Spaces:
Sleeping
Sleeping
Update README.md
Browse files
README.md
CHANGED
|
@@ -6,5 +6,252 @@ colorTo: indigo
|
|
| 6 |
sdk: docker
|
| 7 |
pinned: false
|
| 8 |
---
|
|
|
|
| 9 |
|
| 10 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
sdk: docker
|
| 7 |
pinned: false
|
| 8 |
---
|
| 9 |
+
# Penpot Self-Hosting Guide
|
| 10 |
|
| 11 |
+
## ⚠️ IMPORTANT: Hugging Face Spaces Limitations
|
| 12 |
+
|
| 13 |
+
**Hugging Face Spaces is NOT recommended for hosting Penpot** because:
|
| 14 |
+
|
| 15 |
+
1. **No Docker-in-Docker support** - Spaces doesn't support running Docker containers inside containers
|
| 16 |
+
2. **Multi-container limitations** - Penpot requires 5+ services (frontend, backend, exporter, PostgreSQL, Valkey/Redis)
|
| 17 |
+
3. **Resource constraints** - Free Spaces have limited CPU, RAM, and storage
|
| 18 |
+
4. **Persistence issues** - Spaces may reset storage, losing user data
|
| 19 |
+
5. **Networking complexity** - Inter-service communication is challenging
|
| 20 |
+
|
| 21 |
+
## Recommended Deployment Methods
|
| 22 |
+
|
| 23 |
+
### 1. **Official Docker Compose (Recommended)**
|
| 24 |
+
|
| 25 |
+
For self-hosting on your own server or VPS:
|
| 26 |
+
|
| 27 |
+
```bash
|
| 28 |
+
# Download docker-compose.yaml
|
| 29 |
+
wget https://raw.githubusercontent.com/penpot/penpot/main/docker/images/docker-compose.yaml
|
| 30 |
+
|
| 31 |
+
# Generate a secure secret key
|
| 32 |
+
python3 -c "import secrets; print(secrets.token_urlsafe(64))"
|
| 33 |
+
|
| 34 |
+
# Edit docker-compose.yaml and update:
|
| 35 |
+
# - PENPOT_SECRET_KEY with the generated key
|
| 36 |
+
# - PENPOT_PUBLIC_URI with your domain (e.g., https://penpot.yourdomain.com)
|
| 37 |
+
# - Remove 'disable-secure-session-cookies' and 'disable-email-verification' flags for production
|
| 38 |
+
|
| 39 |
+
# Start Penpot
|
| 40 |
+
docker compose -p penpot -f docker-compose.yaml up -d
|
| 41 |
+
|
| 42 |
+
# Access Penpot at http://localhost:9001
|
| 43 |
+
```
|
| 44 |
+
|
| 45 |
+
### 2. **Elestio (One-Click Hosting)**
|
| 46 |
+
|
| 47 |
+
Elestio provides managed Penpot hosting with:
|
| 48 |
+
- Automatic updates
|
| 49 |
+
- SSL certificates
|
| 50 |
+
- Backups
|
| 51 |
+
- Monitoring
|
| 52 |
+
|
| 53 |
+
Visit: https://elest.io/open-source/penpot
|
| 54 |
+
|
| 55 |
+
### 3. **Official SaaS**
|
| 56 |
+
|
| 57 |
+
Use the official hosted version at: https://design.penpot.app
|
| 58 |
+
|
| 59 |
+
## Docker Compose Configuration
|
| 60 |
+
|
| 61 |
+
The included `docker-compose.yaml` file contains 6 services:
|
| 62 |
+
|
| 63 |
+
1. **penpot-frontend** - Web interface (port 9001)
|
| 64 |
+
2. **penpot-backend** - API server
|
| 65 |
+
3. **penpot-exporter** - Export/rendering service
|
| 66 |
+
4. **penpot-postgres** - Database
|
| 67 |
+
5. **penpot-valkey** - Cache/WebSocket notifications
|
| 68 |
+
6. **penpot-mailcatch** - Email testing (port 1080)
|
| 69 |
+
|
| 70 |
+
### Key Configuration Options
|
| 71 |
+
|
| 72 |
+
```yaml
|
| 73 |
+
# Security (REQUIRED for production)
|
| 74 |
+
PENPOT_SECRET_KEY: "your-random-512-bit-key-here"
|
| 75 |
+
PENPOT_PUBLIC_URI: "https://penpot.yourdomain.com"
|
| 76 |
+
|
| 77 |
+
# Flags (adjust for production)
|
