This is a Docker Compose based deployment of nautilus-wallet.
See also: https://github.com/ntls-io/nautilus-wallet/wiki/Deployments
This runs nginx-proxy and exposes ports 80 and 443, forwarding HTTP requests through to the other services (which listen on internal ports).
TLS certificates are mounted from /etc/nginx/certs on the host, and the proxied services use VIRTUAL_HOST and CERT_NAME to configure which host name and certificate should proxy to them.
These run the individual Wallet TEEs using the host's SGX devices, each with a Docker volume to persist wallet state (/app/wallet_store).
This runs the Asset Services API endpoint, Celery worker, and Redis (Celery broker backend).
The Redis broker persists short-lived state (limited to Celery task queue messages and results) in a Docker volume.
The Celery worker uses environment variables for credentials and configuration: see the asset-services docker-compose.yaml.
In addition to the application configuration, the following three GitHub Actions environment values determine access to the deployment target:
DOCKER_HOST: The Docker target host, in the formatssh://user@target-hostSSH_KEY: The SSH private key to connect withSSH_KNOWN_HOSTS: The target host's SSH public key
A new SSH private key may be generated using a command like:
ssh-keygen -t ed25519 -f id-nautilus-wallet-demo -C 'nautilus-wallet-demo GitHub Actions' -N ''
The value of SSH_KNOWN_HOSTS may be obtained from:
ssh-keyscan -t ed25519 'target-host'