Deploy QA and production with container image
Deploy Rediflow for QA or production using the pre-built container image from the GitLab registry. No local build required.
Use podman compose or docker compose — both work.
Registry image
Use the image registry.gitlab.com/rediflow_eu/rediflow with tag :latest or a version tag such as :v1.2.3. The compose files reference this image directly.
If the image is private, log in first:
podman login registry.gitlab.com
Where to place .env files
Place .env.qa or .env.prod in the same directory as the compose file. Compose reads env_file relative to the compose file location.
Compose variable substitution: The compose file builds DATABASE_URL from POSTGRES_USER, POSTGRES_PASSWORD, and POSTGRES_DB at parse time. Compose loads .env by default (not .env.qa or .env.prod). So either:
- Create a
.envfile withPOSTGRES_USER,POSTGRES_PASSWORD, andPOSTGRES_DB(copy or symlink from.env.qaor.env.prod), or - Source the env file before running:
set -a && source .env.qa && set +a && podman compose -f compose.deploy-qa.yml up -d
Option A — Run from repo root: Copy .env.qa.example to .env.qa (or .env.prod.example to .env.prod) in the project root. Create .env with the same POSTGRES_* values, or source .env.qa before running. Run podman compose from that directory.
Option B — Deployment directory: Create a directory (e.g. ~/rediflow-deploy or /opt/rediflow). Copy the compose file and .env.qa.example or .env.prod.example into it. Rename the example to .env.qa or .env.prod and edit it. Create .env with the same POSTGRES_* values, or source the env file before running. Run podman compose from that directory.
All feature flags on
The example files (.env.qa.example, .env.prod.example) enable all feature flags. You can disable any in your .env.qa or .env.prod as needed.
| Flag | Effect |
|---|---|
PERSON_CAPACITY_ENABLED=true |
People, Team, employee groups, assignments |
ROLE_DEMAND_ENABLED=true |
Role demand and Roles capacity views |
CAPACITY_REQUESTS_ENABLED=true |
Cross-organisation capacity requests |
SHARE_URL_FEATURE=true |
Share button for short links |
SHARE_URL_FEATURE_STATS=true |
Share link stats under Settings |
DEMAND_DEVIATION_ENABLED=true |
Realised vs planned on Capacity and Graph |
ALLOCATION_DEMAND_LOCK_ENABLED=true |
Allocation scope, month lock, project demand |
See Feature flags for details.
DATABASE_URL
For compose, use host db (the database service name). Example for QA:
DATABASE_URL=postgresql://rediflow:your-password@db:5432/rediflow_qa
Example for production:
DATABASE_URL=postgresql://rediflow:your-password@db:5432/rediflow
The compose file overrides DATABASE_URL from POSTGRES_* if those match.
QA deployment
-
Copy
.env.qa.exampleto.env.qaand setPOSTGRES_PASSWORD,SECRET_KEY, and any OIDC (OpenID Connect) variables. -
Start the stack:
podman compose -f compose.deploy-qa.yml up -d -
Run migrations:
podman compose -f compose.deploy-qa.yml run --rm app-qa rediflow migrate head -
(Optional) Seed country calendars (bundled fixture in image; idempotent):
podman compose -f compose.deploy-qa.yml run --rm app-qa rediflow seed-calendarsTo seed projects from an ODS file, see Seed projects and calendars.
App at http://localhost:5001.
Production deployment
-
Copy
.env.prod.exampleto.env.prodand set strongPOSTGRES_PASSWORD,SECRET_KEY, and any OIDC (OpenID Connect) variables. -
Start the stack:
podman compose -f compose.deploy-prod.yml up -d -
Run migrations:
podman compose -f compose.deploy-prod.yml run --rm app-prod rediflow migrate head -
(Optional) Seed country calendars (bundled fixture in image; idempotent):
podman compose -f compose.deploy-prod.yml run --rm app-prod rediflow seed-calendarsTo seed projects from an ODS file, see Seed projects and calendars.
App at http://localhost:5000.
QA or production with Authentik
To deploy with Authentik (OIDC login), use the Authentik overlay compose files. These add Redis, db-init-authentik, authentik-server, and authentik-worker. The app image remains registry.gitlab.com/rediflow_eu/rediflow:latest.
Add to .env.qa or .env.prod:
AUTHENTIK_SECRET_KEY— Generate withopenssl rand -base64 60AUTHENTIK_COOKIE_DOMAIN— Your QA/prod domain (e.g.qa.example.com,rediflow.example.com)
QA with Authentik:
podman compose -f compose.deploy-qa.yml -f compose.deploy-qa-authentik.yml up -d
Production with Authentik:
podman compose -f compose.deploy-prod.yml -f compose.deploy-prod-authentik.yml up -d
Migrations and seed commands use the same service names (app-qa, app-prod). After startup, complete Authentik initial setup at the Authentik UI (port 9000 for QA, or COMPOSE_PORT_HTTP), create the OIDC provider and application, then set OIDC_ISSUER, OIDC_CLIENT_ID, OIDC_CLIENT_SECRET in .env.qa or .env.prod and restart the app. See Authentik setup for details.
Stop (with Authentik):
# QA
podman compose -f compose.deploy-qa.yml -f compose.deploy-qa-authentik.yml down
# Production
podman compose -f compose.deploy-prod.yml -f compose.deploy-prod-authentik.yml down
Stop
# QA
podman compose -f compose.deploy-qa.yml down
# Production
podman compose -f compose.deploy-prod.yml down
See also
- Deploy on containerized Ubuntu desktop — Nested containers (LXD/LXC) with DB and app on same host
- Deploy on containerized Rocky Linux — Same for Rocky Linux 10.1
- Containers survive host reboot — Auto-start db and app after reboot
- QA verification — Verify deployment is healthy before handover to users
- Seed projects and calendars — Seed calendars and projects from ODS when using the container
- Configuration — Environment variables, load order
- Feature flags — Enable or disable features
- Initial data entry after deployment — First steps after deployment
- Database backup — Back up and restore PostgreSQL