gilles/mesh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
mesh/docs/deployment.md
Gilles Soulier 1d177e96a6 first
2026-01-05 13:20:54 +01:00

94 lines
2.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 📄 deployment.md — Mesh Deployment (self-hosted)
## 1. Composants
- mesh-server (FastAPI + WS)
- coturn (TURN) — fallback NAT strict
- gotify (notifications)
- (optionnel) reverse proxy (Caddy/Nginx) + TLS
## 2. Variables denvironnement (exemple)
- MESH_PUBLIC_URL=https://mesh.example.com
- MESH_JWT_SECRET=...
- GOTIFY_URL=https://gotify.example.com
- GOTIFY_TOKEN=...
- TURN_HOST=turn.example.com
- TURN_PORT=3478
- TURN_USER=mesh
- TURN_PASS=...
## 3. docker-compose (exemple)
Placez ceci dans `infra/docker-compose.yml`.
services:
mesh-server:
build: ../server
environment:
- MESH_JWT_SECRET=${MESH_JWT_SECRET}
- GOTIFY_URL=${GOTIFY_URL}
- GOTIFY_TOKEN=${GOTIFY_TOKEN}
- TURN_URL=${TURN_URL}
- STUN_URL=${STUN_URL}
ports:
- "8000:8000"
restart: unless-stopped
coturn:
image: coturn/coturn:latest
command: >
-n
--log-file=stdout
--external-ip=${TURN_EXTERNAL_IP}
--realm=${TURN_REALM}
--user=${TURN_USER}:${TURN_PASS}
--listening-port=3478
--min-port=49160 --max-port=49200
--fingerprint
--lt-cred-mech
--no-multicast-peers
--no-cli
network_mode: "host"
restart: unless-stopped
gotify:
image: gotify/server:latest
environment:
- GOTIFY_DEFAULTUSER_NAME=admin
- GOTIFY_DEFAULTUSER_PASS=adminadmin
ports:
- "8080:80"
volumes:
- gotify_data:/app/data
restart: unless-stopped
volumes:
gotify_data:
## 4. Notes TURN
- TURN peut devenir “lourd” si beaucoup de pairs passent en relay.
- Prévoir monitoring trafic + quotas.
- Credentials temporaires (V1+) recommandé.
## 5. Reverse proxy + TLS (recommandé)
- Terminer TLS au proxy (Caddy/Nginx).
- Forward:
- /api → mesh-server
- /ws → mesh-server (upgrade websocket)
- TURN: idéalement domaine dédié (turn.example.com) + ports ouverts.
## 6. Ports réseau
- Mesh Server: 443 (TLS) / 80 (redirect)
- TURN: 3478 UDP/TCP + range UDP (ex 49160-49200)
- Gotify: 443/80 (si exposé), sinon LAN only
## 7. Checks de santé
- /health sur mesh-server
- gotify UI accessible
- test ICE: vérifier host/srflx/relay
## 8. Exploitation
- Sauvegarder:
- DB mesh (si sqlite/postgres)
- gotify_data
- Rotation logs
Reference in New Issue View Git Blame Copy Permalink