/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
redis:
image: redis:7-alpine
container_name: dbx-redis
command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
volumes:
- redis-data:/data
restart: unless-stopped
networks:
- dbx-network
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 10s
retries: 3
nginx:
image: nginx:alpine
container_name: dbx-nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./ssl:/etc/nginx/ssl:ro
depends_on:
- dbx
restart: unless-stopped
networks:
- dbx-network
volumes:
redis-data:
dbx-logs:
networks:
dbx-network:
driver: bridgeEnvironment Variables
Create a .env file:
# DBX Configuration
DBX_API_KEY=your-super-secret-api-key-here
DBX_CORS_ORIGINS=https://yourdomain.com,https://app.yourdomain.com
# Database Configuration
REDIS_PASSWORD=your-redis-password
# SSL Configuration
SSL_CERT_PATH=/etc/nginx/ssl/cert.pem
SSL_KEY_PATH=/etc/nginx/ssl/key.pemNginx Configuration
Create nginx.conf:
events {
worker_connections 1024;
}
http {
upstream dbx_backend {
server dbx:8080;
}
# Rate limiting
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
server {
listen 80;
server_name yourdomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name yourdomain.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# Security headers
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# API endpoints
location /api/ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://dbx_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeouts
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
}
# WebSocket support
location /ws {
proxy_pass http://dbx_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket timeouts
proxy_read_timeout 86400;
}
# Health check endpoint
location /health {
proxy_pass http://dbx_backend/api/admin/health;
access_log off;
}
}
}Development Setup
Local Development with Docker
version: "3.8"
services:
dbx-dev:
build:
context: .
dockerfile: Dockerfile
container_name: dbx-dev
ports:
- "8080:8080"
environment:
- DBX_DATABASE_URL=redis://redis:6379
- DBX_LOG_LEVEL=debug
- DBX_CORS_ORIGINS=*
volumes:
- ./src:/app/src:ro
- ./config:/app/config:ro
depends_on:
- redis
networks:
- dbx-dev-network
command: ["cargo", "run", "--release"]
redis:
image: redis:7-alpine
container_name: dbx-redis-dev
ports:
- "6379:6379"
networks:
- dbx-dev-network
networks:
dbx-dev-network:
driver: bridgeHot Reload Development
version: "3.8"
services:
dbx-dev:
build:
context: .
dockerfile: Dockerfile.dev
container_name: dbx-dev
ports:
- "8080:8080"
environment:
- DBX_DATABASE_URL=redis://redis:6379
- DBX_LOG_LEVEL=debug
volumes:
- ./src:/app/src
- ./Cargo.toml:/app/Cargo.toml
- ./Cargo.lock:/app/Cargo.lock
depends_on:
- redis
networks:
- dbx-dev-network
command: ["cargo", "watch", "-x", "run"]
redis:
image: redis:7-alpine
container_name: dbx-redis-dev
networks:
- dbx-dev-network
networks:
dbx-dev-network:
driver: bridgeCustom Dockerfile
Production Dockerfile
# Multi-stage build for smaller production image
FROM rust:1.75-slim as builder
WORKDIR /app
# Install build dependencies
RUN apt-get update && apt-get install -y \
pkg-config \
libssl-dev \
&& rm -rf /var/lib/apt/lists/*
# Copy dependency files
COPY Cargo.toml Cargo.lock ./
# Create dummy main.rs to build dependencies
RUN mkdir src && echo "fn main() {}" > src/main.rs
# Build dependencies
RUN cargo build --release
# Copy source code
COPY src ./src
# Build the application
RUN cargo build --release
# Production stage
FROM debian:bookworm-slim
# Install runtime dependencies
RUN apt-get update && apt-get install -y \
ca-certificates \
curl \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user
RUN useradd -r -s /bin/false dbx
WORKDIR /app
# Copy binary from builder stage
COPY --from=builder /app/target/release/dbx /app/dbx
# Create necessary directories
RUN mkdir -p /app/logs /app/config && \
chown -R dbx:dbx /app
USER dbx
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
CMD curl -f http://localhost:8080/api/admin/health || exit 1
EXPOSE 8080
CMD ["/app/dbx"]Development Dockerfile
FROM rust:1.75-slim
WORKDIR /app
# Install development dependencies
RUN apt-get update && apt-get install -y \
pkg-config \
libssl-dev \
curl \
&& rm -rf /var/lib/apt/lists/*
# Install cargo-watch for hot reload
RUN cargo install cargo-watch
# Copy dependency files
COPY Cargo.toml Cargo.lock ./
# Copy source code
COPY src ./src
EXPOSE 8080
CMD ["cargo", "watch", "-x", "run"]Kubernetes Deployment
Basic Kubernetes Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: dbx
labels:
app: dbx
spec:
replicas: 3
selector:
matchLabels:
app: dbx
template:
metadata:
labels:
app: dbx
spec:
containers:
- name: dbx
image: effortlesslabs/0dbx_redis:latest
ports:
- containerPort: 8080
