Production Infrastructure
This guide covers how TUMApply is deployed to the testserver and production environments.
Docker Setup
TUMApply uses Docker Compose for server deployments. The configuration files are located in the docker/ directory:
| File | Purpose |
|---|---|
docker/compose.yaml | Testserver deployment (MySQL + TUMApply + Nginx) |
docker/compose-prod.yaml | Production deployment (MySQL + TUMApply + Nginx) |
docker/mysql.env | MySQL environment variables (local defaults) |
docker/tumapply.env | TUMApply environment variables (local defaults) |
Both compose files run the full stack:
- MySQL — database with UTF-8 support
- TUMApply — the application image pulled from
ghcr.io/ls1intum/tum-apply - Nginx — reverse proxy with SSL termination using TUM certificates
Environment Variables & Secrets
The .env files in the docker/ directory (mysql.env, tumapply.env) contain local defaults only. On the testserver and production, these values are overwritten by GitHub Variables and Secrets configured in the repository settings.
All sensitive configuration (database credentials, API keys, etc.) must be managed via GitHub Secrets — never commit secrets to the repository.
Deployment Workflows
Both testserver and production deployments are triggered via Helios, which in the background triggers GitHub Actions workflows.
| Testserver | Production | |
|---|---|---|
| Compose file | docker/compose.yaml | docker/compose-prod.yaml |
| URL | tumapply-test.aet.cit.tum.de | tumapply.aet.cit.tum.de |
| Workflow | deploy-to-testserver.yml | deploy-to-production.yml |
| Deployed via | Helios (by developers) | Helios (by admins) |
| Purpose | Testing PR branches | Live application |
Both workflows:
- Take a branch name and target environment as input
- Use the respective compose file
- Deploy to
/opt/tum-applyon the target vm
Production deployments should only be triggered by an admin after thorough testing on the testserver.