payment-gateway.app Docs
Deployment

Deployment Overview

Overview of the deployment methods and integration.

Deployment Overview

Deploying the Payment Gateway App is based on the customer deployment repository and containerized services. Customers normally choose one of two supported runtime modes: Docker Compose or rootless Podman.

If you are installing the stack for the first time as a customer, start with Self-Hosted Installation. The deployment pages in this section are the deeper operational references for each platform after you know the required domains, license access flow, activation order, and update workflow.

For the hosted *.payment-gateway.app subdomains and how they map to ADMIN_FRONTEND_DOMAIN, ADMIN_BACKEND_DOMAIN, MAIN_FRONTEND_DOMAIN, and MAIN_BACKEND_DOMAIN, see Hostnames & DNS conventions. After the stack is up, custom server integrations should follow Server integration checklist.

Choose Your Platform

PlatformBest ForGuide
PodmanLinux servers, secure rootless deployment, systemd integration.Podman Deployment
Docker ComposeAny OS (Linux, Windows, macOS), traditional Docker setups.Docker Compose Deployment

The deployment scripts automatically handle environment detection, service orchestration, and image pulling.

Quick Setup Journey

Regardless of your chosen platform, the journey looks similar:

  1. Clone the deployment repository:
    git clone https://github.com/root-sector-ltd-and-co-kg/payment-gateway-deploy
    cd payment-gateway-deploy
  2. Prepare your domains and deployment access credentials using the Self-Hosted Installation guide.
  3. Choose your platform directory (podman/ or docker-compose/) and run ./deploy.sh.

Automation and Upgrades

Customer-facing automation is provided by the scripts in payment-gateway-deploy: the deploy scripts, updater, rollback helper, diagnostics, scheduled update timers, and backup runbooks.

Maintaining the platform is built in:

  • Unified Updater: Easily update versions with ./scripts/update.sh --engine <docker-compose|podman> --channel stable.
  • Systemd Timers: Setup automated weekly updates on Linux platforms.
  • Backup & Recovery Runbook: Follow a clear GDPR-oriented backup/restore flow in Backup & Recovery (GDPR).
  • Data Protection Guide: Use the end-to-end self-hosted checklist in Data Protection Guide.
  • Shared Responsibility: Clarify operator vs platform controls in Shared Responsibility Matrix.
  • Retention Decisions: Use practical policy presets in Retention Policy Playbook.
  • Audit Readiness: Track control evidence with Evidence & Audit Checklist.
  • Data Protection Model: Review processed data, encryption scopes, and supported KMS providers in Data Processing & Encryption.
  • Release Security Transparency: Review the release artifact contract for SBOMs, vulnerability reports, policy results, checksums, and provenance evidence.
  • Release notes (changelog pages): See the dedicated Releases section in the docs sidebar.

Important: the updater resolves releases from RELEASE_METADATA_URL, not from a checked-out local manifest file. Refreshing the deploy repository alone does not make a newly released version available if the remote metadata for that deployment has not been published yet.

Read more in the specific deployment pages on the left.

On this page