Soittola
Soittola project
Requirements
Architecture
The thing runs as a set of Docker containers. Todo: insert picture
Reverse Proxy
A Traefik container proxies requests to the other components. This to facilitate e.g. automatic certificates from Let's Encrypt.
Frontend
A Svelte app.
Backend
A Node.js app.
Database
A Postgres database. See the db subfolder for a bootstrap SQL file that runs when the container is first created. Note that the script isn't triggered if the container volume already has database files (this is a feature of the Postgres image). To apply schema changes, do as follows:
- Backup the database
- Stop the database service:
docker stop container_name - Remove the volume:
docker volume rm volume_name - Rebuild and start the database service:
docker-compose -d --buildfrom the source direcory
Admin
The setup contains an admin subdomain with some tools:
- Database admin: adminer
- Traefik dashboard*
The admin part is password protected as required.
* still to be published
Security
HTTPS only
Let's Encrypt with SSL Labs target score A+.
Security headers
Basic http security headers according to OWASP recommendations and Security Headers
Secure login
Azure B2C login preferred, local user accounts safely stored with BCrypt and salt.
Client-server comms
Client-server comms uses Branca tokens for authentication. To generate the encryption key, run:
$ openssl rand -hex 32
Development
- Clone this repo
- Populate the .env-sample files, rename to .env
- Hack away
- Run instructions to follow...
Deployment
Deployment instructions to follow...
