Podman Deployment

Podman allows for running the Payment Gateway stack entirely without root privileges (rootless). Combined with systemd integration, it provides an excellent choice for robust production Linux deployments.

Prerequisites

• Modern Linux kernel (e.g. Ubuntu 22.04+, RHEL 9+)
• Podman 4.0+ and systemd with Quadlet (the deploy scripts generate per-service Quadlet units, not a podman-compose stack)
• Typical utilities used by the scripts: git, curl, jq, openssl
• A dedicated non-root user (e.g. pgw-user) with linger enabled (loginctl enable-linger pgw-user)

Security Context

Because the stack runs rootless, applications like MongoDB and caching run without elevated permissions, substantially reducing the attack surface.

Quick Start

1. SSH into the server as your dedicated non-root user.
2. Clone the repository and navigate to the Podman folder:

   git clone https://github.com/root-sector-ltd-and-co-kg/payment-gateway-deploy
   cd payment-gateway-deploy/podman

3. Prepare the environment (see Configuration Requirements for setting up MongoDB TLS and registry token-service authorization).
4. Run the deploy script:

   ./deploy.sh

Systemd Integration

The deploy.sh script installs Quadlet unit files under your user session. All application services are wired into a single target unit.

Manage the stack with systemctl --user:

• Check aggregate status: systemctl --user status payment-gateway-app.target
• Follow logs for everything in the target: journalctl --user -f -u payment-gateway-app.target
• Stop the stack: systemctl --user stop payment-gateway-app.target
• Restart one service: systemctl --user restart payment-gateway-admin-backend (use the same basename as the Quadlet unit, e.g. payment-gateway-main-worker)

Updates can be scheduled with Linux timers. Use the Updates & Automation guide and run bash ./scripts/update.sh --engine podman from the repository root (routine upgrades use RELEASE_METADATA_URL and do not require git pull).