Deploying a document platform with Docker Compose
6 August 2025 · 8 min read · Nextarp B.V.
Shipping as a container makes deployment simple; running it well in production takes a few deliberate choices. Here is a checklist for a solid Docker Compose deployment.
Pick and pin a database
Point the app at a managed or well-run database (PostgreSQL is a sensible default) rather than a throwaway container volume. Pin image tags - never latest - so a redeploy is reproducible.
Handle secrets properly
- Inject connection strings, signing-key material and admin credentials as secrets or environment variables, not baked into the image.
- Rotate the default admin password on first run.
- Keep signing keys in a mounted secret or an external KMS/HSM.
Terminate TLS
Put the service behind a reverse proxy or load balancer that handles TLS and certificate renewal, and redirect HTTP to HTTPS. Do not expose the app's plain HTTP port publicly.
Health checks and restarts
Define a health endpoint and a container health check so orchestration restarts a wedged instance. Set sensible resource limits - document rendering is CPU and memory hungry.
Persist and back up
Back up the database and any document storage on a schedule, and test a restore. Store the previous image tag so a bad release can be rolled back with one command.
Observe
Ship logs and basic metrics somewhere you will actually look. A quiet, observable deployment is the goal - boring is a feature.
Related articles
- Running document generation fully air-gapped · DevOps
- eIDAS explained: AdES, QES and QSeal for documents · Compliance
- AI-assisted template authoring in Microsoft Word · Product
