mafwr-dashboard / docs/README.md

Production Environment Documentation

Last updated: 4/16/2026GitHub

Production Environment Documentation

Overview

This document provides essential information about the production environment setup, including server configurations, network access points, and contact information for support.

Deployment Architecture

Server Information

Server Type: Windows Server
Internal IP Address: 10.186.7.186
Environment: Production
Docker Compose and config files are located at: Desktop\mafwr-prod on the production server
We are using docker desktop on hyper-v

Deployment Endpoints

Internal Network Deployment

URL: http://10.186.7.186:8333
Access: Available only within the internal network
Purpose: Internal access and management

External Network Deployment

URL: https://agriculture.ecensus.gov.om
Internal Mapping: http://10.186.7.186:8334
Configuration: Traffic routed through DMZ server using Nginx

Building Images

Web Images

Two images are required:

One for external access via HTTPS (https://agriculture.ecensus.gov.om)
One for internal access via HTTP (http://10.186.7.186:8333)

Important: Before building, comment/uncomment the correct .env.production lines depending on the target.

Build commands:

# External HTTPS Web Image
DOCKER_BUILDKIT=1 docker build . --no-cache \
  -t ghcr.io/rihal-om/mafwr-dashboard/web:agriculture-ecensus-03-08-2025-p2 \
  --secret id=github,src=$HOME/.npmrc

# Internal HTTP Web Image
DOCKER_BUILDKIT=1 docker build . --no-cache \
  -t ghcr.io/rihal-om/mafwr-dashboard/web:internal-8333-03-08-2025-p2 \
  --secret id=github,src=$HOME/.npmrc

Server Image

Only one image is needed for the backend server:

DOCKER_BUILDKIT=1 docker build . --no-cache \
  -t ghcr.io/rihal-om/mafwr-dashboard/server:03-08-2025-p1

Tag images with build date.

Since the production server is air-gapped, image transfers must be coordinated with ROP:

Save the built Docker images and copy them to a USB flash drive.
Hand over the flash drive to ROP personnel.
They will move the files to the rihal share folder on the air-gapped production server.

Network Configuration

DMZ Server Setup

The external domain is configured to route through a DMZ server with Nginx, which forwards requests to the internal server on port 8334.

# Example Nginx configuration for DMZ server
server {
    listen 80;
    server_name agriculture.ecensus.gov.om;

    location / {
        proxy_pass http://10.186.7.186:8334;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Support Contact Information

For server access or any production-related assistance, please contact:

Ghassan Al Kulaibi
Omaima AlKharusi

Maintenance Procedures

Scheduled Maintenance

[Add information about regular maintenance schedules]

Emergency Procedures

[Add information about emergency maintenance procedures]