From 395ccf34fba7253a54ebfc8e549d129e46ca62e6 Mon Sep 17 00:00:00 2001
From: geohacker <sajjadkm@gmail.com>
Date: Wed, 24 Sep 2025 14:02:07 +0530
Subject: [PATCH 1/8] initial caddy deploy compose files

---
 deploy/caddy/docker-compose.yml | 21 +++++++++++++++++++++
 deploy/vbos/docker-compose.yml  | 17 +++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 deploy/caddy/docker-compose.yml
 create mode 100644 deploy/vbos/docker-compose.yml

diff --git a/deploy/caddy/docker-compose.yml b/deploy/caddy/docker-compose.yml
new file mode 100644
index 0000000..fdf3805
--- /dev/null
+++ b/deploy/caddy/docker-compose.yml
@@ -0,0 +1,21 @@
+services:
+  caddy:
+    image: lucaslorentz/caddy-docker-proxy:ci-alpine
+    ports:
+      - 80:80
+      - 443:443
+    environment:
+      - CADDY_INGRESS_NETWORKS=caddy
+    networks:
+      - caddy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - caddy_data:/data
+    restart: unless-stopped
+
+networks:
+  caddy:
+    external: true
+
+volumes:
+  caddy_data: {}
\ No newline at end of file
diff --git a/deploy/vbos/docker-compose.yml b/deploy/vbos/docker-compose.yml
new file mode 100644
index 0000000..c335eac
--- /dev/null
+++ b/deploy/vbos/docker-compose.yml
@@ -0,0 +1,17 @@
+services:
+  vbos-backend:
+    image: ghcr.io/developmentseed/vbos-backend:latest
+    environment:
+      - DJANGO_SETTINGS_MODULE=vbos.config.production
+    ports:
+      - 8000:8000
+    ipc: host
+    networks:
+      - caddy
+    labels:
+      caddy: vbos-backend.ds.io
+      caddy.reverse_proxy: "{{upstreams 8000}}"
+
+networks:
+  caddy:
+    external: true
\ No newline at end of file

From 357cbad153368ecf81fb288a7e6960eeb0de1660 Mon Sep 17 00:00:00 2001
From: Tarashish Mishra <sunu@sunu.in>
Date: Wed, 24 Sep 2025 13:44:41 +0000
Subject: [PATCH 2/8] Fix Caddy static file serving

---
 deploy/caddy/docker-compose.yml |  5 ++++-
 deploy/vbos/docker-compose.yml  | 15 ++++++++++++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/deploy/caddy/docker-compose.yml b/deploy/caddy/docker-compose.yml
index fdf3805..50ab2c2 100644
--- a/deploy/caddy/docker-compose.yml
+++ b/deploy/caddy/docker-compose.yml
@@ -11,11 +11,14 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - caddy_data:/data
+      - /home/devseed/vbos-backend/static:/www/html/static
     restart: unless-stopped
+    # labels:
+    #   caddy.debug:
 
 networks:
   caddy:
     external: true
 
 volumes:
-  caddy_data: {}
\ No newline at end of file
+  caddy_data: {}
diff --git a/deploy/vbos/docker-compose.yml b/deploy/vbos/docker-compose.yml
index c335eac..509c8a5 100644
--- a/deploy/vbos/docker-compose.yml
+++ b/deploy/vbos/docker-compose.yml
@@ -1,17 +1,26 @@
 services:
   vbos-backend:
-    image: ghcr.io/developmentseed/vbos-backend:latest
+    image: ghcr.io/developmentseed/vbos-backend:main
     environment:
+      - DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
+      - DJANGO_AWS_ACCESS_KEY_ID=${DJANGO_AWS_ACCESS_KEY_ID}
+      - DJANGO_AWS_SECRET_ACCESS_KEY=${DJANGO_AWS_SECRET_ACCESS_KEY}
+      - DJANGO_AWS_STORAGE_BUCKET_NAME=${DJANGO_AWS_STORAGE_BUCKET_NAME}
+      - DJANGO_DB_URL=${DJANGO_DB_URL}
       - DJANGO_SETTINGS_MODULE=vbos.config.production
+      - PORT=8000
     ports:
-      - 8000:8000
+      - 8080:8000
     ipc: host
     networks:
       - caddy
     labels:
       caddy: vbos-backend.ds.io
       caddy.reverse_proxy: "{{upstreams 8000}}"
+      caddy.handle: "/static/*"
+      caddy.handle.root: "* /www/html"
+      caddy.handle.file_server:
 
 networks:
   caddy:
-    external: true
\ No newline at end of file
+    external: true

From a7e2da1419b669c745d7cd79e67a8a1a53f558b3 Mon Sep 17 00:00:00 2001
From: geohacker <sajjadkm@gmail.com>
Date: Wed, 24 Sep 2025 20:16:02 +0530
Subject: [PATCH 3/8] add csrf trusted origin

---
 vbos/config/common.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vbos/config/common.py b/vbos/config/common.py
index 758d9cb..044e30c 100755
--- a/vbos/config/common.py
+++ b/vbos/config/common.py
@@ -41,6 +41,7 @@ class Common(Configuration):
     )
 
