kangwan/20260512-skg-tk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2954e58740eae38475c2d218f66daf1334112e9b
20260512-skg-tk/docs/deploy-vps.md

75 lines
2.0 KiB
Markdown
Raw Blame History

# SKG Marketing Studio VPS Deployment
Production domain:
- App: `https://marketing.skg.com`
- API: `https://marketing.skg.com/api`
Current VPS target:
- Host: `76.13.31.179`
- OS: Ubuntu 24.04
- Runtime: Docker Compose
- Public ingress: existing Coolify Traefik on ports 80/443
DNS:
```text
marketing.skg.com A 76.13.31.179
```
Do not run a host Nginx on ports 80/443. Those ports are already owned by Coolify / Traefik. This project publishes through Docker labels on the external `coolify` network.
## First Deploy
On the VPS:
```bash
mkdir -p /opt/skg-marketing-studio
cd /opt/skg-marketing-studio
cp deploy/.env.production.example deploy/.env.production
```
Fill `deploy/.env.production` with the real production keys. Keep this file out of git.
Create the production web login values in `deploy/.env.production`. Replace the password as needed and keep the session secret private:
```bash
WEB_AUTH_USERNAME=skg
WEB_AUTH_PASSWORD=change-this-password
WEB_AUTH_SESSION_SECRET=$(openssl rand -hex 32)
WEB_AUTH_COOKIE_NAME=skg_marketing_session
WEB_AUTH_COOKIE_SECURE=true
```
Then start:
```bash
docker compose -f docker-compose.prod.yml --env-file deploy/.env.production up -d --build
```
Verify:
```bash
curl -I https://marketing.skg.com
curl -I https://marketing.skg.com/login/
curl -i https://marketing.skg.com/api/health
docker compose -f docker-compose.prod.yml ps
```
## Update
Sync the repo to `/opt/skg-marketing-studio`, then run:
```bash
docker compose -f docker-compose.prod.yml --env-file deploy/.env.production up -d --build
```
## Runtime Notes
- `web` is a static Next export served by Nginx.
- `web` exposes `/login/` publicly. All workspace routes redirect to `/login/` until the FastAPI session cookie passes Nginx `auth_request`; `/api/` returns JSON 401 when unauthenticated and then proxies to `skg-marketing-api:4291` after login.
- `api` is only on the internal project network and stores jobs under `/data/jobs`.
- Server-side job files persist in `./data/jobs` on the VPS.
- Large uploads are allowed up to `2g` at the Nginx proxy layer.
Reference in New Issue View Git Blame Copy Permalink