some deployments worked out

deployment/remote_server_secure/compose.yml

@@ -0,0 +1,36 @@
+services:
+  tam3-db:
+    image: docker.io/dbob16/tam3-db:0.1.0
+    restart: always
+    environment:
+      MARIADB_RANDOM_ROOT_PASSWORD: 1
+      MARIADB_DATABASE: tam3
+      MARIADB_USER: tam3
+      MARIADB_PASSWORD: ${DB_PASSWORD}
+    volumes:
+      - "${DB_LOCATION}:/var/lib/mysql:rw,z"
+    healthcheck:
+      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+      start_period: 10s
+      interval: 10s
+      timeout: 5s
+      retries: 3
+  tam3-api:
+    image: docker.io/dbob16/tam3-api:0.1.0
+    restart: always
+    environment:
+      TAM3_DATA_PATH: /data
+      TAM3_DB_HOST: tam3-db
+      TAM3_DB_DATABASE: tam3
+      TAM3_DB_USER: tam3
+      TAM3_DB_PASSWD: ${DB_PASSWORD}
+    ports:
+      - "8000:80"
+  tam3-rp:
+    image: docker.io/nginx:stable
+    restart: always
+    ports:
+      - "8443:443"
+    volumes:
+      - "./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro,z"
+      - "./nginx/certs:/certs:ro,z"

deployment/remote_server_secure/docker_generate-key.sh

@@ -0,0 +1,5 @@
+read -p "Enter the name of the computer you plan to use the key on: " pcname
+
+docker compose exec tam3-api /app/key.py generate $pcname
+
+echo "Note the key above this line. You can use that for the computer."

deployment/remote_server_secure/docker_list-keys.sh

@@ -0,0 +1 @@
+docker compose exec tam3-api /app/key.py list

deployment/remote_server_secure/docker_start-server.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+mkdir -p nginx/certs
+echo "This part will ask you a bunch of questions for the self-signed cert. Answer them, I can't control it. For common name put the name or IP of the server which the clients can access it."
+openssl req -x509 -newkey rsa:4096 -keyout nginx/certs/nginx.key -out nginx/certs/nginx.crt -sha256 -days 3650 -nodes
+
+gen_password=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
+
+echo "DB_LOCATION=./tam3-db" > .env
+echo "DB_PASSWORD=${gen_password}" >> .env
+
+docker compose up -d

deployment/remote_server_secure/nginx/default.conf

@@ -0,0 +1,16 @@
+server {
+    listen 443 ssl default_server;
+
+    server_name _;
+
+    ssl_certificate /certs/nginx.crt;
+    ssl_certificate_key /certs/nginx.key;
+
+    location / {
+        proxy_pass http://tam3-api/;
+        proxy_set_header Host $host;
+        proxy_ssl_name $host;
+        proxy_ssl_server_name on;
+        proxy_ssl_session_reuse off;
+    }
+}

deployment/remote_server_secure/podman_generate-key.sh

@@ -0,0 +1,5 @@
+read -p "Enter the name of the computer you plan to use the key on: " pcname
+
+podman compose exec tam3-api /app/key.py generate $pcname
+
+echo "Note the key above this line. You can use that for the computer."

deployment/remote_server_secure/podman_list-keys.sh

@@ -0,0 +1 @@
+podman compose exec tam3-api /app/key.py list

deployment/remote_server_secure/podman_start-server.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+mkdir -p nginx/certs
+echo "This part will ask you a bunch of questions for the self-signed cert. Answer them, I can't control it. For common name put the name or IP of the server which the clients can access it."
+openssl req -x509 -newkey rsa:4096 -keyout nginx/certs/nginx.key -out nginx/certs/nginx.crt -sha256 -days 3650 -nodes
+
+gen_password=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
+
+echo "DB_LOCATION=./tam3-db" > .env
+echo "DB_PASSWORD=${gen_password}" >> .env
+
+podman compose up -d