Self-Hosting Guide
This guide provides step-by-step instructions for hosting your own instance of the SSI Backend.
Prerequisites
Before you begin, ensure you have the following installed on your system:
- Docker & Docker Compose: Recommended for managing dependencies like Postgres and Redis.
- Python 3.12+: Required if you plan to run the server directly or build from source.
- Poetry: Used for dependency management and local development.
Quick Start (Docker Compose)
The easiest way to get started is by using the provided docker-compose.yml file.
-
Clone the repository:
bash1git clone https://github.com/RemiZlatinis/ssi-backend.git 2cd ssi-backend -
Configure Environment Variables: Copy the example environment file and edit it with your settings:
bash1cp .env.example .envKey variables to set:
SECRET_KEY: A unique, long, random string.SQL_PASSWORD: Database password.CORS_ALLOWED_ORIGINS: Origins allowed to access the API (e.g., your frontend URL).
-
Start the Services:
bash1docker-compose up -dThis will start:
- Postgres: Database for storing configuration and status history.
- Valkey (Redis): Message broker for real-time updates and task queue.
- SSI Backend: The core Django application.
-
Run Migrations: The containers will automatically run migrations on startup through the entrypoint script.
Authentication Setup
Currently, SSI Backend supports authentication via Google OAuth2. Support for email/password authentication is planned for a future release if requested.
1. Create Google OAuth Credentials
- Go to the Google Cloud Console.
- Create a new project (or select an existing one).
- Go to APIs & Services > Credentials.
- Click Create Credentials > OAuth client ID.
- Select Web application as the application type.
- Add your backend URL to Authorized redirect URIs. The redirect URI pattern is:
https://your-backend-domain.com/api/auth/google/login/callback/ - Note down your
Client IDandClient Secret.
2. Configure Social Application in Django Admin
After starting the SSI Backend and running migrations, you need to register your Google Client in the database.
- Access the Django Admin panel at
https://your-backend-domain.com/admin/. - Login with a superuser account (Create one using
python manage.py createsuperuseror viadocker exec). - Under the Social Accounts section, click on Social applications.
- Click Add social application.
- Fill in the details:
- Provider: Google
- Name: SSI Google Auth (or any descriptive name)
- Client id: Your Google Client ID
- Secret key: Your Google Client Secret
- Select your site from Chosen sites (usually
example.comby default, but you should update the Site name/domain in the Sites section first). - Save the application.
Production Deployment
For production environments, it is recommended to use the optimized production Docker image.
Building the Production Image
We provide a Dockerfile.prod and a helper script build-prod.sh (or build-prod.bat on Windows) to build a smaller, more secure image.
1# On Linux/macOS
2./build-prod.sh
3
4# On Windows (native)
5build-prod.batThis will create an image tagged as ssi-backend:prod.
Running in Production
Use the docker-compose.prod.yml file for production deployments:
1docker-compose -f docker-compose.prod.yml up -dSecurity Considerations
- Reverse Proxy: Always run the SSI Backend behind a reverse proxy like Nginx or Caddy to handle SSL/TLS termination.
- Environment Secrets: Ensure
.envfiles are not committed to version control and are stored securely. - Database Backups: Implement regular backups for the Postgres database. We include a
dbbackup_adminapp that can be configured for automated backups.
Manual Installation (No Docker)
If you prefer to run the backend natively:
-
Install Dependencies:
bash1poetry install -
Configure Services: Ensure you have Postgres and Redis/Valkey running locally and accessible.
-
Run Migrations & Start:
bash1poetry run python manage.py migrate 2poetry run python manage.py runserver
:::important > When running natively, ensure the environment variables in .env correctly point to your local service instances.
:::