Prerequisites

TIB-Trader — Prerequisites

This checklist gets a fresh machine ready to run the stack (dev or staging) from scratch after cache/data cleanup.

Host OS

• Windows Server 2025 Standard (or Windows 10/11 Pro) with Docker Desktop (WSL2 backend) enabled.
• Alternatively any modern Linux (Debian/Ubuntu/RHEL) with Docker Engine + docker-compose plugin.
• Git 2.39+ installed.

Runtime & Tooling

• Python 3.13 installed (for local scripts; containers ship 3.13).
• Docker Engine 24+ / Docker Desktop 4.35+.
• Compose v2 plugin (docker compose CLI).
• Optional: make, jq, curl, openssl for local ops.
• Workstation sudo password (when prompted): use your local admin credentials (never bake into code).

Networking

• External Docker network TIB_NETWORK must exist before docker compose up:
  docker network create TIB_NETWORK (one‑time).
• Ports required on host/firewall: 80/443 (nginx), 5432 (Postgres if exposed), 5050 (pgAdmin if exposed).

Secrets & Config

• Ensure env files exist in env/ (templates may be in env/examples/ if provided):
• env/.env.django → set DJANGO_SECRET_KEY, ENCRYPTION_KEY, DANGER_ZONE_PASSWORD, DEFAULT_ADMIN_PASSWORD, DB creds.
• env/.env.postgres
• env/.env.pgadmin (optional)
• SSL certificates: keep volumes TIB-SSL-Lib and TIB-SSL-Logs intact; they store the Let’s Encrypt live chain and private key.

Database TLS (current)

• Postgres uses domain certs mounted at /certs and copies them into PGDATA/ssl.
• Django expects DB_SSLMODE=verify-full and DB_SSLROOTCERT=/etc/ssl/certs/ca-certificates.crt.
• DB host inside Docker is tib-trader.com (network alias) to satisfy hostname checks.
• For existing volumes, re-apply SSL with: bash ./scripts/shell/21_enable_postgres_ssl.sh

IDE note (PyCharm/VS Code)

• Point the interpreter to the project venv: D:\PythonProject\TIB-Trader\.venv\Scripts\python.exe (or ./.venv/bin/python on Linux/WSL).
• Interpreter should match container Python (3.13) to align with the compile guard.

Data & Volumes (clean start)

• After cleanup, only SSL volumes should remain. Recreate data volumes automatically via docker compose up -d.
• If restoring data, place SQL dumps in docker/postgres/init/ before first start, or docker compose exec postgres psql < dump.sql.

First-time Bring-up (sequential)

1) docker network create TIB_NETWORK (if not already).
2) mkdir -p certs/letsencrypt (git-ignored).
3) Fill env files (see above).
4) docker compose up -d --build fluent-bit postgres pgadmin django wiki nginx
5) Migrations: docker compose exec django python manage.py migrate
6) (Optional) UI index: docker compose exec django python manage.py sync_ui_elements
7) Access app at http://app.tib-trader.com (or your host/port); pgAdmin at /pgadmin/.

Quick bootstrap (Windows Desktop or WSL)

• Requirements: Docker Desktop (WSL2 backend enabled), WSL installed, python on PATH.
• From repo root, run either:
• Interactive menu: python -m console.menu → option 7 (runs migrate + UI sync + seeds Admin/Andrew/Tib).
• Non-interactive: python scripts/python/10_bootstrap_dev.py (same actions; set SEED_USERS=0 to skip user seeding).
• Both commands start postgres+django containers if they are not already running.

Caching

• Redis container (TIB-REDIS) is part of compose; default cache URL redis://redis:6379/1.
• Production: prefer managed Redis with TLS+auth, e.g. rediss://:strongpass@redis.example.com:6380/1. Set via REDIS_URL in env/.env.django.

TIB-Trader SSL prep

• DNS should point app.tib-trader.com and wiki.tib-trader.com to the target host.
• Use Let’s Encrypt when on that host/IP so ACME can validate:
  1) cp env/examples/.env.tib.example env/.env.tib && edit env/.env.tib (set LETSENCRYPT_EMAIL).
  2) source env/.env.tib
  3) docker compose run --rm --service-ports certbot-init -d ${APP_DOMAIN} -d ${WIKI_DOMAIN} --email ${LETSENCRYPT_EMAIL} --agree-tos --no-eff-email
• Keep cert volumes intact (TIB-SSL-*). Nginx default cert paths: /etc/letsencrypt/live/<primary-domain>/fullchain.pem and privkey.pem. If switching primary domain, adjust docker/nginx/conf.d/app.https.conf server_name/cert paths accordingly.
• Reference env for this site: env/examples/.env.tib.example (email + hostnames).

Dev UX Profile

• Desktop-only layout tuned for 1080p at 125% Windows DPI.

Safety Notes

• Do not delete SSL/cert volumes when wiping data.
• Production hardening still needed: DB backups, rate limiting, security headers (already in nginx), and restricted danger-zone endpoints.

Back to wiki home