This guide is for developers with little Docker experience.
Goal: run WaterLevel.Pro in minutes with Docker, verify it works, and understand what each step does.
- Production VPS handoff (AI-agent, fastest path)
- 0) What you need before starting
- 1) Clone the repository (required)
- 2) Create
.envfrom the template - 3) Choose your setup scenario
- 4) Start services
- 5) Verify everything works
- 6) Useful day-to-day commands
- 7) Common issues (quick fixes)
- 8) Note about public image
If your goal is a real VPS deployment (including Cloudflare options), use the dedicated handoff flow:
- Guide:
docs/DEPLOY_VPS_AI_AGENT_README.md - Fillable input template:
docs/ai/DEPLOY_AGENT_INPUT_TEMPLATE.yaml - Ready-to-paste chat prompt:
docs/ai/DEPLOY_CHAT_PROMPT_TEMPLATE.md
This Docker quick-start remains focused on local/initial runtime bring-up.
- Git (to clone the repository).
- Docker Engine + Docker Compose plugin (
docker compose). - Ports
80and443available on your machine/server.
git --version
docker --version
docker compose versionIf any command fails, install that tool first and run the checks again.
This step is required because the repo contains:
docker/docker-compose.yml(container topology)ext_conf/docker/nginx.conf.template(web/api routing)- scripts (
docker/up.sh,scripts/docker_smoke_test.sh) - cron config, static files, and demo database source
Commands:
git clone https://github.com/rrguardo/WaterLevel.Pro.git
cd WaterLevel.ProOptional (if you want a specific branch):
git checkout mainFrom the repo root:
cp .env.example .envThis creates your local environment variable file.
Note:
docker/up.shcan auto-create.envif missing, but creating it manually first is better for understanding what is configured.
In .env, keep these values:
WLP_BASE_DOMAIN=localhost
WLP_API_SUBDOMAIN=api
WLP_SSL_CERT_PATH=/etc/nginx/certs/localhost.crt
WLP_SSL_KEY_PATH=/etc/nginx/certs/localhost.keyNotes:
- Local certs are already included in
ext_conf/docker/certs/. - If cert/key are missing, Nginx auto-generates a temporary self-signed cert.
- Browsers may show a TLS warning in local mode (normal with self-signed certs).
Example:
- Web:
example.com - API:
api.example.com
Checklist:
- Point DNS A/AAAA for both hostnames to the same server.
- Issue TLS certificates for both hostnames.
- Place cert/key files and update
.env.
Example values:
WLP_BASE_DOMAIN=example.com
WLP_API_SUBDOMAIN=api
WLP_SSL_CERT_PATH=/etc/nginx/certs/fullchain.pem
WLP_SSL_KEY_PATH=/etc/nginx/certs/privkey.pemProject recommendation: keep API as a subdomain of the same base domain.
./docker/up.shdocker compose -f docker/docker-compose.yml up -d --buildExpected services:
appnginxcrongoaccess
Container status:
docker compose -f docker/docker-compose.yml psOfficial project smoke test:
./scripts/docker_smoke_test.shSmoke test checks:
http -> httpsredirect- web host (
/ping) returnsPONG - api host (
/linkwithout params) returnsFAIL
Quick manual checks:
- Web:
https://localhost - API:
https://api.localhost/link
View logs:
./docker/logs.shStop stack:
./docker/down.shRebuild only cron (after editing ext_conf/crontab.ini):
docker compose -f docker/docker-compose.yml up -d --build cron-
Nginx TLS does not start
- Check
WLP_SSL_CERT_PATHandWLP_SSL_KEY_PATH. - Ensure files exist at expected paths in the container.
- Check
-
.envchanges are not applied- Recreate with build:
docker compose -f docker/docker-compose.yml up -d --build
-
API host shows web content
- Check
WLP_API_SERVER_NAMEand confirm you are using the correct hostname.
- Check
-
Real domain is not reachable
- Check DNS and firewall/NAT for ports
80and443.
- Check DNS and firewall/NAT for ports
By default, Compose uses WLP_APP_IMAGE (for example rguardo/waterlevel-pro:latest) and can also build locally (docker/Dockerfile) when using --build.
If you want to pre-pull the image:
docker pull rguardo/waterlevel-pro:latest