Single-Tenant Deployment
Single-tenant deployment uses Docker Compose with Nginx as a reverse proxy. This is the simplest setup for running one Flo instance.
Prerequisites
- Docker & Docker Compose v2
- SSL certificates (Cloudflare Origin or Let's Encrypt)
- PostgreSQL 16 (included in Docker Compose)
Quick Start
# Clone and configure
git clone https://github.com/team-ledges/Flo
cd Flo
cp .env.example .env
nano .env # Fill in required values
# Deploy
./deploy.sh
Deployment Script
The deploy.sh script handles the full deployment:
| Flag | Behavior |
|---|---|
./deploy.sh | Normal deploy (uses cache) |
./deploy.sh --rebuild | Full rebuild without Docker cache |
./deploy.sh --lite | Rebuild with cache (faster rebuild) |
./deploy.sh --force | Force recreate containers |
Docker Compose Architecture
┌─────────────────────────────────┐
│ Nginx (443/80) │
│ SSL termination, rate limiting │
│ Security headers, static files │
├─────────────────────────────────┤
│ Flo.BE + Flo.FE │
│ .NET 9 API + Angular 21 SPA │
│ Port 10001 (internal) │
├─────────────────────────────────┤
│ PostgreSQL 16 │
│ Port 5432 (internal) │
└─────────────────────────────────┘
The Dockerfile uses a multi-stage build:
- SDK stage — Builds the .NET backend
- Node stage — Builds the Angular frontend
- Runtime stage — Alpine image with compiled output
Nginx serves the Angular SPA for all frontend routes and proxies /api/ requests to the .NET backend.
Nginx Configuration
nginx.conf.template includes:
- SSL — Cloudflare Origin certificates
- Security headers — HSTS, CSP, X-Frame-Options, Referrer-Policy
- Rate limiting — Per-IP limits on auth and public API endpoints
- File blocking — Blocks access to
.git,.env,.yaml, and other sensitive files - Upload proxy — Serves uploaded files from
/uploads/ - SPA routing — Falls back to
index.htmlfor Angular routes
Docker Images
Pre-built images are published to GitHub Container Registry:
# Production (from master branch)
docker pull ghcr.io/team-ledges/flo:latest
# Staging (from develop branch)
docker pull ghcr.io/team-ledges/flo:develop-latest
# Specific commit
docker pull ghcr.io/team-ledges/flo:master-abc1234
Health Checks
Docker Compose includes health checks for all services:
- Flo app — HTTP check on
/api/health - PostgreSQL —
pg_isreadycommand - Nginx — HTTP check on port 80
Monitoring
# Container status
sudo docker ps
# Application logs
sudo docker compose logs -f
# Flo app logs only
sudo docker logs -f flo
# Resource usage
sudo docker stats
Updating
cd ~/Flo
git pull
./deploy.sh --lite # Rebuild with cache
For a full clean rebuild:
./deploy.sh --rebuild