Skip to content
Jetrepo
Esc
navigateopen⌘Jpreview
On this page

Storage and Redis

Connect Postgres, Redis, object storage, and signed image delivery.

The production stack stores CMS and authentication data in Postgres, files in object storage, and operational state in Redis. The Image service reads originals and stores generated results in the same object bucket.

Access

You need deployment-secret, container-network, and volume administration.

State and consumers

Service Production behavior
Postgres Stores authoritative CMS and authentication state in pgdata
Redis Uses authentication and AOF in redis_data; persists queues, delayed jobs, and delivery cache
Object storage Stores originals and generated images in minio_data; bucket objects are anonymously downloadable
Core API Uploads through the public S3_PUBLIC_URL endpoint and queues file processing
Worker Uses the public object endpoint and Redis jobs to complete file metadata processing
Image service Loads objects over the internal network and stores generated results under _imagor

Core API and Worker containers must resolve and reach S3_PUBLIC_URL. Test that hairpin or split-DNS path, not only browser access. The Image service uses the internal object endpoint instead.

Object setup attempts to create the bucket and anonymous-download policy, but its script can still exit 0 after a failed setup command and no application waits for it. Inspect the setup logs, then make an unauthenticated GET request for a non-sensitive test object before upload or image tests.

Check the services

docker compose -f docker-compose.prod.yaml ps -a
docker compose -f docker-compose.prod.yaml logs --tail=200

Redact credentials, signed URLs, cookies, personal data, and content before sharing logs. Compose status should show Postgres healthy, Redis healthy through its authenticated PONG check, and object setup exited 0.

Use a non-sensitive test image to verify the full path:

  1. Upload it through the Admin app.
  2. Wait for Worker-generated metadata to appear.
  3. Load its public original URL without credentials; anonymous download is expected.
  4. Request one named signed image transform and confirm the generated result loads.
  5. Inspect Worker and Image service logs if any stage fails.

A green database or Redis health check does not prove uploads or image transforms work.

Change and recovery limits

Changing bucket names or object credentials requires a tested, coordinated update of object storage, setup, Core API, Worker, and Image service. Changing the image signing secret requires Core API, Delivery API, and Image service to move together; reverting all three restores validation of older URLs.

Never delete named volumes to fix a credential or bucket mismatch. Redis loss can remove delayed or queued work even when content survives. Pub/Sub invalidation messages are transient and are lost across a Redis interruption or restore. Object credential rotation, AOF recovery, queue replay, public-endpoint hairpin routing, and coordinated original/generated-object restore have not been drilled by the project.

Was this page helpful?