14a73c63ac
- Add reedsolo>=1.7.0 to Dockerfile and Dockerfile.base for DCT error correction (fixes DCT decode failures in container) - Update all documentation to use docker/docker-compose.yml paths Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
3.5 KiB
Docker Deployment
Stegasoo provides Docker images for both the Web UI and REST API.
Quick Start
# Build and start all services
docker-compose -f docker/docker-compose.yml up -d
# Check status
docker-compose -f docker/docker-compose.yml ps
Access:
- Web UI: https://localhost:5000 (HTTPS with self-signed cert)
- REST API: http://localhost:8000
Services
| Service | Port | Description |
|---|---|---|
web |
5000 | Flask Web UI with authentication |
api |
8000 | FastAPI REST API |
Configuration
Environment Variables
Create a .env file or set these variables:
# Channel key for private group communication (optional)
STEGASOO_CHANNEL_KEY=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX
# Web UI authentication (default: enabled)
STEGASOO_AUTH_ENABLED=true
# HTTPS support (default: enabled, generates self-signed cert)
STEGASOO_HTTPS_ENABLED=true
STEGASOO_HOSTNAME=localhost
# To disable HTTPS:
# STEGASOO_HTTPS_ENABLED=false
Volume Mounts
Persistent data is stored in Docker volumes:
| Volume | Purpose |
|---|---|
stegasoo-web-data |
User database, session data |
stegasoo-web-certs |
SSL certificates (if HTTPS enabled) |
Building
Standard Build (Recommended)
Uses a pre-built base image with all dependencies:
# First time only: build the base image
docker build -f docker/Dockerfile.base -t stegasoo-base:latest .
# Build services (fast - only copies app code)
docker-compose -f docker/docker-compose.yml build
Full Build (No Base Image)
If you don't have the base image, the Dockerfile will build all dependencies (slower):
docker-compose -f docker/docker-compose.yml build
Commands
# Start services
docker-compose -f docker/docker-compose.yml up -d
# View logs
docker-compose -f docker/docker-compose.yml logs -f
# Stop services
docker-compose -f docker/docker-compose.yml down
# Rebuild after code changes
docker-compose -f docker/docker-compose.yml build && docker-compose -f docker/docker-compose.yml up -d
# Full rebuild (no cache)
docker-compose -f docker/docker-compose.yml build --no-cache
Resource Limits
Each container is configured with:
- Memory limit: 768 MB
- Memory reservation: 384 MB
This accounts for Argon2id's 256 MB RAM requirement during key derivation.
Health Checks
Both services include health checks:
- Interval: 30 seconds
- Timeout: 10 seconds
- Start period: 5 seconds
- Retries: 3
Check health status:
docker-compose -f docker/docker-compose.yml ps
Production Deployment
For production, consider:
-
Enable HTTPS:
STEGASOO_HTTPS_ENABLED=true STEGASOO_HOSTNAME=your-domain.com -
Use secrets for channel key:
# Don't commit .env files with secrets export STEGASOO_CHANNEL_KEY=your-key docker-compose -f docker/docker-compose.yml up -d -
Reverse proxy: Put behind nginx/traefik for TLS termination
-
Backup volumes:
docker run --rm -v stegasoo-web-data:/data -v $(pwd):/backup \ alpine tar czf /backup/stegasoo-backup.tar.gz /data
Troubleshooting
Container won't start
# Check logs
docker-compose -f docker/docker-compose.yml logs web
docker-compose -f docker/docker-compose.yml logs api
Out of memory
Increase Docker's memory allocation or reduce worker count in docker/Dockerfile.
Permission errors
The containers run as non-root user stego (UID 1000). Ensure volume permissions match.