# SKG Marketing Studio VPS Deployment Production domain: - App: `https://marketing.skg.com` - API: `https://marketing.skg.com/api` Current VPS target: - Host: `76.13.31.179` - OS: Ubuntu 24.04 - Runtime: Docker Compose - Public ingress: existing Coolify Traefik on ports 80/443 DNS: ```text marketing.skg.com A 76.13.31.179 ``` Do not run a host Nginx on ports 80/443. Those ports are already owned by Coolify / Traefik. This project publishes through Docker labels on the external `coolify` network. ## First Deploy On the VPS: ```bash mkdir -p /opt/skg-marketing-studio cd /opt/skg-marketing-studio cp deploy/.env.production.example deploy/.env.production ``` Fill `deploy/.env.production` with the real production keys. Keep this file out of git. Create the production web login values in `deploy/.env.production`. Replace the password as needed and keep the session secret private: ```bash WEB_AUTH_USERNAME=skg WEB_AUTH_PASSWORD=change-this-password WEB_AUTH_SESSION_SECRET=$(openssl rand -hex 32) WEB_AUTH_COOKIE_NAME=skg_marketing_session WEB_AUTH_COOKIE_SECURE=true ``` Then start: ```bash docker compose -f docker-compose.prod.yml --env-file deploy/.env.production up -d --build ``` Verify: ```bash curl -I https://marketing.skg.com curl -I https://marketing.skg.com/login/ curl -i https://marketing.skg.com/api/health docker compose -f docker-compose.prod.yml ps ``` ## Update Sync the repo to `/opt/skg-marketing-studio`, then run: ```bash docker compose -f docker-compose.prod.yml --env-file deploy/.env.production up -d --build ``` ## Runtime Notes - `web` is a static Next export served by Nginx. - `web` exposes `/login/` publicly. All workspace routes redirect to `/login/` until the FastAPI session cookie passes Nginx `auth_request`; `/api/` returns JSON 401 when unauthenticated and then proxies to `skg-marketing-api:4291` after login. - `api` is only on the internal project network and stores jobs under `/data/jobs`. - Server-side job files persist in `./data/jobs` on the VPS. - Large uploads are allowed up to `2g` at the Nginx proxy layer.