apunkt/dograh
1
0
Fork 0
mirror of https://github.com/dograh-hq/dograh.git synced 2026-06-22 08:38:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
dograh/deploy/hostinger/README.md
Abhishek bb334106ad
Add Hostinger (managed-Traefik) deployment files (#459) 
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 14:41:28 +05:30

2.9 KiB
Raw Blame History

Hostinger (managed-Traefik) deployment

Deploy Dograh where a shared, managed Traefik with Let's Encrypt already terminates TLS and routes ingress — e.g. Hostinger's VPS Docker Manager. The same files work on any host that fronts containers with Traefik.

Files

File Role Deploy on Hostinger?
docker-compose.yaml The Dograh app stack. Single self-contained file — named volumes only, no host bind-mounts, no init/sidecar that reads files outside the compose. Yes
.env.example Required + optional environment variables, with guidance. Copy to .env and fill in. Yes (as the env template)
docker-compose.traefik.yaml A standalone Traefik + Let's Encrypt that stands in for the managed Traefik, so you can reproduce the environment on a plain VPS for testing. Also documents what the platform's Traefik must provide. No — reference only

What the app stack needs from Traefik

Routing is declared with Traefik labels on ui, api, and minio: /api/v1 → api (includes the signaling WebSocket), /voice-audio → minio, everything else → ui. For that to work the platform's Traefik must offer:

  • an HTTPS entrypoint — set TRAEFIK_ENTRYPOINT (e.g. websecure)
  • a Let's Encrypt certresolver — set TRAEFIK_CERTRESOLVER
  • the Docker provider watching a shared network — set TRAEFIK_NETWORK
  • a long idleTimeout so long-lived signaling WebSockets aren't cut
  • (recommended) a global HTTP→HTTPS redirect

Traefik upgrades WebSockets automatically — no special label is required.

WebRTC media (coturn) is NOT proxied by Traefik

Voice audio is UDP (ICE/DTLS-SRTP), relayed by the bundled coturn. A reverse proxy cannot carry it. coturn publishes host ports that must be open in the VPS firewall: UDP+TCP 3478 and 5349, and UDP 49152-49200. TURN_HOST must be the public IP (or a domain resolving to it). Without this, calls connect (signaling succeeds) but have no audio.

Deploy on Hostinger

The platform provides Traefik, so you only deploy the app stack:

  1. Copy .env.example.env and fill in PUBLIC_HOST, TURN_HOST, the secrets, and the three TRAEFIK_* values (matched to Hostinger's Traefik).
  2. Import / deploy docker-compose.yaml.
  3. Ensure the coturn UDP/TCP ports above are open in the firewall.

Test on a generic VPS (self-managed stand-in Traefik)

On a box that does not already run Traefik:

cp .env.example .env     # fill in PUBLIC_HOST, TURN_HOST, secrets, ACME_EMAIL
docker network create traefik
docker compose -f docker-compose.traefik.yaml --env-file .env up -d   # stand-in Traefik
docker compose --env-file .env up -d                                  # app stack

A no-cost trick for a real cert without owning a domain: set PUBLIC_HOST=<public-ip>.sslip.io (sslip.io resolves any embedded IP), which Let's Encrypt will happily issue for.