| 78 |
+
PENPOT_FLAGS: |
|
| 79 |
+
enable-smtp
|
| 80 |
+
enable-prepl-server
|
| 81 |
+
login-with-password
|
| 82 |
+
registration
|
| 83 |
+
|
| 84 |
+
# Remove these for production:
|
| 85 |
+
# disable-email-verification
|
| 86 |
+
# disable-secure-session-cookies
|
| 87 |
+
```
|
| 88 |
+
|
| 89 |
+
### Creating Admin Users
|
| 90 |
+
|
| 91 |
+
```bash
|
| 92 |
+
# Create a new user (when registration is disabled)
|
| 93 |
+
docker exec -ti penpot-penpot-backend-1 python3 manage.py create-profile
|
| 94 |
+
|
| 95 |
+
# Skip onboarding
|
| 96 |
+
docker exec -ti penpot-penpot-backend-1 python3 manage.py create-profile --skip-tutorial --skip-walkthrough
|
| 97 |
+
```
|
| 98 |
+
|
| 99 |
+
## HTTPS Setup (Required for Production)
|
| 100 |
+
|
| 101 |
+
### Example NGINX Configuration
|
| 102 |
+
|
| 103 |
+
```nginx
|
| 104 |
+
server {
|
| 105 |
+
listen 443 ssl;
|
| 106 |
+
server_name penpot.yourdomain.com;
|
| 107 |
+
|
| 108 |
+
client_max_body_size 31457280;
|
| 109 |
+
|
| 110 |
+
ssl_certificate /path/to/fullchain.pem;
|
| 111 |
+
ssl_certificate_key /path/to/privkey.pem;
|
| 112 |
+
|
| 113 |
+
# WebSockets
|
| 114 |
+
location /ws/notifications {
|
| 115 |
+
proxy_set_header Upgrade $http_upgrade;
|
| 116 |
+
proxy_set_header Connection 'upgrade';
|
| 117 |
+
proxy_pass http://localhost:9001/ws/notifications;
|
| 118 |
+
}
|
| 119 |
+
|
| 120 |
+
# Proxy pass
|
| 121 |
+
location / {
|
| 122 |
+
proxy_set_header Host $http_host;
|
| 123 |
+
proxy_set_header X-Real-IP $remote_addr;
|
| 124 |
+
proxy_set_header X-Scheme $scheme;
|
| 125 |
+
proxy_set_header X-Forwarded-Proto $scheme;
|
| 126 |
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
| 127 |
+
proxy_pass http://localhost:9001/;
|
| 128 |
+
}
|
| 129 |
+
}
|
| 130 |
+
```
|
| 131 |
+
|
| 132 |
+
## Email Configuration (Production)
|
| 133 |
+
|
| 134 |
+
Replace the mailcatch service with real SMTP settings:
|
| 135 |
+
|
| 136 |
+
```yaml
|
| 137 |
+
PENPOT_SMTP_DEFAULT_FROM: noreply@yourdomain.com
|
| 138 |
+
PENPOT_SMTP_DEFAULT_REPLY_TO: support@yourdomain.com
|
| 139 |
+
PENPOT_SMTP_HOST: smtp.yourmailprovider.com
|
| 140 |
+
PENPOT_SMTP_PORT: 587
|
| 141 |
+
PENPOT_SMTP_USERNAME: your-username
|
| 142 |
+
PENPOT_SMTP_PASSWORD: your-password
|
| 143 |
+
PENPOT_SMTP_TLS: true
|
| 144 |
+
PENPOT_SMTP_SSL: false
|
| 145 |
+
```
|
| 146 |
+
|
| 147 |
+
## Storage Options
|
| 148 |
+
|
| 149 |
+
### Local Filesystem (Default)
|
| 150 |
+
|
| 151 |
+
```yaml
|
| 152 |
+
PENPOT_ASSETS_STORAGE_BACKEND: assets-fs
|
| 153 |
+
PENPOT_STORAGE_ASSETS_FS_DIRECTORY: /opt/data/assets
|
| 154 |
+
```
|
| 155 |
+
|
| 156 |
+
### S3-Compatible Storage
|
| 157 |
+
|
| 158 |
+
```yaml
|
| 159 |
+
PENPOT_ASSETS_STORAGE_BACKEND: assets-s3
|
| 160 |
+
PENPOT_STORAGE_ASSETS_S3_ENDPOINT: https://s3.amazonaws.com
|
| 161 |
+
PENPOT_STORAGE_ASSETS_S3_BUCKET: your-bucket-name
|
| 162 |
+
AWS_ACCESS_KEY_ID: your-access-key
|
| 163 |
+
AWS_SECRET_ACCESS_KEY: your-secret-key
|
| 164 |
+
```
|
| 165 |
+
|
| 166 |
+
## Backup and Restore
|
| 167 |
+
|
| 168 |
+
### Backup Volumes
|
| 169 |
+
|
| 170 |
+
```bash
|
| 171 |
+
# Backup PostgreSQL data
|
| 172 |
+
