Prerequisites
- Docker Engine 24.0+
- Docker Compose v2.20+
- At least 4GB RAM available
- PostgreSQL client (for migrations)
Quick Start
1. Clone the Repository
git clone https://github.com/fubak/agent-action-firewall.git
cd agent-action-firewall
2. Generate Secure Credentials
Run the setup script to generate secure credentials:
./scripts/docker-setup.sh
This creates a .env.docker file with secure random passwords. Never commit this file to version control.
3. Start Services
docker compose up -d
This starts:
- PostgreSQL 16 - Database on port 5432
- OPA - Policy engine on port 8181
4. Run Database Migrations
# Using Supabase CLI
supabase db push
# Or manually
psql $DATABASE_URL -f supabase/migrations/*.sql
5. Start the Application
# API server
pnpm --filter @aaf/api start
# Web dashboard
pnpm --filter @aaf/web start
# Background worker
pnpm --filter @aaf/worker start
Configuration
Environment Variables
Create a .env file with the following:
# Database
DATABASE_URL=postgres://aaf_user:your_password@localhost:5432/aaf_db
# Supabase Auth
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_JWT_SECRET=your-jwt-secret
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
# API Configuration
PORT=3001
HOST=0.0.0.0
NODE_ENV=production
# Security
ENCRYPTION_MASTER_KEY=your-32-byte-hex-key
# Optional: Stripe
STRIPE_SECRET_KEY=sk_live_...
STRIPE_WEBHOOK_SECRET=whsec_...
# Optional: Email (Resend)
RESEND_API_KEY=re_...
Docker Compose Override
For production, create docker-compose.override.yml:
services:
postgres:
deploy:
resources:
limits:
cpus: '2'
memory: 4G
reservations:
cpus: '1'
memory: 2G
opa:
deploy:
resources:
limits:
cpus: '1'
memory: 1G
Production Deployment
Using Docker Images
Build production images:
# Build API
docker build -t aaf-api:latest -f docker/Dockerfile.api .
# Build Web
docker build -t aaf-web:latest -f docker/Dockerfile.web .
# Build Worker
docker build -t aaf-worker:latest -f docker/Dockerfile.worker .
Full Production Stack
# docker-compose.prod.yml
services:
api:
image: aaf-api:latest
ports:
- "3001:3001"
environment:
- DATABASE_URL=${DATABASE_URL}
- NODE_ENV=production
depends_on:
- postgres
- opa
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3001/health"]
interval: 30s
timeout: 10s
retries: 3
web:
image: aaf-web:latest
ports:
- "3000:3000"
environment:
- NEXT_PUBLIC_API_URL=http://api:3001
depends_on:
- api
worker:
image: aaf-worker:latest
environment:
- DATABASE_URL=${DATABASE_URL}
depends_on:
- postgres
postgres:
image: postgres:16-alpine
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=aaf_db
opa:
image: openpolicyagent/opa:latest-static
command: ["run", "--server", "--addr=0.0.0.0:8181"]
volumes:
postgres_data:
Health Checks
Verify all services are running:
# API health
curl http://localhost:3001/health
# OPA health
curl http://localhost:8181/health
# PostgreSQL
pg_isready -h localhost -p 5432
Troubleshooting
Database connection failed
Check that PostgreSQL is running and the connection string is correct:
docker compose logs postgres
psql $DATABASE_URL -c "SELECT 1"
OPA not responding
Verify OPA is running and policies are loaded:
docker compose logs opa
curl http://localhost:8181/v1/policies
Migrations failed
Ensure the database exists and user has permissions:
psql $DATABASE_URL -c "CREATE DATABASE aaf_db"
Backup & Recovery
Database Backup
# Create backup
docker compose exec postgres pg_dump -U aaf_user aaf_db > backup.sql
# Restore from backup
docker compose exec -T postgres psql -U aaf_user aaf_db < backup.sql
Volume Backup
# Backup volumes
docker run --rm -v agent-action-firewall_postgres_data:/data \
-v $(pwd):/backup alpine tar czf /backup/postgres_data.tar.gz /data
Scaling
For high availability, use Docker Swarm or Kubernetes:
# Scale API replicas
docker compose up -d --scale api=3
See Kubernetes Deployment for production-grade orchestration.