env:
- name: DBX_DATABASE_URL
value: "redis://dbx-redis:6379"
- name: DBX_API_KEY
valueFrom:
secretKeyRef:
name: dbx-secrets
key: api-key
- name: DBX_LOG_LEVEL
value: "info"
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /api/admin/health
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /api/admin/ping
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: dbx-service
spec:
selector:
app: dbx
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: ClusterIP
---
apiVersion: v1
kind: Secret
metadata:
name: dbx-secrets
type: Opaque
data:
api-key: <base64-encoded-api-key>Monitoring and Logging
Logging Configuration
version: "3.8"
services:
dbx:
image: effortlesslabs/0dbx_redis:latest
environment:
- DBX_LOG_LEVEL=info
- DBX_LOG_FORMAT=json
volumes:
- dbx-logs:/var/log/dbx
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
# ELK Stack for log aggregation
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.11.0
environment:
- discovery.type=single-node
- xpack.security.enabled=false
volumes:
- elasticsearch-data:/usr/share/elasticsearch/data
logstash:
image: docker.elastic.co/logstash/logstash:8.11.0
volumes:
- ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro
depends_on:
- elasticsearch
kibana:
image: docker.elastic.co/kibana/kibana:8.11.0
ports:
- "5601:5601"
depends_on:
- elasticsearch
volumes:
dbx-logs:
elasticsearch-data:Prometheus Monitoring
version: "3.8"
services:
dbx:
image: effortlesslabs/0dbx_redis:latest
environment:
- DBX_METRICS_ENABLED=true
labels:
- "prometheus.io/scrape=true"
- "prometheus.io/port=8080"
- "prometheus.io/path=/api/admin/metrics"
prometheus:
image: prom/prometheus:latest
ports:
- "9090:9090"
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
- prometheus-data:/prometheus
grafana:
image: grafana/grafana:latest
ports:
- "3000:3000"
environment:
- GF_SECURITY_ADMIN_PASSWORD=admin
volumes:
- grafana-data:/var/lib/grafana
volumes:
prometheus-data:
grafana-data:Security Considerations
Running as Non-Root User
# Create non-root user
RUN useradd -r -s /bin/false dbx
# Set ownership
RUN chown -R dbx:dbx /app
USER dbxSecurity Scanning
# Scan for vulnerabilities
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
aquasec/trivy image effortlesslabs/0dbx_redis:latest
# Scan with Snyk
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
snyk/snyk:docker effortlesslabs/0dbx_redis:latestSecrets Management
# Using Docker Secrets
version: "3.8"
services:
dbx:
image: effortlesslabs/0dbx_redis:latest
secrets:
- dbx_api_key
- redis_password
environment:
- DBX_API_KEY_FILE=/run/secrets/dbx_api_key
- REDIS_PASSWORD_FILE=/run/secrets/redis_password
secrets:
dbx_api_key:
file: ./secrets/api_key.txt
redis_password:
file: ./secrets/redis_password.txtTroubleshooting
Common Issues
Container Won't Start
# Check container logs
docker logs dbx
# Check container status
docker ps -a
# Inspect container
docker inspect dbxConnection Issues
# Test container connectivity
docker exec dbx curl -f http://localhost:8080/api/admin/health
# Check network configuration
docker network ls
docker network inspect dbx-networkPerformance Issues
# Monitor container resources
docker stats dbx
# Check container logs for errors
docker logs -f dbx
# Profile the application
docker exec dbx /app/dbx --profileDebug Mode
# Run in debug mode
docker run -it --rm \
-p 8080:8080 \
-e DBX_LOG_LEVEL=debug \
-e DBX_DATABASE_URL=redis://redis:6379 \
effortlesslabs/0dbx_redis:latestBest Practices
1. Use Specific Image Tags
# Instead of 'latest', use specific versions
docker pull effortlesslabs/0dbx_redis:v1.0.02. Implement Health Checks
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/api/admin/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s3. Resource Limits
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"4. Security Scanning
# Regular security scans
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
aquasec/trivy image effortlesslabs/0dbx_redis:latest5. Backup Strategy
# Backup Redis data
docker exec dbx-redis redis-cli BGSAVE
# Backup configuration
docker cp dbx:/app/config ./backup/config-$(date +%Y%m%d)Environment Variables Reference
| Variable | Description | Default | Required |
|---|---|---|---|
DBX_DATABASE_URL | Database connection URL | - | Yes |
DBX_API_KEY | API key for authentication | - | No |
DBX_LOG_LEVEL | Logging level | info | No |
DBX_LOG_FORMAT | Log format (json, text) | text | No |
DBX_RATE_LIMIT_REQUESTS | Rate limit requests per window | 100 | No |
DBX_RATE_LIMIT_WINDOW | Rate limit window in seconds | 60 | No |
DBX_CORS_ORIGINS | Allowed CORS origins | * | No |
DBX_METRICS_ENABLED | Enable Prometheus metrics | true | No |
DBX_WS_ENABLED | Enable WebSocket support | true | No |