admin/bodyshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deployed version of Documenso.

Browse Source
This commit is contained in:
Patrick Fic
2026-03-26 14:57:09 -07:00
parent 7dab60e3bc
commit 220b1c7968
7 changed files with 7041 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
documenso/terraform/README.md
View File

@@ -7,7 +7,7 @@ This Terraform stack deploys Documenso to AWS in `ca-central-1` using:
- S3 for document uploads and signed PDFs
- Application Load Balancer with ACM-managed TLS
- Route53 DNS for `esignature.imex.online`
- SES domain identity and DKIM records for outbound email
- Optional SES domain identity and DKIM management for outbound email
- Secrets Manager for generated application secrets, SMTP credentials, and the optional Documenso signing certificate
- AWS WAF with a basic managed rule set and rate limiting
- CloudWatch alarms for ALB, ECS, and RDS health indicators
@@ -35,19 +35,21 @@ This is the most practical fit for your Docker Compose workload if you want a ba
1. Your DNS for `imex.online` is hosted in Route53.
2. You want Multi-AZ RDS enabled from the start for database availability.
3. You are comfortable starting with `documenso/documenso:latest`. For repeatable deployments, pin a version or digest after your first rollout.
4. You will provide SES SMTP credentials. Terraform verifies the SES domain, but it does not derive SMTP passwords for you.
5. You will provide a base64-encoded PKCS#12 signing certificate and passphrase if you want document signing enabled immediately. This stack injects those values through Secrets Manager instead of mounting a host file.
6. You are comfortable with Terraform creating a dedicated IAM user and access key for Documenso S3 uploads because Documenso documents explicit S3 credentials for the upload backend.
7. You want Terraform destroy protection enabled for both the database and the uploads bucket.
4. You will provide SES SMTP credentials. Terraform does not derive SMTP passwords for you.
5. SES identity and DKIM might already be managed outside this stack. By default, this Terraform does not attempt to create them.
6. You will provide a base64-encoded PKCS#12 signing certificate and passphrase if you want document signing enabled immediately. This stack injects those values through Secrets Manager instead of mounting a host file.
7. You are comfortable with Terraform creating a dedicated IAM user and access key for Documenso S3 uploads because Documenso documents explicit S3 credentials for the upload backend.
8. You want Terraform destroy protection enabled for both the database and the uploads bucket.
## Deploy
1. Copy `terraform.tfvars.example` to `terraform.tfvars` and fill in the SMTP values.
2. If you want Documenso signing enabled, add `signing_certificate_base64` and `signing_certificate_passphrase`.
3. Optionally set `upload_bucket_name` if you want a specific S3 bucket name.
4. Run `terraform init`.
5. Run `terraform plan`.
6. Run `terraform apply`.
4. Set `manage_ses_resources = true` only if you want this stack to own SES identity verification and DKIM records.
5. Run `terraform init`.
6. Run `terraform plan`.
7. Run `terraform apply`.
## Recommended first production adjustments