docker run --rm -v penpot_postgres_v15:/data -v $(pwd):/backup ubuntu tar czf /backup/postgres-backup.tar.gz /data
|
| 173 |
+
|
| 174 |
+
# Backup assets
|
| 175 |
+
docker run --rm -v penpot_assets:/data -v $(pwd):/backup ubuntu tar czf /backup/assets-backup.tar.gz /data
|
| 176 |
+
```
|
| 177 |
+
|
| 178 |
+
### Restore Volumes
|
| 179 |
+
|
| 180 |
+
```bash
|
| 181 |
+
# Restore PostgreSQL
|
| 182 |
+
docker run --rm -v penpot_postgres_v15:/data -v $(pwd):/backup ubuntu tar xzf /backup/postgres-backup.tar.gz -C /
|
| 183 |
+
|
| 184 |
+
# Restore assets
|
| 185 |
+
docker run --rm -v penpot_assets:/data -v $(pwd):/backup ubuntu tar xzf /backup/assets-backup.tar.gz -C /
|
| 186 |
+
```
|
| 187 |
+
|
| 188 |
+
## Updating Penpot
|
| 189 |
+
|
| 190 |
+
```bash
|
| 191 |
+
# Pull latest images
|
| 192 |
+
docker compose -f docker-compose.yaml pull
|
| 193 |
+
|
| 194 |
+
# Restart with new images
|
| 195 |
+
docker compose -p penpot -f docker-compose.yaml up -d
|
| 196 |
+
```
|
| 197 |
+
|
| 198 |
+
**Important**: Update incrementally (e.g., 2.0 → 2.1 → 2.2) rather than jumping versions.
|
| 199 |
+
|
| 200 |
+
## System Requirements
|
| 201 |
+
|
| 202 |
+
### Minimum
|
| 203 |
+
- 2 CPU cores
|
| 204 |
+
- 4 GB RAM
|
| 205 |
+
- 20 GB storage
|
| 206 |
+
- Docker 20.10+
|
| 207 |
+
- Docker Compose 2.0+
|
| 208 |
+
|
| 209 |
+
### Recommended
|
| 210 |
+
- 4 CPU cores
|
| 211 |
+
- 8 GB RAM
|
| 212 |
+
- 50+ GB storage (depends on usage)
|
| 213 |
+
|
| 214 |
+
## Troubleshooting
|
| 215 |
+
|
| 216 |
+
### Check logs
|
| 217 |
+
```bash
|
| 218 |
+
docker compose -p penpot -f docker-compose.yaml logs -f
|
| 219 |
+
```
|
| 220 |
+
|
| 221 |
+
### Check specific service
|
| 222 |
+
```bash
|
| 223 |
+
docker compose -p penpot -f docker-compose.yaml logs -f penpot-backend
|
| 224 |
+
```
|
| 225 |
+
|
| 226 |
+
### Database connection issues
|
| 227 |
+
```bash
|
| 228 |
+
# Check PostgreSQL is healthy
|
| 229 |
+
docker exec penpot-penpot-postgres-1 pg_isready -U penpot
|
| 230 |
+
```
|
| 231 |
+
|
| 232 |
+
### Access mailcatch (for testing emails)
|
| 233 |
+
Visit: http://localhost:1080
|
| 234 |
+
|
| 235 |
+
## Security Checklist for Production
|
| 236 |
+
|
| 237 |
+
- [ ] Generate and set a secure `PENPOT_SECRET_KEY`
|
| 238 |
+
- [ ] Remove `disable-email-verification` flag
|
| 239 |
+
- [ ] Remove `disable-secure-session-cookies` flag
|
| 240 |
+
- [ ] Set up HTTPS with valid SSL certificates
|
| 241 |
+
- [ ] Configure real SMTP server (not mailcatch)
|
| 242 |
+
- [ ] Change default PostgreSQL password
|
| 243 |
+
- [ ] Set up regular backups
|
| 244 |
+
- [ ] Configure firewall rules
|
| 245 |
+
- [ ] Enable only necessary authentication methods
|
| 246 |
+
- [ ] Set up monitoring and logging
|
| 247 |
+
|
| 248 |
+
## Additional Resources
|
| 249 |
+
|
| 250 |
+
- Official Documentation: https://help.penpot.app/technical-guide/
|
| 251 |
+
- Configuration Guide: https://help.penpot.app/technical-guide/configuration/
|
| 252 |
+
- Community Forum: https://community.penpot.app/
|
| 253 |
+
- GitHub Repository: https://github.com/penpot/penpot
|
| 254 |
+
|
| 255 |
+
## License
|
| 256 |
+
|
| 257 |
+
Penpot is open source software licensed under the Mozilla Public License Version 2.0.
|