# Production Docker Compose Runbook

This runbook is for small self-hosted and marketplace deployments. Larger SaaS or enterprise deployments should use managed infrastructure or Kubernetes/ECS.

## Files

- `deploy/docker-compose.prod.yml`
- `deploy/env.production.example`
- `deploy/nginx/default.conf`

## Preflight

1. Copy `deploy/env.production.example` to `.env`.
2. Replace all passwords, keys, URLs, and public keys.
3. Confirm `APP_DEBUG=false`.
4. Confirm `DEPLOYMENT_MODE=self_hosted`.
5. Confirm DNS points to the server.
6. Terminate HTTPS at a load balancer, reverse proxy, or an HTTPS-enabled nginx layer.

## Start

```powershell
docker compose -f deploy/docker-compose.prod.yml --env-file .env up -d --build
```

## Verify

```powershell
docker compose -f deploy/docker-compose.prod.yml ps
curl http://127.0.0.1/healthz
```

Then open the installer and complete:

```text
/installer
```

## Operational Checks

- backend container healthy
- frontend container healthy
- nginx `/healthz` healthy
- postgres healthy
- redis healthy
- license heartbeat scheduled
- signed update check scheduled
- integrity scan scheduled
- backup policy configured

## Warning

The current backend Dockerfile is a Phase 1 scaffold. Before live production traffic, replace the PHP built-in server with a proper PHP-FPM/nginx or Octane runtime.