# Deployment

## Docker

The image is built from the repository. Inside the container the application listens on port **8080** and expects the data directory to be mounted at `/map` (database and grid images).

Example run:

```bash
docker run -v /srv/hnh-map:/map -p 80:8080 hnh-map
```

Or with environment variables:

```bash
docker run -v /srv/hnh-map:/map -p 8080:8080 \
  -e HNHMAP_PORT=8080 \
  -e HNHMAP_BOOTSTRAP_PASSWORD=your-secure-password \
  hnh-map
```

It is recommended to remove or stop passing `HNHMAP_BOOTSTRAP_PASSWORD` after initial setup.

To build the image locally:

```bash
docker build -t hnh-map .
```

## OAuth (Google)

To enable login via Google OAuth:

1. Create a project in [Google Cloud Console](https://console.cloud.google.com/).
2. Enable "Google+ API" / "Google Identity" and create an OAuth 2.0 Client ID (type "Web application").
3. In the client settings, add the Authorized redirect URI: `https://your-domain.com/map/api/oauth/google/callback` (replace with your domain).
4. Set the following environment variables:
   - `HNHMAP_OAUTH_GOOGLE_CLIENT_ID` — Client ID
   - `HNHMAP_OAUTH_GOOGLE_CLIENT_SECRET` — Client Secret
   - `HNHMAP_BASE_URL` — full application URL (e.g. `https://map.example.com`) for forming the redirect_uri. If not set, it is derived from the `Host` and `X-Forwarded-*` headers.

## Reverse proxy

Place the service behind nginx, Traefik, Caddy, etc. on the desired domain. Proxy all traffic to port 8080 of the container (or whichever port the application is listening on). The application serves the SPA at root `/` (/, /login, /profile, /admin, etc.), the API at `/map/api/`, SSE at `/map/updates`, and tiles at `/map/grids/`.

## Updates and backups

- When updating the image, preserve the volume at `/map`: it contains `grids.db` and tile image directories.
- Regularly back up the data directory (and use the admin panel "Export" feature if needed).