dar-alatta / docs/prod/deploy_backend/README.md

Deploying the backend

Dar Al Atta's application and website

Last updated: 4/16/2026GitHubDar Al Atta

Deploying the backend

1. Services and VMs overview

The backend contains the following services:

  1. API, written in Go
  2. Strapi, as an admin dashboard
  3. Postgres, which contains api and strapi databases
  4. Metabase, for data analytics
  5. Redis, for caching

And we have 3 VMs from ODP:

  1. Postgres
    • IP: 10.8.122.54
    • Creds: $VM_POSTGRES (in vaultwarden)
    • Services deployed: only Postgres
  2. API:
    • IP: 10.8.122.39
    • Creds: $VM_API (in vaultwarden)
    • Services deployed: docker compose
  3. Backup:
    • IP: 10.8.122.38
    • Creds: $VM_BACKUP (in vaultwarden)
    • Services deployed: contains the backup for strapi's media folder and the postgres data

2. Accessing the VMs

To access the VMs, you have to have install FortiClient login using the credentials given by ODP.

There are 2 options to accessing the VPN explained below.

2.1. FortiClient Desktop App - GUI

Can be downloaded from here. Download the "FortiClient VPN-only" version.

Once downloaded, add the following configuration to log in:

  • Remote gateway: 193.203.254.178
  • Port: 8443
  • Authentication: click on "Save login"
  • Username: <your username>
  • Password: <your password>

2.2. openfortivpn - CLI

Can be downloaded from here.

Once downloaded, do the following:

# First, run this using the username given by ODP
sudo openfortivpn 193.203.254.178:8443 -u <username>

# Then, you should get this error
ERROR:  Gateway certificate validation failed, and the certificate digest is not in the local whitelist. If you trust it, rerun with:
ERROR:      --trusted-cert <cert_hash>
ERROR:  or add this line to your configuration file:
ERROR:      trusted-cert = <cert_hash>

# Copy the cert hash and run this command
openfortivpn 193.203.254.178:8443 -u <username> --trusted-cert <cert_hash>

NOTE:

  • In both methods, you'll receive an email that contains an OTP to continue logging in. If you are using FortiToken mobile app, you'll be notified to approve the login.

3. Initial setup

This document go into detail on how to install and configure dependencies in production servers for the first time.

4. Running the docker compose

To run the production docker compose, there are specific instructions that you need to follow that are described in detail here.

5. General notes

After running the compose file, keep in mind the following:

  1. When running the API, it connects to strapi at the startup, so if you see an error connecting to strapi, run docker compose restart api and it should work.
  2. The API VM have access via a local network to the old MSSQL database to migrate users and donations data. Check this script.
  3. We have a background job in strapi to migrate donations data from api to strapi db, however, initially we need to migrate +3 million rows from API db to strapi DB. To do that faster, check this file. Note that this is already done.