Operational codebase for the Greater Horn of Africa FloodWatch platform.
This repository runs a containerized geospatial early warning stack made of:
- CMS (
eafw_cms) for content and geodata management (GeoManager/Wagtail) - API (
eafw_api) for public and internal flood data endpoints - Jobs (
eafw_jobs) for scheduled ingestion/sync from FTP, SFTP, Drive, and WRF sources - Map services (
eafw_mapserver,eafw_mapcache,pg_tileserv) and UI (eafw_mapviewer)
Use these compose files:
docker-compose.yml: local development and integration testingdocker-compose.staging.yml: staging deployment
- Docker Engine + Docker Compose plugin (
docker compose) - At least 8 GB RAM (16 GB recommended)
- 20+ GB free disk
cp .env.example .envEdit .env and set at minimum:
CMS_DB_PASSWORDSECRET_KEYFLOODPROOFS_SFTP_*credentialsENSEMBLE_FTP_*credentialsWRF_FTP_*credentials
If using Drive sync:
- put Google service account credentials at
eafw_jobs/credentials/google-credentials.json - set
DRIVE_FOLDER_ID
docker compose up --build -ddocker compose ps
curl -f http://127.0.0.1:9068/health
curl -f http://127.0.0.1:9069/health| Service | URL | Notes |
|---|---|---|
| Nginx entrypoint | http://127.0.0.1:9068 |
Main public gateway |
| CMS admin | http://127.0.0.1:9068/cms-admin |
Path controlled by ADMIN_URL_PATH |
| FastAPI docs (via nginx) | http://127.0.0.1:9068/api/docs |
Preferred public docs route |
| FastAPI direct | http://127.0.0.1:9069/api/docs |
Container direct exposure |
| MapServer | http://127.0.0.1:9065/mapserver/ |
Direct mapserver endpoint |
| MapCache | http://127.0.0.1:9066/mapcache/ |
Direct mapcache endpoint |
| pg_tileserv | http://127.0.0.1:9067/pg/tileserv/ |
Direct tiles endpoint |
docker compose logs -f
docker compose logs -f eafw_cms
docker compose logs -f eafw_api
docker compose logs -f eafw_jobsdocker compose down
docker compose restart eafw_cms eafw_api eafw_jobs# Default: sync mapfiles + restart map stack + smoke tests
scripts/manage_map_services.sh
# Full reset including mapcache tile cleanup
scripts/manage_map_services.sh --all-with-cache
# Staging-style run with explicit compose/env
scripts/manage_map_services.sh --compose-file docker-compose.staging.yml --env-file .env --all-with-cachedocker compose exec eafw_cms python manage.py migrate
docker compose exec eafw_cms python manage.py createsuperuserdocker compose exec eafw_jobs python -m pyfloodwatch.floodproofs_sync
docker compose exec eafw_jobs python -m pyfloodwatch.ensemble_sync
docker compose exec eafw_jobs python -m pyfloodwatch.wrf_rainfall_job# Backup (writes into ./backups and container /backups volume)
./scripts/db-dump.sh local
# Restore
./scripts/db-load.sh backups/<dump-file>.dumpeafw_cms/: CMS application and GeoManager packageeafw_api/: FastAPI serviceeafw_jobs/: scheduled ingestion/sync jobseafw_docker/: Dockerfiles, init SQL, nginx configeafw_mapserver/: MapServer resourceseafw_mapviewer/: frontend map viewerscripts/: operational scripts (backup/restore, fixes, utilities)docs/: architecture and reference documentation
Note on naming:
eafw_jobs/= jobs source codeeafw-jobs/= runtime data/log directory kept for uniform naming
Run:
bash scripts/fix-staging-cms-login.sh- confirm
.envhas validFLOODPROOFS_SFTP_*,ENSEMBLE_FTP_*, andWRF_FTP_* - if
SYNC_SOURCE=drive, verifyDRIVE_FOLDER_IDand credential file path
Check nginx routing and API container health:
docker compose logs -f eafw_nginx eafw_apidocs/API_DOCUMENTATION.mddocs/FLOODWATCH_API_DOCUMENTATION.mddocs/SIMPLIFIED_FRONTEND_ARCHITECTURE.mddocs/STAGING_DEPLOYMENT.md(legacy notes may exist; validate against current compose files)
- Never commit
.envwith real credentials. - Rotate any secret if it was previously exposed.
- Use strong unique values for
SECRET_KEYand external credential fields.