6.8 KiB
Docker Deployment Guide
This guide explains how to deploy the Drakkenheim RAG application using Docker Compose with persistent storage.
Prerequisites
- Docker and Docker Compose installed on your server
- OpenAI API key
Project Structure
The project follows Python best practices with a src/ layout:
drakkenheim/
├── src/
│ └── drakkenheim/ # Main package
│ ├── __init__.py # Package initialization
│ ├── auth.py # Authentication & session management
│ ├── llm.py # LLM, embeddings & vector operations
│ ├── document.py # Document processing
│ ├── storage.py # File persistence
│ └── ui.py # User interface components
├── app.py # Main application entry point
├── generate_password.py # Password generation utility
├── docker-compose.yml # Docker orchestration
├── Dockerfile # Container definition
└── requirements/ # Dependencies
Benefits of the src/ layout:
- Clean separation between source code and project files
- Prevents import issues during development and testing
- Industry standard for Python projects
- Better packaging and distribution support
- Easier testing and CI/CD integration
Quick Start
-
Clone and navigate to the project:
git clone <your-repo-url> cd drakkenheim -
Set up environment variables:
# Copy the example environment file cp env.example .env # Generate secure password hash python3 generate_password.py # Edit .env and add your OpenAI API key and generated auth config nano .env -
Build and start the application:
docker compose up -d -
Access the application:
- Open your browser to
http://your-server-ip:8501 - The application will be available and ready to use
- Open your browser to
Persistent Storage
The application uses Docker volumes to persist data between restarts:
- ChromaDB Database:
chroma_datavolume - Processed Files Metadata:
processed_filesvolume - Uploaded Files:
uploaded_filesvolume
Management Commands
Start the application:
docker compose up -d
Stop the application:
docker compose down
View logs:
docker compose logs -f rag-app
Restart the application:
docker compose restart rag-app
Update the application:
# Pull latest changes
git pull
# Rebuild and restart
docker compose up -d --build
Backup data:
# Create backup directory
mkdir -p backups
# Backup ChromaDB data
docker run --rm -v drakkenheim_chroma_data:/data -v $(pwd)/backups:/backup alpine tar czf /backup/chroma_data_$(date +%Y%m%d_%H%M%S).tar.gz -C /data .
# Backup processed files
docker run --rm -v drakkenheim_processed_files:/data -v $(pwd)/backups:/backup alpine tar czf /backup/processed_files_$(date +%Y%m%d_%H%M%S).tar.gz -C /data .
Restore data:
# Restore ChromaDB data
docker run --rm -v drakkenheim_chroma_data:/data -v $(pwd)/backups:/backup alpine tar xzf /backup/chroma_data_YYYYMMDD_HHMMSS.tar.gz -C /data
# Restore processed files
docker run --rm -v drakkenheim_processed_files:/data -v $(pwd)/backups:/backup alpine tar xzf /backup/processed_files_YYYYMMDD_HHMMSS.tar.gz -C /data
Configuration
Environment Variables
Edit .env file to customize:
# Required
OPENAI_API_KEY=your_api_key_here
# Authentication (REQUIRED for production)
APP_PASSWORD_HASH=your_hashed_password_here
PASSWORD_SALT=your_random_salt_here
SESSION_TIMEOUT=3600
# Optional overrides
OPENAI_EMBEDDING_MODEL=text-embedding-3-small
OPENAI_LLM_MODEL=gpt-4o-mini
STREAMLIT_SERVER_PORT=8501
Authentication Setup
Generate secure credentials:
# Run the password generator
python3 generate_password.py
# Follow the prompts to set your password
# Copy the generated values to your .env file
Security Features:
- Password hashing: SHA-256 with salt
- Session timeout: Automatic logout after inactivity
- Secure storage: Passwords never stored in plain text
- Development mode: No auth required if no password is set
Port Configuration
To change the port, modify docker-compose.yml:
ports:
- "8080:8501" # Change 8080 to your desired port
Monitoring
Health Check
The application includes a health check that monitors:
- Streamlit server availability
- Automatic restart on failure
Logs
# View all logs
docker-compose logs
# Follow logs in real-time
docker-compose logs -f
# View specific service logs
docker-compose logs rag-app
Troubleshooting
Common Issues
-
Port already in use:
# Check what's using the port sudo netstat -tulpn | grep :8501 # Kill the process or change the port in docker-compose.yml -
Permission issues:
# Fix volume permissions sudo chown -R 1000:1000 /var/lib/docker/volumes/drakkenheim_*/ -
Out of disk space:
# Clean up unused Docker resources docker system prune -a # Check volume sizes docker system df -v -
API key issues:
- Verify your
.envfile has the correct API key - Check the logs for authentication errors
- Ensure the API key has sufficient credits
- Verify your
Reset Application
# Stop and remove containers
docker compose down
# Remove volumes (WARNING: This deletes all data)
docker volume rm drakkenheim_chroma_data drakkenheim_processed_files drakkenheim_uploaded_files
# Start fresh
docker compose up -d
Security Considerations
-
API Key Security:
- Never commit
.envfiles to version control - Use Docker secrets for production deployments
- Rotate API keys regularly
- Never commit
-
Network Security:
- Use a reverse proxy (nginx) for production
- Enable HTTPS with SSL certificates
- Restrict access with firewall rules
-
Data Security:
- Regular backups of persistent volumes
- Encrypt sensitive data at rest
- Monitor access logs
Production Deployment
For production deployment, consider:
-
Reverse Proxy Setup:
server { listen 80; server_name your-domain.com; location / { proxy_pass http://localhost:8501; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } } -
SSL Certificate:
# Using Let's Encrypt sudo certbot --nginx -d your-domain.com -
Monitoring:
- Set up log aggregation
- Monitor resource usage
- Set up alerts for failures
Support
If you encounter issues:
- Check the logs:
docker compose logs -f - Verify your environment variables
- Ensure Docker has sufficient resources
- Check the troubleshooting section above