     ALLOWED_HOSTS = ["*"]
+    CSRF_TRUSTED_ORIGINS = ["https://vbos-backend.ds.io/"]
     ROOT_URLCONF = "vbos.urls"
     SECRET_KEY = os.getenv("DJANGO_SECRET_KEY")
     WSGI_APPLICATION = "vbos.wsgi.application"

From f108f80f327c8dbbe5527b388495e4f86b262f00 Mon Sep 17 00:00:00 2001
From: geohacker <sajjadkm@gmail.com>
Date: Wed, 24 Sep 2025 20:17:36 +0530
Subject: [PATCH 4/8] temporarily create images from deploy branch

---
 .github/workflows/docker-publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 29ae1a1..c5fd4c2 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -9,7 +9,7 @@ on:
   schedule:
     - cron: '44 15 * * *'
   push:
-    branches: [ "main" ]
+    branches: [ "main", "deploy" ]
     # Publish semver tags as releases.
     tags: [ 'v*.*.*' ]
   pull_request:

From 16991afa46b025d81c5f9248deda45bd0a14bfb7 Mon Sep 17 00:00:00 2001
From: geohacker <sajjadkm@gmail.com>
Date: Wed, 24 Sep 2025 20:23:39 +0530
Subject: [PATCH 5/8] no trailing slash

---
 vbos/config/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vbos/config/common.py b/vbos/config/common.py
index 044e30c..e32ac51 100755
--- a/vbos/config/common.py
+++ b/vbos/config/common.py
@@ -41,7 +41,7 @@ class Common(Configuration):
     )
 
     ALLOWED_HOSTS = ["*"]
-    CSRF_TRUSTED_ORIGINS = ["https://vbos-backend.ds.io/"]
+    CSRF_TRUSTED_ORIGINS = ["https://vbos-backend.ds.io"]
     ROOT_URLCONF = "vbos.urls"
     SECRET_KEY = os.getenv("DJANGO_SECRET_KEY")
     WSGI_APPLICATION = "vbos.wsgi.application"

From b22cebdc25e37aea782e36e17cc9ea36b4478710 Mon Sep 17 00:00:00 2001
From: geohacker <sajjadkm@gmail.com>
Date: Wed, 24 Sep 2025 20:48:48 +0530
Subject: [PATCH 6/8] deploy replica for 0 downtime updates

---
 deploy/vbos/docker-compose.yml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/deploy/vbos/docker-compose.yml b/deploy/vbos/docker-compose.yml
index 509c8a5..328ebdb 100644
--- a/deploy/vbos/docker-compose.yml
+++ b/deploy/vbos/docker-compose.yml
@@ -1,6 +1,17 @@
 services:
   vbos-backend:
     image: ghcr.io/developmentseed/vbos-backend:main
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        order: start-first
+        failure_action: rollback
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
     environment:
       - DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
       - DJANGO_AWS_ACCESS_KEY_ID=${DJANGO_AWS_ACCESS_KEY_ID}
@@ -10,7 +21,7 @@ services:
       - DJANGO_SETTINGS_MODULE=vbos.config.production
       - PORT=8000
     ports:
-      - 8080:8000
+      - "8080:8000"
     ipc: host
     networks:
       - caddy

From 395327c077bc586f2587e448b2aaaaf300b043f3 Mon Sep 17 00:00:00 2001
From: geohacker <sajjadkm@gmail.com>
Date: Wed, 24 Sep 2025 20:49:17 +0530
Subject: [PATCH 7/8] dont create images from deploy

---
 .github/workflows/docker-publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index c5fd4c2..29ae1a1 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -9,7 +9,7 @@ on:
   schedule:
     - cron: '44 15 * * *'
   push:
-    branches: [ "main", "deploy" ]
+    branches: [ "main" ]
     # Publish semver tags as releases.
     tags: [ 'v*.*.*' ]
   pull_request:

From 83c83281eb92a6e313cdce3157b62e284ba22dff Mon Sep 17 00:00:00 2001
From: geohacker <sajjadkm@gmail.com>
Date: Wed, 24 Sep 2025 20:51:52 +0530
Subject: [PATCH 8/8] deploy docs

---
 deploy/README.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 deploy/README.md

diff --git a/deploy/README.md b/deploy/README.md
new file mode 100644
index 0000000..b645b37
--- /dev/null
+++ b/deploy/README.md
@@ -0,0 +1,15 @@
+# Deploying vbos-backend
+
+This app is currently deployed on a Digital Ocean Droplet using docker-caddy reverse proxy.
+All deploy related configuration are in the `deploy/` directory.
+
+1. `deploy/caddy/docker-compose.yml` — starts the caddy reverse proxy which will watch any new containers with the caddy label.
+2. `deploy/vbos/docker-compose.yml` — pulls the latest vbos-backend image and runs the application, with `.env` as the environment.
+
+To update or redeploy:
+1. First ssh into the server. Keys are in 1PW
+2. Fetch code and run migrations. 
+  * Activate venv. `. ~/vbos-env/bin/activate`
+  * `cd vbos-backend && git pull`. `python manage.py migrate`
+3. Then run `docker compose -f deploy/vbos/docker-compose.yml pull` to pull the new image. By default the image tag is `main`
+4. Then run `docker compose -f deploy/vbos/docker-compose.yml --env-file /home/devseed/vbos-backend/.env up --force-recreate -d --no-deps vbos-backend` — this will start a new container and kill the older one for deploys with no downtime