Add Deployment Guide Documentation (#933)

this changeset addresses the need to rapidly deploy a yarn pod using common patterns via vps/vm, traefik, docker swarm, and cloudflare.

more guides and example will be added as time allows, but for now this has worked for @Screem @prologic and others

Reviewed-on: #933
Reviewed-by: James Mills <james@mills.io>
Co-authored-by: m u t e f a l l <mutefall@noreply@mills.io>
Co-committed-by: m u t e f a l l <mutefall@noreply@mills.io>

AUTHORS

@@ -11,5 +11,6 @@ James Mills <prologic@shortcircuit.net.au>
 Jon Lundy <jon@xuu.cc>
 laz <laz@vltra.plus>
 Marcos Marado <mindboosternoori@gmail.com>
+mutefall <mutefall@mutefall.net>
 Phil S. <phil@txt.ullarah.com>
 venjiang <venjiang@gmail.com>

README.md

@@ -163,6 +163,9 @@ Flags:
 
 Use "yarnc [command] --help" for more information about a command.
 ```
+### Deploy With Docker Swarm and Cloudflare
+
+Visit: [deployment](./deployment/)
 
 ### Deploy with Docker Compose
 

deployment/README.MD

@@ -0,0 +1,32 @@
+#### Deployment
+
+This deployment guide assumes you are using Docker with Swarm mode.  There are many other ways to deploy this which we will cover eventually, but for now Docker Swarm is fairly simple.
+
+
+#### Requirements
+
+- A VPS or VM publically accessible
+- A domain name
+- DNS hosted on Cloudflare
+- A cup of coffee
+
+#### Setup
+
+- Update and configure your VPS/VM how you prefer.  Hardening and configuration is out of scope for this guide
+- Ensure ports 80/443(tcp) are open via IPTables or UFW, however you choose to open them
+- Visit cloudflare and point `mypoddomain.com` to the public-routable IP address of your system, ensure proxy is checked
+- Grab your API key from the Cloudflare interface
+- Install docker on your VPS/VM
+- Create an operator user with `wheel` or `sudo` group as well as `docker` group
+- Execute: `docker swarm init`, you've now created a single node Docker Swarm Cluster
+- Execute: `docker network create -d overlay traefik` this will create the network needed for Traefik and Yarn to communicate
+- Execute: `docker stack deploy -c traefik.yml traefik` this will deploy the traefik stack
+- Give Traefik a few minutes to warm up.  Tail the logs with `docker logs -f traefik_traefik.1.someid` to ensure there are no errors
+- Execute: `docker stack deploy -c yarn.yml yarn`
+- Execute `watch docker stack ps yarn --no-trunc` to ensure the stack comes up and reaches running state
+- Execute: `docker logs -f yarn_yarn.1.someid` to verify the store is merged and service is up
+- If there are no issues, you should be able to visit: `https://mypoddomain.com`
+- To create your admin user, register with the username and email you set in the `yarn.yml` file
+- Login to your pod to verify it was successful
+- You can now customise your pod by visiting Settings -> Poderator Settings
+- Grab another coffee

deployment/traefik.yml

@@ -0,0 +1,56 @@
+---
+version: "3.8"
+
+services:
+  traefik:
+    image: traefik:latest
+    ports:
+      - target: 80
+        published: 80
+        protocol: tcp
+        mode: host
+      - target: 443
+        published: 443
+        protocol: tcp
+        mode: host
+    networks:
+      - traefik
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - traefik:/data
+    command:
+      - --accesslog
+      - --api
+      - --certificatesResolvers.acme.acme.dnschallenge=true
+      - --certificatesResolvers.acme.acme.dnschallenge.provider=cloudflare
+      - --certificatesResolvers.acme.acme.email=youraddress@email.com
+      - --certificatesResolvers.acme.acme.storage=/data/acme.json
+      - --entrypoints.http.address=:80
+      - --entrypoints.http.http.redirections.entryPoint.to=https
+      - --entrypoints.http.http.redirections.entryPoint.scheme=https
+      - --entrypoints.https.address=:443
+      - --entrypoints.https.http.tls=true
+      - --entrypoints.https.http.tls.certresolver=acme
+      - --entrypoints.https.http.tls.domains[0].main=*.mypoddomain.com
+      - --entrypoints.https.http.tls.domains[0].sans=mypoddomain.com
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.docker.network=traefik
+      - --providers.docker.swarmmode=true
+      - --providers.docker.watch=true
+      - --providers.file.directory=/data/rules
+      - --providers.file.watch=true
+    environment:
+      - CLOUDFLARE_EMAIL=yourcloudflare@email.com
+      - CLOUDFLARE_API_KEY=your-cloudflare-api-key
+    deploy:
+      endpoint_mode: dnsrr
+      replicas: 1
+
+networks:
+  traefik:
+    external: true
+
+volumes:
+  traefik:
+    driver: local

deployment/yarn.yml

@@ -0,0 +1,48 @@
+---
+version: “3.8”
+
+services:
+  yarn:
+    image: prologic/yarnd:latest
+    volumes:
+      - yarn:/data
+    networks:
+      - traefik
+    environment:
+      - BASE_URL=https://mypoddomain.com
+      - OPEN_PROFILES=true
+      - OPEN_REGISTRATIONS=true
+      - DISABLE_GZIP=true
+      - ADMIN_USER=youradminusername
+      - ADMIN_NAME=useradminname
+      - ADMIN_EMAIL=youradmin@email.com
+      - SMTP_HOST=xxxx (optional)
+      - SMTP_USER=xxxx (optional)
+      - SMTP_FROM=xxxx (optional)
+      - SMTP_PASS=xxxx (optional)
+      - API_SIGNING_KEY=(generate a string via `openssl -base64 64`)
+      - COOKIE_SECRET=(generate a string via `openssl -base64 64`)
+      - MAGICLINK_SECRET=(generate a string via `openssl -base64 64`)
+      - THEME=/theme
+      - PUID=1000
+      - PGID=1000
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - “traefik.enable=true”
+        - “traefik.http.routers.yarn_yarn.entrypoints=https”
+        - “traefik.docker.network=traefik”
+        - “traefik.http.services.yarn_yarn.loadbalancer.server.port=8000”
+        - “traefik.http.routers.yarn_yarn.rule=Host(`mypoddomain.com`)”
+      restart_policy:
+        condition: any
+
+networks:
+  traefik:
+  external: true
+
+volumes:
+  yarn:
+  driver: local
+