Deployment

This guide covers deploying Stowry in production environments.

Docker

Basic Docker Run

docker run -d \
  --name stowry \
  -p 5708:5708 \
  -v $(pwd)/config.yaml:/app/config.yaml:ro \
  -v $(pwd)/data:/app/data \
  ghcr.io/sagarc03/stowry:latest serve

Docker Compose

version: '3.8'

services:
  stowry:
    image: ghcr.io/sagarc03/stowry:latest
    container_name: stowry
    restart: unless-stopped
    ports:
      - "5708:5708"
    volumes:
      - ./config.yaml:/app/config.yaml:ro
      - stowry-data:/app/data
    command: serve
    healthcheck:
      test: ["CMD", "wget", "-q", "--spider", "http://localhost:5708/"]
      interval: 30s
      timeout: 10s
      retries: 3

volumes:
  stowry-data:

With PostgreSQL

version: '3.8'

services:
  stowry:
    image: ghcr.io/sagarc03/stowry:latest
    container_name: stowry
    restart: unless-stopped
    ports:
      - "5708:5708"
    environment:
      - STOWRY_DATABASE_TYPE=postgres
      - STOWRY_DATABASE_DSN=postgres://stowry:password@postgres:5432/stowry?sslmode=disable
      - STOWRY_DATABASE_AUTO_MIGRATE=true
    volumes:
      - ./config.yaml:/app/config.yaml:ro
      - stowry-data:/app/data
    command: serve
    depends_on:
      postgres:
        condition: service_healthy

  postgres:
    image: postgres:16-alpine
    container_name: stowry-db
    restart: unless-stopped
    environment:
      - POSTGRES_USER=stowry
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=stowry
    volumes:
      - postgres-data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U stowry"]
      interval: 5s
      timeout: 5s
      retries: 5

volumes:
  stowry-data:
  postgres-data:

Kubernetes

Basic Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: stowry
spec:
  replicas: 1
  selector:
    matchLabels:
      app: stowry
  template:
    metadata:
      labels:
        app: stowry
    spec:
      securityContext:
        runAsUser: 1000
        fsGroup: 1000  # Required for shared volume access
      containers:
        - name: stowry
          image: ghcr.io/sagarc03/stowry:latest
          args: ["serve"]
          ports:
            - containerPort: 5708
          volumeMounts:
            - name: config
              mountPath: /app/config.yaml
              subPath: config.yaml
              readOnly: true
            - name: data
              mountPath: /app/data
          resources:
            requests:
              memory: "64Mi"
              cpu: "100m"
            limits:
              memory: "256Mi"
              cpu: "500m"
      volumes:
        - name: config
          configMap:
            name: stowry-config
        - name: data
          persistentVolumeClaim:
            claimName: stowry-data

Storage Permissions Note

The storage directory is created with 0o700 (owner-only) permissions by default. For Kubernetes deployments where multiple containers or pods need access:

Use fsGroup in securityContext (shown above) - Kubernetes sets group ownership on mounted volumes
Pre-create the directory with 0o750 permissions if using init containers or sidecars that need read access
Use consistent runAsUser across deployments to maintain file ownership

Service and Ingress

apiVersion: v1
kind: Service
metadata:
  name: stowry
spec:
  selector:
    app: stowry
  ports:
    - port: 5708
      targetPort: 5708
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: stowry
spec:
  rules:
    - host: storage.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: stowry
                port:
                  number: 5708