likwid/docs/admin/installation.md

# Installation Guide

This guide covers deploying Likwid for production use.

## Requirements

- **PostgreSQL 16+**
- **Rust 1.75+** (for building backend)
- **Node.js 20+** (for building frontend)
- **Container runtime** (Podman or Docker) - optional but recommended

## Quick Start with Containers

### 1. Clone the Repository

```bash
git clone https://codeberg.org/likwid/likwid.git
cd likwid
```

### 2. Configure Environment

```bash
cp compose/.env.production.example compose/.env.production
# Edit .env.production with your settings
```

Required settings:

- `POSTGRES_PASSWORD` - Strong database password
- `JWT_SECRET` - Random 64+ character string

### 3. Deploy

```bash
cd compose
podman compose --env-file .env.production -f production.yml up -d
```

### 4. Access

- Frontend: <http://localhost:4321>
- Backend API: <http://localhost:3000>

## Manual Installation

### Backend

```bash
cd backend

# Install dependencies and build
cargo build --release

# Run migrations
export DATABASE_URL="postgres://user:pass@localhost/likwid"
sqlx migrate run

# Start server
./target/release/likwid
```

### Frontend

```bash
cd frontend

# Install dependencies
npm ci

# Build for production
npm run build

# Start server
node ./dist/server/entry.mjs
```

## Configuration Files

|File|Purpose|
|---|---|
|`compose/production.yml`|Production container deployment|
|`compose/demo.yml`|Demo instance deployment|
|`compose/.env.production.example`|Environment template|
|`backend/.env`|Backend configuration|

## Reverse Proxy

For production, use a reverse proxy (nginx, Caddy) with:

- HTTPS termination
- WebSocket support (for real-time features)
- Proper headers
- HSTS (set on the reverse proxy)

If you want per-IP rate limiting to use `X-Forwarded-For` / `X-Real-IP`, set `TRUSTED_PROXY_IPS` to the reverse proxy IP(s) (loopback is trusted by default).

Example nginx config:

```nginx
server {
    listen 443 ssl http2;
    server_name likwid.example.org;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://127.0.0.1:4321;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /api {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
```

## Next Steps

## First Admin Bootstrap (no manual DB edits)

After the containers are running, you must create the first platform admin and complete the web setup flow.

1. Open the site in your browser.
2. Register the **first** user account at `/register`.
   - The first registered user is automatically granted platform admin permissions.
3. Visit `/setup`.
4. Complete instance setup:
   - Set the platform name.
   - Choose a platform mode.
   - If using **Single Community** mode, provide the community name.
5. After setup completes:
   - Configure instance settings at `/admin/settings`.
   - Create or browse communities at `/communities`.

- [Configuration](configuration.md) - Detailed settings
- [Database](database.md) - Database management
- [Security](security.md) - Hardening your instance