This document explains how deployment works internally in the ShatteredArchive repository, including Docker Compose, certificates, Dockerfiles, and nginx routing.
File: deploy/docker-compose.yml
Docker Compose is responsible for:
- Creating a shared bridge network
- Starting all services
- Providing stable DNS names
- Mounting configuration and certificates
- Exposing nginx to the host
Each service name becomes a DNS hostname:
game-client -> http://game-client
web-client -> http://web-client
game-server -> http://game-server
web-server -> http://web-server
nginx relies on these names when proxying traffic.
The project uses .dev subdomains for realism and isolation.
Examples:
game-client.shatteredarchive.devweb-server.shatteredarchive.dev
A one‑time script updates the system hosts file so these domains resolve
to 127.0.0.1.
Docker itself is not involved in DNS resolution on the host.
Certificates are created outside Docker using mkcert.
- Trusted by the local OS/browser
- No warnings
- No runtime certificate generation
- No ACME / Let's Encrypt complexity
mkcert (host)
|
v
deploy/nginx/certs/*.pem
|
v
mounted read‑only into nginx container
nginx simply loads the files at startup.
Client Dockerfiles use a two‑stage build:
- Node build stage
- installs dependencies
- builds the SPA
- nginx runtime stage
- serves static files on port 80
The client containers do not expose ports to the host.
Server Dockerfiles:
- Build all workspace dependencies once
- Copy compiled output into a runtime image
- Start Node directly
Environment variables control ports, logging, and TLS behavior.
File: deploy/nginx/edge-subdomains.conf
Responsibilities:
- Redirect HTTP → HTTPS
- Terminate TLS
- Route requests by
server_name - Proxy WebSockets
Example routing logic:
server_name game-client.shatteredarchive.dev;
proxy_pass http://game-client;nginx talks to containers only over the Docker network.
| Component | Exposed to Host |
|---|---|
| nginx | 80, 443 |
| clients | no |
| servers | no |
All external traffic flows through nginx.
| Symptom | Likely Cause |
|---|---|
| 502 Bad Gateway | Wrong internal port |
| TLS error | Cert path mismatch |
| Connection closed | nginx upstream unreachable |
| Styling missing | stale client build |
| Host resolves, no response | nginx not listening |
- Dockerfiles build images
- Compose wires them together
- mkcert handles trust
- nginx is the only door in or out
pnpm setup:hosts
pnpm setup:certs
docker compose up --build
After initial setup, day‑to‑day usage is typically just:
docker compose up
Shattered Archive recommends an Ubuntu Setup