Skip to main content
This guide walks through deploying CometChat on-premise to a Docker Swarm cluster. The deployment process uses automated scripts to ensure consistent, repeatable deployments with proper service orchestration and zero-downtime updates. Deployment Overview:
  • Initialize Docker Swarm cluster for container orchestration
  • Deploy all services using infrastructure-as-code approach
  • Configure domain mappings and TLS certificates
  • Validate deployment health across all components
  • Establish operational procedures for updates and maintenance
Prerequisites:
  • Infrastructure meeting hardware requirements
  • Docker Engine >= 24 installed on all nodes
  • Network connectivity between cluster nodes
  • Domain names configured and DNS records pointing to your cluster
  • TLS/SSL certificates for HTTPS endpoints

Initialize Docker Swarm (manager node)

Docker Swarm provides native clustering and orchestration for Docker containers. Initialize Swarm on your primary manager node:
Expected output: You should see one node listed with STATUS “Ready” and MANAGER STATUS showing “Leader”. Multi-node clusters: For high availability, add additional manager and worker nodes:
High availability recommendations:
  • Deploy 3 or 5 manager nodes (odd numbers for quorum)
  • Distribute manager nodes across availability zones when possible
  • Use worker nodes for application workloads, managers for orchestration only

Clone the repository

Clone the CometChat on-premise repository to access deployment scripts and configuration files:
To access the repository, contact us.

Deploy the complete infrastructure

Run the following from the repository root on the Swarm manager node:
What the deployment script does:
  1. Initializes required Docker volumes for persistent data
  2. Creates secure overlay networks for service communication
  3. Deploys all services defined in docker-compose.yml with proper dependencies
  4. Starts components in the correct order (data stores → backend services → frontend)
  5. Applies health checks and restart policies
Deployment time: Initial deployment typically takes 5-10 minutes depending on image pull speeds and cluster size. Monitoring deployment progress:
Deployment validation: After deployment completes, verify all services are running:

NGINX reverse proxy

NGINX serves as the edge layer, handling TLS termination, API routing, WebSocket protocol upgrades, and proxy buffering for optimal performance. Configuration files to update: Each service has a dedicated NGINX configuration file that must be updated with your production domain:
  • chatapi.conf - Chat API routing and WebSocket upgrade rules
  • extensions.conf - Extensions API routing
  • mgmtapi.conf - Management API routing
  • notifications.conf - Notifications service routing
  • dashboard.conf - Frontend dashboard routing
  • globalwebhooks.conf - Webhooks service routing
  • moderation.conf - Moderation service routing
  • websocket.conf - WebSocket gateway routing
Key NGINX responsibilities:
  • TLS/SSL Termination: Decrypt HTTPS traffic at the edge, communicate with backend services over encrypted overlay network
  • Load Balancing: Distribute requests across service replicas using round-robin or least-connections algorithms
  • WebSocket Upgrades: Handle HTTP to WebSocket protocol upgrades for real-time connections
  • Request Buffering: Buffer client requests to protect backend services from slow clients
  • Rate Limiting: Protect services from abuse and DDoS attacks (configure as needed)
TLS certificate configuration: Place your TLS certificates in the NGINX configuration directory and reference them in each .conf file:
Important: Reload NGINX after updating certificates to apply changes without downtime:
Security recommendations:
  • Use TLS 1.2 or higher only
  • Configure strong cipher suites
  • Enable HSTS (HTTP Strict Transport Security)
  • Implement rate limiting for public endpoints

Domain configuration

Deployments require updating domain references across multiple services and configuration files. Replace all instances of <your-domain> with your actual domain. Services requiring domain configuration:
  • Chat API - Core messaging service endpoints
  • Management API - Administrative and configuration endpoints
  • Extensions - Custom extension endpoints
  • Notifications - Push notification service
  • Moderation - Content moderation service
  • Webhooks - Outbound webhook delivery
  • Data Sync Service - Data synchronization
  • NGINX - Reverse proxy routing rules
Critical alignment: Ensure the WebSocket host configured in Chat API matches your chosen domain exactly (e.g., websocket.chat.example.com). Mismatched domains will cause WebSocket connection failures. Configuration checklist:
  1. Update all service environment variables with your domains
  2. Update NGINX configuration files with matching domains
  3. Verify DNS records point to your cluster load balancer
  4. Configure TLS certificates for all public-facing domains
  5. Test domain resolution from external networks
Example domain structure:
Note: Ensure consistency across all configuration files and DNS records. For detailed environment variable mappings, see the Configuration Reference.

Useful commands (Swarm operations)

General service management

Stack operations

Troubleshooting commands

Health check endpoints

After deployment, verify all services are healthy by checking their health endpoints: Replace example.com with your actual domain. Health check validation:
Expected responses:
  • HTTP 200 status code indicates healthy service
  • HTTP 503 or connection errors indicate service issues requiring investigation
Automation: Health checks should be integrated into monitoring and automated validation scripts. See the Monitoring guide for comprehensive health monitoring setup.