admin/Backend-Api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
04cb584ae3aa0e55790511c38cf828b32ecf6648
Backend-Api/CONFIGURATION_SUMMARY.md

7.1 KiB
Raw Blame History

Docker Bind Mounts Configuration - Summary

What Was Changed

1. docker-compose.yml

Before:

volumes:
  - ./ServiceHost/certs:/app/certs:ro
  - app_storage:/app/Storage      # ❌ Docker volume
  - app_logs:/app/Logs             # ❌ Docker volume

volumes:
  app_storage:
    driver: local
  app_logs:
    driver: local

After:

volumes:
  # ✅ Bind mounts for production-critical data on Windows host
  - ./ServiceHost/certs:/app/certs:ro
  - D:/AppData/Faces:/app/Faces
  - D:/AppData/Storage:/app/Storage
  - D:/AppData/Logs:/app/Logs

# ✅ No volumes section needed

2. New Files Created

  • DOCKER_BIND_MOUNTS_SETUP.md - Complete documentation
  • setup-bind-mounts.ps1 - Automated setup script
  • QUICK_REFERENCE.md - Quick command reference

Path Mapping

Container (Linux paths) Windows Host (forward slash) Actual Windows Path
/app/Faces D:/AppData/Faces D:\AppData\Faces
/app/Storage D:/AppData/Storage D:\AppData\Storage
/app/Logs D:/AppData/Logs D:\AppData\Logs

Note: Docker Compose on Windows accepts both D:/ and D:\ but prefers forward slashes.

Application Code Compatibility

Your application uses:

Path.Combine(env.ContentRootPath, "Faces");    // → /app/Faces
Path.Combine(env.ContentRootPath, "Storage");  // → /app/Storage

Where env.ContentRootPath = /app in the container.

No code changes required! The bind mounts map directly to these paths.

Setup Instructions

Option 1: Automated Setup (Recommended)

# Navigate to project directory
cd D:\GozareshgirOrginal\OriginalGozareshgir

# Run setup script with permissions
.\setup-bind-mounts.ps1 -GrantFullPermissions

# Start the application
docker-compose up -d

Option 2: Manual Setup

# 1. Create directories
New-Item -ItemType Directory -Force -Path "D:\AppData\Faces"
New-Item -ItemType Directory -Force -Path "D:\AppData\Storage"
New-Item -ItemType Directory -Force -Path "D:\AppData\Logs"

# 2. Grant permissions
icacls "D:\AppData\Faces" /grant Everyone:F /T
icacls "D:\AppData\Storage" /grant Everyone:F /T
icacls "D:\AppData\Logs" /grant Everyone:F /T

# 3. Start the application
docker-compose up -d

Verification Checklist

After starting the container:

  1. Check if directories are mounted:

    docker exec gozareshgir-servicehost ls -la /app

    Should show: Faces/, Storage/, Logs/

  2. Test write access from container:

    docker exec gozareshgir-servicehost sh -c "echo 'test' > /app/Storage/test.txt"
Get-Content D:\AppData\Storage\test.txt  # Should display: test
Remove-Item D:\AppData\Storage\test.txt

  3. Test write access from host:

    "test from host" | Out-File "D:\AppData\Storage\host-test.txt"
docker exec gozareshgir-servicehost cat /app/Storage/host-test.txt
Remove-Item D:\AppData\Storage\host-test.txt

  4. Check application logs:

    docker logs gozareshgir-servicehost --tail 50
# Or directly on host:
Get-Content D:\AppData\Logs\gozareshgir_log.txt -Tail 50

Data Persistence Guarantees

Files persist through:

  • docker-compose down
  • docker-compose restart
  • Container removal (docker rm)
  • Image rebuilds (docker-compose build)
  • Server reboots (with restart: unless-stopped)

Direct access:

  • Files can be accessed from Windows Explorer at D:\AppData\*
  • Can be backed up using Windows Backup, robocopy, or any backup software
  • Can be edited directly on the host (changes visible in container immediately)

⚠️ Data does NOT survive:

  • Deleting the host directories (D:\AppData\*)
  • Formatting the D: drive
  • Without regular backups, hardware failures

Production Checklist

Before deploying to production:

  • Run setup-bind-mounts.ps1 -GrantFullPermissions
  • Verify disk space on D: drive (at least 50 GB recommended)
  • Set up scheduled backups (see DOCKER_BIND_MOUNTS_SETUP.md)
  • Replace Everyone with specific service account for permissions
  • Enable NTFS encryption for sensitive data (optional)
  • Test container restart: docker-compose restart
  • Test data persistence: Create a test file, restart container, verify file exists
  • Configure monitoring for disk space usage

Security Recommendations

  1. Restrict permissions (production):

    # Replace Everyone with specific account
icacls "D:\AppData\Faces" /grant "DOMAIN\ServiceAccount:(OI)(CI)F" /T
icacls "D:\AppData\Storage" /grant "DOMAIN\ServiceAccount:(OI)(CI)F" /T
icacls "D:\AppData\Logs" /grant "DOMAIN\ServiceAccount:(OI)(CI)F" /T

  2. Enable encryption for sensitive data:

    cipher /e "D:\AppData\Faces"
cipher /e "D:\AppData\Storage"

  3. Set up audit logging:

    auditpol /set /subcategory:"File System" /success:enable /failure:enable

Backup Strategy

Scheduled Backup (Recommended)

# Create daily backup at 2 AM
$action = New-ScheduledTaskAction -Execute "robocopy" -Argument '"D:\AppData" "D:\Backups\AppData" /MIR /Z /LOG:"D:\Backups\backup.log"'
$trigger = New-ScheduledTaskTrigger -Daily -At 2am
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "GozareshgirBackup" -Description "Daily backup of Gozareshgir data"

Manual Backup

$timestamp = Get-Date -Format "yyyyMMdd_HHmmss"
robocopy "D:\AppData" "D:\Backups\AppData_$timestamp" /MIR /Z

Troubleshooting

Issue: Container starts but files not appearing

Solution:

# Check mount points
docker inspect gozareshgir-servicehost --format='{{json .Mounts}}' | ConvertFrom-Json

# Verify directories exist
Test-Path D:\AppData\Faces
Test-Path D:\AppData\Storage
Test-Path D:\AppData\Logs

Issue: Permission denied errors

Solution:

# Re-grant permissions
icacls "D:\AppData\Faces" /grant Everyone:F /T
icacls "D:\AppData\Storage" /grant Everyone:F /T
icacls "D:\AppData\Logs" /grant Everyone:F /T

Issue: Out of disk space

Solution:

# Check disk usage
Get-ChildItem D:\AppData -Recurse | Measure-Object -Property Length -Sum

# Clean old log files (example: older than 30 days)
Get-ChildItem D:\AppData\Logs -Recurse -File | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(-30)} | Remove-Item

Support & Documentation

  • Full Documentation: DOCKER_BIND_MOUNTS_SETUP.md
  • Quick Reference: QUICK_REFERENCE.md
  • Setup Script: setup-bind-mounts.ps1

Migration from Docker Volumes (If applicable)

If you previously used Docker volumes, migrate the data:

# 1. Stop the container
docker-compose down

# 2. Copy data from old volumes to host
docker run --rm -v old_volume_name:/source -v D:/AppData/Storage:/dest alpine cp -av /source/. /dest/

# 3. Start with new bind mounts
docker-compose up -d

Configuration Date: January 2026
Tested On: Windows Server 2019/2022 with Docker Desktop
Status: Production Ready

Reference in New Issue View Git Blame Copy Permalink