path: root/CONTAINER.md

# FCTDrive Container Deployment

This document explains how to build and run the FCTDrive application as a container.

## Prerequisites

1. **Build the binaries locally first:**
   ```bash
   # Build the Rust CLI tool
   just build  # or: cargo build --release --target-dir target/
   
   # Build the frontend (optional, done in container)
   cd frontend && npm run build
   ```

2. **Container runtime** (podman, docker, etc.)

## Building the Container

```bash
# Build the container image
podman build -t fctdrive:latest .

# Or with docker
docker build -t fctdrive:latest .
```

## Running the Container

```bash
# Run with volumes for persistent data
podman run -d \
  --name fctdrive \
  -p 3000:3000 \
  -v ./blobs:/app/blobs:Z \
  -v ./data:/app/data:Z \
  -e TINYAUTH_ENDPOINT=http://localhost:3001 \
  -e TINYAUTH_PUBLIC_ENDPOINT=http://localhost:3001 \
  -e FCTDRIVE_PATH=/app/data \
  fctdrive:latest
```

## Environment Variables

- `TINYAUTH_ENDPOINT` - Internal TinyAuth server URL
- `TINYAUTH_PUBLIC_ENDPOINT` - Public TinyAuth server URL (for browser redirects)
- `FCTDRIVE_PATH` - Path to the drive data directory
- `NODE_ENV=production` (set automatically)
- `HOSTNAME=0.0.0.0` (set automatically)

## Volume Mounts

- `/app/blobs` - Blob storage directory
- `/app/data` - Drive metadata/database directory

## Container Features

- **Base image**: Fedora 42
- **Runtime**: Node.js + npm
- **Binary**: Pre-built `fctdrive` binary in PATH
- **User**: Non-root user `fctdrive`
- **Port**: 3000 (Next.js server)
- **Build**: Production Next.js build

## Security

- Runs as non-root user (`fctdrive:fctdrive`)
- Only production dependencies installed
- Minimal attack surface with focused .containerignore

## Development vs Production

This container is designed for production deployment. For development:
- Use `just dev` for hot-reloading
- Mount source code as volumes
- Use development dependencies